Can you post your pf.conf? Did you check which packets are blocked and when? You can use pfctl, pftop, pflog for this :)
Spawn some xterms and monitor the network while your clients attach to your vpn, maybe you can spot the problem On 8/13/10, Henry Graterol <hgr...@gmail.com> wrote: > Hello, > > Before I start let me state that I am not an expert on freebsd, I do > enjoy it and consider it a hobby, and love it! > > I have a problem. I use a freebsd server behind a router/gateway to > connect clients with openvpn. I started to notice weird traffic so I > decided to try PF to control traffic. My openvpn setup uses a tap > adapter and a bridge adapter bridging the vpnclient_ips and the server_ip. > > Without PF everything works fine, so no problem there. When I activate > PF I can establish connection to the server_ip from outside thru the vpn > but I can not ping, connect to clients or the internet. After trial and > error the setup that worked for me was to skip filter on bridge0 and > tap0. With this in my configuration vpn worked as before. > > Now the problem, when I reboot the system my vpn allows connections but > repeats the past scenario (no ping, connection to clients, internet, > etc) The fix I have found is to let the system reboot and then issue a > pfctl -f /etc/pf.conf to reload the rules. Then everything works again. > > My guest is that PF is loading before the bridge and tap adapters come > up so that is somehow skipped from loading. My tap connection is set up > to come up from a script when it gets a connection from openvpn. > > Is this a correct guest? What else could be the problem? > > Thank you in advance for your feedback! > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
