pf rule for NATting multiple VPN interfaces, how to exclude two physical interfaces?

JLG

11/20/23, 8:29 PM

Situation: VPN server, hosting OpenVPN and L2TP connections. OpenVPN connections share a "utun" interface, one per OpenVPN server process. L2TP connections each get a unique "ppp" interface. The easiest way to capture all of the potential interface permutations for NAT is a pf rule like this:

nat on en0 from ! (en0) to any -> (en0:0)

That works great. Except now the server has a second physical interface, en1, and obviously pf is trying to NAT traffic coming through that interface. What is the correct way to rephrase the above pf rule so that neither en0 nor en1 gets NATted, but everything else does?

0 + 0

vpn

nat

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: pf rule for NATting multiple VPN interfaces, how to exclude two physical interfaces?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.