The problem is NOT with your external address, it's related to the tun interface created by OpenVPN, please re-read my original post.
so just for grins where does the 10.77.77/24 relate to, the tun interface that OpenVPN builds? Oh yes, and what about 209.223.236.162? Is that an IP # on an interface? that's why I use ext_if=fxp0 vpn_if=tun0 nat on $ext_if from ($vpn_if)/24 to any -> $ext_if when tun0 is surrounded by parens it automagically gets the IP number assigned by OpenVPN and the /24 netmask then defines it the network associated with the OpenVPN assignment. I'm thinking 209.223.236.162 might in some way be related to your $ext_if? damn I feel like I'm playing 20 questions. diana On Sun, 1 Jan 2006, "Randal L. Schwartz" wrote: > The only rule I have related to OpenVPN is > > nat on $ext_if from 10.77.77/24 to any -> 209.223.236.162 > > I presume $ext_if is up before I get to the pf.conf load, or else I > wouldn't have been able to ever run any rules!
