top | item 44697097

(no title)

rashkov | 7 months ago

I had a tough time even with PF. I got a basic config going for my network by copying stuff from the book of PF. When I tried to go beyond that things got frustrating. I think I was trying to set up a VPN which, I know this is a famously frustrating task, but I was hoping that PF would be somehow more legible or less opaque. There was nowhere to reference for the syntax and what it’s capable of.

I was hoping it was like a nice programming language whose internal structure made sense to an experienced developer. Where I can incrementally build things up and log things to the console as I go along and troubleshoot. But it turns out that setting up a vpn involves a big bang config with a dozen lines and it’s unclear which of them is broken.

It’s a DSL and not a programming language and often there is very little you can do to troubleshoot that’s short of reading the source code, the protocol spec, and firing up wireshark.

I found various configs on random websites or in the openbsd manual, but none seemed to do the trick. I gave up and installed Tailscale.

This isn’t a knock on PF. But years of reading glowing comments like this gave me some false hope that I could finally grok this stuff and maybe do some creative projects with it.

discuss

unknown|7 months ago

[deleted]