Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Jan 2015 14:06:31 +0100
From:      Maciej Suszko <>
To:        Panagiotis Atmatzidis <>
Cc:        FreeBSD Questions <>
Subject:   Re: A way to load PF rules at startup using OpenVPN
Message-ID:  <20150120140631.377bee87@helium>
In-Reply-To: <>
References:  <> <20150120101144.735f0b67@helium> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Tue, 20 Jan 2015 14:18:28 +0200
Panagiotis Atmatzidis <> wrote:


> I resolved the issue by creating a devd conf file:
> $ cat /etc/devd/tun.conf
> # Run PF when tun0 is up
> notify 0 {
> 	match "system"		"IFNET";
> 	match "subsystem"	"tun0";
> 	match "type"		"LINK_UP";
> 	action "/etc/rc.d/pf start";
> };
> This file makes sure =E2=80=98pf=E2=80=99 is executed right after =E2=80=
=98tun0=E2=80=99 interface is UP, which happens at boot anyway since openvp=
n is started by =E2=80=98rc.conf=E2=80=99. You need have =E2=80=98pf=E2=80=
=99 enabled in =E2=80=98rc.conf=E2=80=99 of course.
> It works fine now on every reboot :-)

It just looks like solution taken directly from Linux world... If we
don't know why it's not working, let's put rc script somewhere -
problem solved!

In my opinion, properly created pf.conf have nothing to do with openvpn
- neither running nor stopped.

Post your pf.conf, pfctl -nvf /etc/pf.conf with tun0 present and
absent, look at dmesg -a, messages etc.

Just my 2 cents...
regards, Maciej Suszko.

Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

Version: GnuPG v2



Want to link to this message? Use this URL: <>