From owner-freebsd-questions@FreeBSD.ORG Thu Jan 22 07:05:28 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 87D0566F for ; Thu, 22 Jan 2015 07:05:28 +0000 (UTC) Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 425DD280 for ; Thu, 22 Jan 2015 07:05:28 +0000 (UTC) Received: by mail-yk0-f174.google.com with SMTP id 131so9128888ykp.5 for ; Wed, 21 Jan 2015 23:05:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NNCkSqXTCb34A0d9VTx4dFyQkEDwbLjfzosj6OYUAEM=; b=V4hn3gZhVH1pHmda+B6+i1cX5uvDSTwZYCuoPT4eW2GEQa36PFKRoPUe2DDlTFBTvX mfh6tMOyjmO3ZeCip+r4Ygt/kkkLygRqRApusNgWlzPgtN33pmd7lRwYMETwUn+DVK4n kYiXy/HTYeYMccL94rMejs7dEWEy5RW+R55r5Lm9sbtNLZ0Zd2qiv80FuhDVaRWiqWnu SYANnNq+MOGQdugU7DxSzdXqrMOpuN3zFahiyenhj9J1EDlulon8xyNdjTeJvzcUe6H6 oIP/AFrQS7yDuwp+GKgtDtQHSIBqS7HNMNn14hAsMd/t4rguOE3tI36++rt8AFsKQxYN ZJ+g== MIME-Version: 1.0 X-Received: by 10.170.52.203 with SMTP id 194mr9459397yku.62.1421910327504; Wed, 21 Jan 2015 23:05:27 -0800 (PST) Received: by 10.170.188.144 with HTTP; Wed, 21 Jan 2015 23:05:27 -0800 (PST) Received: by 10.170.188.144 with HTTP; Wed, 21 Jan 2015 23:05:27 -0800 (PST) In-Reply-To: <54BFFB92.4020708@gmail.com> References: <54BFFB92.4020708@gmail.com> Date: Thu, 22 Jan 2015 07:05:27 +0000 Message-ID: Subject: Re: A way to load PF rules at startup using OpenVPN From: krad To: Chris Ernst Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jan 2015 07:05:28 -0000 Good spot you are right I forgot about that On 21 Jan 2015 19:18, "Chris Ernst" wrote: > Hi Atma > > i had similar issues with exactly the same setup. I was able to solve the > issues by using *brackets* in pf.conf > actually brackets specify dynamic IPs. By using brackets pf knows the IP > may change. > > here is an extract out of my pf.conf > > user@gateway:~ # more /etc/pf.conf > intIf = "vr3" > extIf = "vr0" > vpnIf = "tun0" > [...] > [...] > ### filter rules > block all > [...] > [...] > # allow from vpn to internal > pass in on $vpnIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet > keep state > pass in on $intIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet > keep state > > best regards > Chris > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >