Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 20 Jan 2015 14:06:31 +0100
From:      Maciej Suszko <maciej@suszko.eu>
To:        Panagiotis Atmatzidis <atma@convalesco.org>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: A way to load PF rules at startup using OpenVPN
Message-ID:  <20150120140631.377bee87@helium>
In-Reply-To: <F3202279-808B-4CBC-9F67-4CB89E9A59F9@convalesco.org>
References:  <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org> <20150120101144.735f0b67@helium> <CALfReyfuR-%2BOZ4H1RUuwMcvZEgcciwnisCC31vm4%2BNDaXFVu6g@mail.gmail.com> <F3202279-808B-4CBC-9F67-4CB89E9A59F9@convalesco.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
--Sig_/SRhyV5=PZ/wnOuSzNPPNfzV
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Tue, 20 Jan 2015 14:18:28 +0200
Panagiotis Atmatzidis <atma@convalesco.org> wrote:

[...]

> I resolved the issue by creating a devd conf file:
>=20
> $ cat /etc/devd/tun.conf
> # Run PF when tun0 is up
> notify 0 {
> 	match "system"		"IFNET";
> 	match "subsystem"	"tun0";
> 	match "type"		"LINK_UP";
> 	action "/etc/rc.d/pf start";
> };
>=20
> This file makes sure =E2=80=98pf=E2=80=99 is executed right after =E2=80=
=98tun0=E2=80=99 interface is UP, which happens at boot anyway since openvp=
n is started by =E2=80=98rc.conf=E2=80=99. You need have =E2=80=98pf=E2=80=
=99 enabled in =E2=80=98rc.conf=E2=80=99 of course.
>=20
> It works fine now on every reboot :-)

It just looks like solution taken directly from Linux world... If we
don't know why it's not working, let's put rc script somewhere -
problem solved!

In my opinion, properly created pf.conf have nothing to do with openvpn
- neither running nor stopped.

Post your pf.conf, pfctl -nvf /etc/pf.conf with tun0 present and
absent, look at dmesg -a, messages etc.

Just my 2 cents...
--=20
regards, Maciej Suszko.

--Sig_/SRhyV5=PZ/wnOuSzNPPNfzV
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlS+UtcACgkQCikUk0l7iGo30wCeP51FlyPzPgo9tBfLatzoKiEM
4tsAnjxGwSSCB2YB21NTIw2RV3PDBwWM
=dzNj
-----END PGP SIGNATURE-----

--Sig_/SRhyV5=PZ/wnOuSzNPPNfzV--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150120140631.377bee87>