A way to load PF rules at startup using OpenVPN
krad
kraduk at gmail.com
Tue Jan 20 09:16:30 UTC 2015
put this in your rc conf it may help
cloned_interfaces="tun0"
that will create the interface early on way before openvpn is spawned. You
may need to force openvpn to use tun0 as it might try to create tun1
On 20 January 2015 at 09:11, Maciej Suszko <maciej at suszko.eu> wrote:
> On Mon, 19 Jan 2015 18:53:40 +0200
> Panagiotis Atmatzidis <atma at convalesco.org> wrote:
>
> [...]
>
> > I think that this has something to do with ‘tun0’ interface which is
> > the last thing that is loaded at boot. Probably PF runs before this,
> > sees rules that it doesn’t understand (related to tun0) and comes up
> > short, then tun0 is loaded but it’s too late.
>
> That's simple to test, just destroy your tun device and check the
> output of:
>
> # pfctl -nvf /etc/pf.conf
> --
> regards, Maciej Suszko.
>
More information about the freebsd-questions
mailing list