Date: Tue, 20 Jan 2015 09:16:29 +0000 From: krad <kraduk@gmail.com> To: Maciej Suszko <maciej@suszko.eu> Cc: Panagiotis Atmatzidis <atma@convalesco.org>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: A way to load PF rules at startup using OpenVPN Message-ID: <CALfReyfuR-%2BOZ4H1RUuwMcvZEgcciwnisCC31vm4%2BNDaXFVu6g@mail.gmail.com> In-Reply-To: <20150120101144.735f0b67@helium> References: <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org> <20150120101144.735f0b67@helium>
next in thread | previous in thread | raw e-mail | index | archive | help
put this in your rc conf it may help cloned_interfaces=3D"tun0" that will create the interface early on way before openvpn is spawned. You may need to force openvpn to use tun0 as it might try to create tun1 On 20 January 2015 at 09:11, Maciej Suszko <maciej@suszko.eu> wrote: > On Mon, 19 Jan 2015 18:53:40 +0200 > Panagiotis Atmatzidis <atma@convalesco.org> wrote: > > [...] > > > I think that this has something to do with =E2=80=98tun0=E2=80=99 inter= face which is > > the last thing that is loaded at boot. Probably PF runs before this, > > sees rules that it doesn=E2=80=99t understand (related to tun0) and com= es up > > short, then tun0 is loaded but it=E2=80=99s too late. > > That's simple to test, just destroy your tun device and check the > output of: > > # pfctl -nvf /etc/pf.conf > -- > regards, Maciej Suszko. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReyfuR-%2BOZ4H1RUuwMcvZEgcciwnisCC31vm4%2BNDaXFVu6g>