Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Jan 2015 20:18:42 +0100
From:      Chris Ernst <>
Subject:   Re: A way to load PF rules at startup using OpenVPN
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi Atma

i had similar issues with exactly the same setup. I was able to solve 
the issues by using *brackets* in pf.conf
actually brackets specify dynamic IPs. By using brackets pf knows the IP 
may change.

here is an extract out of my pf.conf

user@gateway:~ # more /etc/pf.conf
intIf = "vr3"
extIf = "vr0"
vpnIf = "tun0"
### filter rules
block all
# allow from vpn to internal
pass in on $vpnIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet 
keep state
pass in on $intIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet 
keep state

best regards

Want to link to this message? Use this URL: <>