On 4/13/06, Chris Cameron <[EMAIL PROTECTED]> wrote:
> In my pf.conf I have:
>
> set skip on tun0
> set skip on enc0
> set skip on lo0
>
>
> tun0 is for OpenVPN. If I run pfctl -f /etc/pf.conf, I can connect with
> OpenVPN and telnet to a server.
>
> If I disconnect OpenVPN, wait for a couple of minutes, then try
> connecting with telnet again, pf blocks the connection. If I run pfctl
> -f /etc/pf.conf, I can connect again.
>
> OpenVPN connects fine, it's just the telnet after that doesn't work.
> tcpdump -i tun0 shows the packets coming in.
>
>
> The connection attempt in my pflog:
>
> Apr 13 14:03:37.157867 rule 0/(match) block in on tun0:
> 192.168.123.6.1160 > 192.168.120.50.23: S 648098994:648098994(0) win
> 16384 <mss 1368,nop,nop,sackOK> (DF)
> Apr 13 14:03:43.092857 rule 0/(match) block in on tun0:
> 192.168.123.6.1160 > 192.168.120.50.23: S 648098994:648098994(0) win
> 16384 <mss 1368,nop,nop,sackOK> (DF)
>
>
> Anyone know what's going on? This is a patched Sparc64/3.8 in a carp
> setup.
I think, after reading the manpage, that this behavior is because you
can 'set skip on' only one time. If you want to specify more than one
interface, the proper way to do it is : 'set skip on { tun0, enc0, lo0
}'
If anybody knows better correct me.
> Chris
>
Arnaud
--
"i think we should rewrite the kernel in java since it has good
support for threads." - Ted Unangst
