Assuming you block the traffic by default
pf.conf
block log all
# tcpdump -e -ttt -ni pflog0 action block
You will be able to see what exactly is being blocked :)
-Regards
2016-10-24 12:19 GMT-02:00 Kenneth Gober <kgo...@gmail.com>:
> On Sun, Oct 23, 2016 at 4:46 PM, Thuban <thu...@yeuxdelibad.net> wrote:
> > Here are the relevant parts of my pf.conf :
> >
> > ext_if = "re0"
> > tcp_pass = "{ gopher ipp 8000 }"
> > udp_pass = "{ 1194 }"
> >
> > pass in quick on $ext_if proto tcp to any port $tcp_pass keep state
> > pass in quick on $ext_if proto udp to any port $udp_pass keep state
> >
> > pass out on $ext_if from 10.8.0.0/24 to any nat-to $ext_if
> >
> > pass out on $ext_if proto { tcp udp icmp } all modulate state
>
> Do you have rules that allow traffic in from tun0? Something like:
>
> pass in quick on tun0 keep state
>
> Otherwise traffic will reach OpenVPN but get no further, being blocked
> coming out of the tunnel.
>
> -ken
