PF Tailscale/Netbird rules in pf.conf for direct connection

[amnesiac]

After searching for pf rules to put in my pf.conf on FreeBSD, and most results coming up for pfSense, I'm still unable to get a direct connection with tailscale and netbird when I enable the PF firewall after parsing /etc/pf.conf

Would appreciate some copy/paste help with this. Thank you.

 

[SirDice]

What do you have now? And what exactly isn't working?

 

[SirDice]

Going on this:

Enable the UPnP service and Allow NAT-PMP Port Mapping in Services > Universal Plug and Play. Only NAT-PMP is needed for Tailscale's use, but enabling UPnP can be helpful for other applications like gaming consoles.

Using OPNsense with Tailscale · Tailscale Docs

Set up a Tailscale VPN on OPNsense. Get secure communication across your devices without the need for complex configuration.

tailscale.com

You probably need net/miniupnpd.

 

[amnesiac]

What do you have now? And what exactly isn't working?

I have this in my pf.conf, and was looking to add to it via copy/paste:

set skip on lo0
block all
pass in proto tcp to port { 22 }
pass out proto { tcp udp } to port { 22 53 80 123 443 47095 41641 }
pass out inet proto icmp icmp-type { echoreq }
# 47095 = netbird 41641 = tailscale

I've had a look at this link (https://tailscale.com/kb/1097/install-opnsense), but nowhere do I see the actual rules to include inside my pf.conf to get a direct connection to a peer instead of a relayed connection, which is my problem.