This is my current pf.conf on FreeBSD 11.1-RELEASE. It allows incoming connections from OpenVPN/UDP and SSH, as well as allows everything on the private/vpn networks (vtnet1 and tun0 respectively). The trouble is, I can't connect to OpenVPN or SSH via ipv6. If I watch the openvpn logs or use a -v on SSH, I see it times out on the IPv6 address and then drops to IPv4.
block all
# allow all from host itself
pass out inet all keep state
pass out inet6 all keep state
# allow all from private
pass in quick on vtnet1 inet from any to any keep state
# openvpn
pass in quick proto udp to vtnet0 port openvpn keep state
pass in quick on tun0 inet from any to any keep state
# ssh
pass in quick proto tcp to vtnet0 port ssh flags S/SA keep state
I attempted to change my configuration to the following to allow IPv6:
block all
# allow all from host itself
pass out inet all keep state
pass out inet6 all keep state
# allow all from private
pass in quick on vtnet1 inet from any to any keep state
# openvpn
pass in quick inet proto udp to vtnet0 port openvpn keep state
pass in quick inet6 proto udp to vtnet0 port openvpn keep state
pass in quick on tun0 inet from any to any keep state
# ssh
pass in quick inet proto tcp to vtnet0 port ssh flags S/SA keep state
pass in quick inet6 proto tcp to vtnet0 port ssh flags S/SA keep state
But I still can't make IPv6 connections.
0 Answers