Date: Fri, 13 Aug 2010 17:54:46 -0400 From: Henry Graterol <hgratp@gmail.com> To: freebsd-net@freebsd.org Subject: PF+OpenVPN+tap Message-ID: <4C65BF26.8080507@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, Before I start let me state that I am not an expert on freebsd, I do enjoy it and consider it a hobby, and love it! I have a problem. I use a freebsd server behind a router/gateway to connect clients with openvpn. I started to notice weird traffic so I decided to try PF to control traffic. My openvpn setup uses a tap adapter and a bridge adapter bridging the vpnclient_ips and the server_ip. Without PF everything works fine, so no problem there. When I activate PF I can establish connection to the server_ip from outside thru the vpn but I can not ping, connect to clients or the internet. After trial and error the setup that worked for me was to skip filter on bridge0 and tap0. With this in my configuration vpn worked as before. Now the problem, when I reboot the system my vpn allows connections but repeats the past scenario (no ping, connection to clients, internet, etc) The fix I have found is to let the system reboot and then issue a pfctl -f /etc/pf.conf to reload the rules. Then everything works again. My guest is that PF is loading before the bridge and tap adapters come up so that is somehow skipped from loading. My tap connection is set up to come up from a script when it gets a connection from openvpn. Is this a correct guest? What else could be the problem? Thank you in advance for your feedback!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C65BF26.8080507>