Skip to content

Commit 0be941b

Browse files
essandessessandess
committed
Add additional utun interfaces in case macOS+Tunnelblick create extras
1 parent 2e64d9a commit 0be941b

File tree

1 file changed

+20
-4
lines changed

1 file changed

+20
-4
lines changed

pf.conf

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -55,9 +55,14 @@ scrub-anchor "com.apple/*"
5555
# Allow VPN connections to the VPN host:
5656
# http://serverfault.com/questions/555594/troubleshoot-broken-tcp-from-openvpn-client-to-server-but-ping-traceroute-work
5757
int_if = "en0"
58-
tun_if = "utun0"
59-
no nat on ! $tun_if from $vpn_net to ($int_if)
60-
nat on ! $tun_if from $vpn_net to ! ($int_if) -> ($int_if)
58+
#tun_if = "utun0"
59+
#no nat on ! $tun_if from $vpn_net to ($int_if)
60+
#nat on ! $tun_if from $vpn_net to ! ($int_if) -> ($int_if)
61+
# Use a list in case Tunnelblick creates multiples utun interaces
62+
#tun_if = "{ utun0, utun1, utun2, utun3, utun4, utun5, utun6, utun7, utun8, utun9 }"
63+
not_tun_if = "{ !utun0, !utun1, !utun2, !utun3, !utun4, !utun5, !utun6, !utun7, !utun8, !utun9 }"
64+
no nat on $not_tun_if from $vpn_net to ($int_if)
65+
nat on $not_tun_if from $vpn_net to ! ($int_if) -> ($int_if)
6166
# This rule must be included below BEFORE these packets are passed by other rules:
6267
#pass in quick on $tun_if reply-to $tun_if from $vpn_net to $int_if
6368

@@ -85,7 +90,18 @@ block all
8590

8691
# Allow VPN connections to the VPN host:
8792
# http://serverfault.com/questions/555594/troubleshoot-broken-tcp-from-openvpn-client-to-server-but-ping-traceroute-work
88-
pass in quick on $tun_if reply-to $tun_if from $vpn_net to $int_if
93+
#pass in quick on $tun_if reply-to $tun_if from $vpn_net to $int_if
94+
# Rule for a lot of utun interfaces in case Tunnelblick creates extras
95+
pass in quick on utun0 reply-to utun0 from $vpn_net to $int_if
96+
pass in quick on utun1 reply-to utun1 from $vpn_net to $int_if
97+
pass in quick on utun2 reply-to utun2 from $vpn_net to $int_if
98+
pass in quick on utun3 reply-to utun3 from $vpn_net to $int_if
99+
pass in quick on utun4 reply-to utun4 from $vpn_net to $int_if
100+
pass in quick on utun5 reply-to utun5 from $vpn_net to $int_if
101+
pass in quick on utun6 reply-to utun6 from $vpn_net to $int_if
102+
pass in quick on utun7 reply-to utun7 from $vpn_net to $int_if
103+
pass in quick on utun8 reply-to utun8 from $vpn_net to $int_if
104+
pass in quick on utun9 reply-to utun9 from $vpn_net to $int_if
89105

90106
# Local net
91107
table <lan_inet> const { lo0, 10/8, 172.16/12, 192.168/16 }

0 commit comments

Comments
 (0)