From owner-freebsd-questions@FreeBSD.ORG Tue Jan 20 09:16:30 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 366C1F3B for ; Tue, 20 Jan 2015 09:16:30 +0000 (UTC) Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E4864DDD for ; Tue, 20 Jan 2015 09:16:29 +0000 (UTC) Received: by mail-yk0-f172.google.com with SMTP id q9so6378877ykb.3 for ; Tue, 20 Jan 2015 01:16:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hRPfRtHufw0CMGR+jQnDsDjR2UoKjGJldDFPukVVpnY=; b=qVFnnU8K+ltY3sqc9f6i8oplUlcWXxVea3Elw2GJDmod5L1DxyAzRmtYHcdAjx8/cg vwsGW2SsZWmFXUv6HsQt/R/+JSGNvsoWtdA5YqawW3Y0ZKixeEzkE7dUtY+TU5ZZ8WT7 y7op/Zzs+3iHlg++MYxYNfX63hOrT+sKh9ih63TazEJt/EPhep1ZQugt+U3O+IGW821p aRiBbRyBKGpX+PbyxgqHARuSHvJ0RZM27S/y9CjtNgnc7erlTXVeXNyZD7qclhTdpZf4 Ifxgc+Rg6m/vwyYpa26CHl/+jquGE92VMzGlIKZUfRitg6+AlLfohrKH47baDbXxQE3Y fs8A== MIME-Version: 1.0 X-Received: by 10.236.105.227 with SMTP id k63mr9654506yhg.100.1421745389074; Tue, 20 Jan 2015 01:16:29 -0800 (PST) Received: by 10.170.188.144 with HTTP; Tue, 20 Jan 2015 01:16:29 -0800 (PST) In-Reply-To: <20150120101144.735f0b67@helium> References: <20150120101144.735f0b67@helium> Date: Tue, 20 Jan 2015 09:16:29 +0000 Message-ID: Subject: Re: A way to load PF rules at startup using OpenVPN From: krad To: Maciej Suszko Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: Panagiotis Atmatzidis , FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2015 09:16:30 -0000 put this in your rc conf it may help cloned_interfaces=3D"tun0" that will create the interface early on way before openvpn is spawned. You may need to force openvpn to use tun0 as it might try to create tun1 On 20 January 2015 at 09:11, Maciej Suszko wrote: > On Mon, 19 Jan 2015 18:53:40 +0200 > Panagiotis Atmatzidis wrote: > > [...] > > > I think that this has something to do with =E2=80=98tun0=E2=80=99 inter= face which is > > the last thing that is loaded at boot. Probably PF runs before this, > > sees rules that it doesn=E2=80=99t understand (related to tun0) and com= es up > > short, then tun0 is loaded but it=E2=80=99s too late. > > That's simple to test, just destroy your tun device and check the > output of: > > # pfctl -nvf /etc/pf.conf > -- > regards, Maciej Suszko. >