On Thu, Apr 13, 2006 at 02:12:19PM -0600, Chris Cameron wrote:
> In my pf.conf I have:
>
> set skip on tun0
> set skip on enc0
> set skip on lo0
<...>
>
> The connection attempt in my pflog:
>
> Apr 13 14:03:37.157867 rule 0/(match) block in on tun0:
> 192.168.123.6.1160 > 192.168.120.50.23: S 648098994:648098994(0) win
> 16384 <mss 1368,nop,nop,sackOK> (DF)
> Apr 13 14:03:43.092857 rule 0/(match) block in on tun0:
> 192.168.123.6.1160 > 192.168.120.50.23: S 648098994:648098994(0) win
> 16384 <mss 1368,nop,nop,sackOK> (DF)
if you change the set skip on tun0 to be just "set skip on tun"
( if that is an option for you , eg, not having tun2 or something that
needs to have filtration ), does the behaviour change?
also i wonder, without disagreeing that what you have already seems
intuitive to me that it should work, if you see the same issue if you
do something like
no nat on tun0 all
pass all on tun0
instead of skip
--
jared
[ openbsd 3.9-current GENERIC ( mar 15 ) // i386 ]
