This works as well: Pass in quick on pppx0 Pass out quick on pppx0
This doesn't work Pass in quick on pppx0 from pppx0 as it complains there is no IP. Assigning pppx0 to a variable doesn't work either. Neither does setting it to be dynamic. -----Original Message----- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Charles Amstutz Sent: Thursday, October 5, 2017 10:44 AM To: 'misc@openbsd.org' <misc@openbsd.org> Subject: Re: l2tp and openbsd 6.1 Here is a related but new question, If pppx0 only exists when someone is vpn'ed in. How do people handle this in pf? If you don't define rules, packets get blocked on it. But if there is no connect, pf complains about pppx0 not having a firewall. The only thing that seems to work is set skip on pppx0. But then no rules process on it. Has anyone ran into this? how did you handle it.
