Date: Tue, 20 Jan 2015 14:06:31 +0100 From: Maciej Suszko <maciej@suszko.eu> To: Panagiotis Atmatzidis <atma@convalesco.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: A way to load PF rules at startup using OpenVPN Message-ID: <20150120140631.377bee87@helium> In-Reply-To: <F3202279-808B-4CBC-9F67-4CB89E9A59F9@convalesco.org> References: <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org> <20150120101144.735f0b67@helium> <CALfReyfuR-%2BOZ4H1RUuwMcvZEgcciwnisCC31vm4%2BNDaXFVu6g@mail.gmail.com> <F3202279-808B-4CBC-9F67-4CB89E9A59F9@convalesco.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Tue, 20 Jan 2015 14:18:28 +0200
Panagiotis Atmatzidis <atma@convalesco.org> wrote:
[...]
> I resolved the issue by creating a devd conf file:
>
> $ cat /etc/devd/tun.conf
> # Run PF when tun0 is up
> notify 0 {
> match "system" "IFNET";
> match "subsystem" "tun0";
> match "type" "LINK_UP";
> action "/etc/rc.d/pf start";
> };
>
> This file makes sure ‘pf’ is executed right after ‘tun0’ interface is UP, which happens at boot anyway since openvpn is started by ‘rc.conf’. You need have ‘pf’ enabled in ‘rc.conf’ of course.
>
> It works fine now on every reboot :-)
It just looks like solution taken directly from Linux world... If we
don't know why it's not working, let's put rc script somewhere -
problem solved!
In my opinion, properly created pf.conf have nothing to do with openvpn
- neither running nor stopped.
Post your pf.conf, pfctl -nvf /etc/pf.conf with tun0 present and
absent, look at dmesg -a, messages etc.
Just my 2 cents...
--
regards, Maciej Suszko.
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlS+UtcACgkQCikUk0l7iGo30wCeP51FlyPzPgo9tBfLatzoKiEM
4tsAnjxGwSSCB2YB21NTIw2RV3PDBwWM
=dzNj
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150120140631.377bee87>