I'm sorry to report this hold post,
but the behavior is present again in 1.0-SNAPSHOT-09-12-06.
If I add rules to tun interface all work fine but
at reboot rules are lost...
~A
P.S. perhaps also in 1.0-SNAPSHOT-09-14-06
but I'm not sure. :-(
----- Original Message -----
From: "Scott Ullrich" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, June 28, 2006 8:58 PM
Subject: Re: [pfSense Support] OpenVPN pf rules
On 6/28/06, D.Pageau <[EMAIL PROTECTED]> wrote:
I have an issue where a working OpenVPN server stop to work after
pfSense reboot.
I have add a OpenVPN PKI Server, configured certificate, push option,
Port OpenVPN will listen on and so on...
Now time to fire it up, lauch OpenVPN client on my laptop. UDP 1194
packet are blocked. Strange, should that rule be automatically add when
OpenVPN server is enabled ? Anyway, not a problem, manually add a
rules to let UDP 1194 packet in.
Wow ! It's working !
Then I reboot pfSense and try to connect again, nothing... Strange...
Let's see pf rules:
#pfctl -sr
Two rules a missing, both was there before the reboot and are not back:
pass out quick on tun0 all keep state label "let out anything from
firewall host itself openvpn"
pass in quick on tun0 all keep state label "let out anything from
firewall host itself openvpn"
Why those rules are "flushed" when I reboot ?
Should I fill a PR or I miss something ?
cvs_sync.sh releng_1 from a shell prompt. I mfc'd some fixes yesterday.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------((((((( Internet Email Confidentiality Footer )))))))--------
This e-mail, including any attachments, may contain information that is
protected by law as privileged and confidential, and is transmitted for
the sole use of the intended recipient. If you are not the intended
recipient, you are hereby notified that any use, dissemination, copying
or retention of this e-mail or the information contained herein is
strictly prohibited. If you have received this e-mail in error, please
notify immediately the sender by telephone or reply by e-mail, and
permanently delete this e-mail from your computer system.
The statements and opinions expressed in this e-mail message are
those of the author of the message and do not necessarily represent
those of List Group S.p.A. Besides, the contents of this message
shall be understood as neither given nor endorsed by List Group S.p.A.
List Group S.p.A. does not accept liability for corruption, interception or
amendment, if any, or the consequences thereof.
-----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
