|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
'set skip on' being inconsistent
From: Chris Cameron (chris
upnix.com)
Date: Thu Apr 13 2006 - 15:12:19 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In my pf.conf I have:
set skip on tun0
set skip on enc0
set skip on lo0
tun0 is for OpenVPN. If I run pfctl -f /etc/pf.conf, I can connect with
OpenVPN and telnet to a server.
If I disconnect OpenVPN, wait for a couple of minutes, then try
connecting with telnet again, pf blocks the connection. If I run pfctl
-f /etc/pf.conf, I can connect again.
OpenVPN connects fine, it's just the telnet after that doesn't work.
tcpdump -i tun0 shows the packets coming in.
The connection attempt in my pflog:
Apr 13 14:03:37.157867 rule 0/(match) block in on tun0:
192.168.123.6.1160 > 192.168.120.50.23: S 648098994:648098994(0) win
16384 <mss 1368,nop,nop,sackOK> (DF)
Apr 13 14:03:43.092857 rule 0/(match) block in on tun0:
192.168.123.6.1160 > 192.168.120.50.23: S 648098994:648098994(0) win
16384 <mss 1368,nop,nop,sackOK> (DF)
Anyone know what's going on? This is a patched Sparc64/3.8 in a carp
setup.
Chris
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]