[juneau-lug] Re: OpenVPN continued...

  • From: James Zuelow <e5z8652@xxxxxxxxxx>
  • To: juneau-lug@xxxxxxxxxxxxx
  • Date: Tue, 18 Jul 2006 07:29:16 -0800

On Monday 17 July 2006 19:26, Kevin Elliott wrote:

Three questions:

1)
This line doesn't make sense to me:

Mon Jul 17 19:10:30 2006 /sbin/route add -net 192.168.101.254 192.168.100.254 
255.255.255.255
add net 192.168.101.254: gateway 192.168.100.254

The third octet is funky.

2)
And you're using a netmask of 255.255.255.255 - shouldn't the tun interfaces 
have 255.255.255.252 masks?

3)
> 
> #PASS WAN/LAN TRAFFIC
> 
> pass quick on { lo0 $lan_if $vpn_if }


I haven't played with pf in a while.

Shouldn't this be pass in or pass out, not just pass?

This is the only reference to the vpn tunnel in the pf.conf.  

Would it be too terribly inefficient to break it into three lines, just for 
clarity?

(I find breaking firewall rulesets out into atomic units (or as atomic as I can 
get them) makes the firewall easier for me to understand.) 


Cheers,

James
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

  1. Home
  2. juneau-lug
  3. Archive
  4. 07-2006