Well as others indicated you didn't post your pf.conf, however you did mention something OpenVPN. Are you doing a NAT rdr on the tun interface? Something similiar to this:
nat on fxp0 from tun0/24 to any -> fxp0 if so there is no IP number set for tun yet as OpenVPN hasn't started yet. per the pf.conf(5) man page Host name resolution and interface to address translation are done at ruleset load-time. When the address of an interface (or host name) changes (under DHCP or PPP, for instance), the ruleset must be reloaded for the change to be reflected in the kernel. Surrounding the interface name (and optional modifiers) in parentheses changes this behaviour. When the interface name is surrounded by parentheses, the rule is automatically updated whenever the interface changes its address. The ruleset does not need to be reloaded. This is especially useful with nat. nat on fxp0 from (tun0)/24 to any -> fxp0 this one bit me also in the last week. diana Past hissy-fits are not a predictor of future hissy-fits. Nick Holland(06 Dec 2005) To announce that there must be no criticism of the president, or that we are to stand by the president, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. - Theodore Roosevelt(1918)
