Та же фишка 4.9-release только у меня interface tun0.
пакеты как ни странно летают туда-сюда только как то странно через 3-4, то есть пынги то не нет (пару раз даже удалось с другой машиной сконектиться ). Грешу на виндовую маршрутеризацию (что имхо зря)
Еще было сомнение на 4.9, но у корня тотже самый набор и собирал он её так же , все работает. У нас с ним одна разница - у него не стоит default to accept. и все!
мой make.conf
# $FreeBSD: src/etc/defaults/make.conf,v 1.97.2.74 2002/08/08 09:03:46 ru Exp $
#
# NOTE: Please would any committer updating this file also update the
# make.conf(5) manual page, if necessary, which is located in
# src/share/man/man5/make.conf.5.
#
# This file, if present, will be read by make (see /usr/share/mk/sys.mk).
# It allows you to override macro definitions to make without changing
# your source tree, or anything the source tree installs.
#
# This file must be in valid Makefile syntax.
#
# You have to find the things you can put here in the Makefiles and
# documentation of the source tree.
#
#
# The CPUTYPE variable controls which processor should be targeted for
# generated code. This controls processor-specific optimizations in
# certain code (currently only OpenSSL) as well as modifying the value
# of CFLAGS to contain the appropriate optimization directive to gcc.
# The automatic setting of CFLAGS may be overridden using the
# NO_CPU_CFLAGS variable below.
# Currently the following CPU types are recognized:
# Intel x86 architecture:
# (AMD CPUs) k7 k6-2 k6 k5
# (Intel CPUs) p4 p3 p2 i686 i586/mmx i586 i486 i386
# Alpha/AXP architecture: ev6 pca56 ev56 ev5 ev45 ev4
#
# If you experience any problems after setting this flag, please unset
# it again before submitting a bug report or attempting to modify code.
# It may be that certain types of software will become unstable after being
# compiled with processor-specific (or higher - see below) optimization flags.
# If in doubt, do not set CPUTYPE or CFLAGS to non-default values.
#
#CPUTYPE=i686
#NO_CPU_CFLAGS= true # Don't add -march=<cpu> to CFLAGS automatically
#NO_CPU_COPTFLAGS=true # Don't add -march=<cpu> to COPTFLAGS automatically
#
# CFLAGS controls the compiler settings used when compiling C code.
# Note that optimization settings above -O (-O2, ...) are not recommended
# or supported for compiling the world or the kernel - please revert any
# nonstandard optimization settings to "-O" before submitting bug reports
# to the developers.
# Note also that at this time the -O2 setting is known to produce BROKEN
# CODE on the Alpha platform.
#
#CFLAGS= -O -pipe
#
# CXXFLAGS controls the compiler settings used when compiling C++ code.
# Note that CXXFLAGS is initially set to the value of CFLAGS. If you wish
# to add to CXXFLAGS value, "+=" must be used rather than "=". Using "="
# alone will remove the often needed contents of CFLAGS from CXXFLAGS.
#
#CXXFLAGS+= -fmemoize-lookups -fsave-memoized
#
# BDECFLAGS are a set of gcc warning settings that Bruce Evans has suggested
# for use in developing FreeBSD and testing changes. They can be used by
# putting "CFLAGS+=${BDECFLAGS}" in /etc/make.conf. -Wconversion is not
# included here due to compiler bugs, e.g., mkdir()'s mode_t argument.
#
BDECFLAGS= -W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \
-Wcast-qual -Wchar-subscripts -Winline \
-Wmissing-prototypes -Wnested-externs -Wpointer-arith \
-Wredundant-decls -Wshadow -Wstrict-prototypes -Wwrite-strings
#
# WARNS_WERROR causes -Werror to be added when WARNS is in effect.
#
#WARNS_WERROR= yes
#
# To compile just the kernel with special optimizations, you should use
# this instead of CFLAGS (which is not applicable to kernel builds anyway).
# There is very little to gain by using higher optimization levels, and doing
# so can cause problems.
#
#COPTFLAGS= -O -pipe
#
# Compare before install
#INSTALL=install -C
#
# To enable installing suidperl with the setuid bit turned on
#ENABLE_SUIDPERL= true
#
# To build ppp with normal permissions
#PPP_NOSUID= true
#
# To enable installing ssh(1) with the setuid bit turned on
#ENABLE_SUID_SSH= true
#
# To avoid building various parts of the base system:
NO_CVS= true # do not build CVS
NO_BIND= true # do not build BIND
NO_FORTRAN= true # do not build g77 and related libraries
NO_I4B= true # do not build isdn4bsd package
#NO_IPFILTER= true # do not build IP Filter package
NO_LPR= true # do not build lpr and related programs
NO_MAILWRAPPER=true # do not build the mailwrapper(8) MTA selector
#NO_MODULES= true # do not build modules with the kernel
NO_OBJC= true # do not build Objective C support
#NO_OPENSSH= true # do not build OpenSSH
#NO_OPENSSL= true # do not build OpenSSL (implies NO_OPENSSH)
NO_SENDMAIL= true # do not build sendmail and related programs
NO_SHAREDOCS= true # do not build the 4.4BSD legacy docs
#NO_TCSH= true # do not build and install /bin/csh (which is tcsh)
NO_X= true # do not compile in XWindows support (e.g. doscmd)
#NOCRYPT= true # do not build any crypto code
NOGAMES= true # do not build games (games/ subdir)
NOINFO= true # do not make or install info files
#NOLIBC_R= true # do not build libc_r (re-entrant version of libc)
