这是我目前pf.conf在 FreeBSD 11.1-RELEASE 上的版本。它允许来自 OpenVPN/UDP 和 SSH 的传入连接,并允许私有/vpn 网络上的所有内容(vtnet1分别tun0)。问题是,我无法通过 ipv6 连接到 OpenVPN 或 SSH。如果我查看 openvpn 日志或-v在 SSH 上使用,我会看到它在 IPv6 地址上超时,然后下降到 IPv4。
block all
# allow all from host itself
pass out inet all keep state
pass out inet6 all keep state
# allow all from private
pass in quick on vtnet1 inet from any to any keep state
# openvpn
pass in quick proto udp to vtnet0 port openvpn keep state
pass in quick on tun0 inet from any to any keep state
# ssh
pass in quick proto tcp to vtnet0 port ssh flags S/SA keep state
我尝试将配置更改为以下内容以允许 IPv6:
block all
# allow all from host itself
pass out inet all keep state
pass out inet6 all keep state
# allow all from private
pass in quick on vtnet1 inet from any to any keep state
# openvpn
pass in quick inet proto udp to vtnet0 port openvpn keep state
pass in quick inet6 proto udp to vtnet0 port openvpn keep state
pass in quick on tun0 inet from any to any keep state
# ssh
pass in quick inet proto tcp to vtnet0 port ssh flags S/SA keep state
pass in quick inet6 proto tcp to vtnet0 port ssh flags S/SA keep state
但我仍然无法建立 IPv6 连接。