#NOPERL= true # do not build perl. Disables OpenSSL optimizations
#NOPROFILE= true # Avoid compiling profiled libraries
#NOSECURE= true # do not build crypto code in secure/ subdir
#NOSHARE= true # do not go into the share subdir
NOUUCP= true # do not build uucp related programs
#
# To build the OpenSSL manpages, uncomment the following. These are not
# built by default because they clobber a number of system manpages with
# manpages describing parts of the OpenSSL toolkit, including passwd(1),
# err(3), md5(3), and others.
#
#WANT_OPENSSL_MANPAGES= true
#
# To build sys/modules when building the world (our old way of doing things)
#MODULES_WITH_WORLD=true # do not build modules when building kernel
#
# The list of modules to build instead of all of them.
#MODULES_OVERRIDE= linux ipfw
#
# The following controls building optional IDEA code in libcrypto and
# certain ports. Patents are involved - you must not use this unless
# you either have a license or fall within patent 'fair use'
# provisions.
#
# *** It is YOUR RESPONSIBILITY to determine if you can use this! ***
#
# IDEA is patented in the USA and many European countries - thought to
# be OK to use for any non-commercial use. This is optional.
#MAKE_IDEA= YES # IDEA (128 bit symmetric encryption)
#
# To avoid running MAKEDEV all on /dev during install:
#NO_MAKEDEV= true
#
# If you do not want unformatted manual pages to be compressed
# when they are installed:
#
#NOMANCOMPRESS= true
#
#
# If you want the "compat" shared libraries installed as part of your normal
# builds, uncomment these:
#
#COMPAT1X= yes
#COMPAT20= yes
#COMPAT21= yes
#COMPAT22= yes
#COMPAT3X= yes
#COMPAT4X= yes
#
#
# If you do not want additional documentation (some of which are
# a few hundred KB's) for ports to be installed:
#
NOPORTDOCS= true
#
#
# Default format for system documentation, depends on your printer.
# Set this to "ascii" for simple printers or screen
#
#PRINTERDEVICE= ps
#
#
# How long to wait for a console keypress before booting the default kernel.
# This value is approximately in milliseconds. Keypresses are accepted by the
# BIOS before booting from disk, making it possible to give custom boot
# parameters even when this is set to 0.
#
#BOOTWAIT=0
#BOOTWAIT=30000
#
# By default, the system will always use the keyboard/video card as system
# console. However, the boot blocks may be dynamically configured to use a
# serial port in addition to or instead of the keyboard/video console.
#
# By default we use COM1 as our serial console port *if* we're going to use
# a serial port as our console at all. Alter as necessary.
#
# COM1: = 0x3F8, COM2: = 0x2F8, COM3: = 0x3E8, COM4: = 0x2E8
#
#BOOT_COMCONSOLE_PORT= 0x3F8
#
# The default serial console speed is 9600. Set the speed to a larger value
# for better interactive response.
#
#BOOT_COMCONSOLE_SPEED= 115200
#
# By default the 'pxeboot' loader retrieves the kernel via NFS. Defining
# this and recompiling /usr/src/sys/boot will cause it to retrieve the kernel
# via TFTP. This allows pxeboot to load a custom BOOTP diskless kernel yet
# still mount the server's '/' (i.e. rather than load the server's kernel).
#
#LOADER_TFTP_SUPPORT= YES
#
# By default, the ports collection attempts to use XFree86 4.X. If
# you are running XFree86 3.3.X, uncomment this line.
#
#XFREE86_VERSION= 3
#
# By default, this points to /usr/X11R6 for XFree86 releases 3.0 or earlier.
# If you have a XFree86 from before 3.0 that has the X distribution in
# /usr/X386, you want to uncomment this.
#
#X11BASE= /usr/X386
#
#
# If you have Motif on your system, uncomment this.
#
#HAVE_MOTIF= yes
#MOTIF_STATIC= yes
#
# If the default location of the Motif library (specified below) is NOT
# appropriate for you, uncomment this and change it to the correct value.
# If your motif is in ${X11BASE}/lib, you don't need to touch this line.
#
#MOTIFLIB= -L${X11BASE}/lib -lXm
#
#
# If you're resident in the USA, this will help various ports to determine
# whether or not they should attempt to comply with the various U.S.
# export regulations on certain types of software which do not apply to
# anyone else in the world.
#
#USA_RESIDENT= YES
#
#
# Override "don't install a port that's already installed" behavior.
# One might wish to do this for ports debugging or to unconditionally
# reinstall a set of suspect/broken ports.
#
#FORCE_PKG_REGISTER= YES
#
#
# If you're behind a firewall and need FTP or HTTP proxy services for
# ports collection fetching to work, the following examples give the
# necessary syntax. See the fetch(3) man page for details.
#
#FETCH_ENV= FTP_PROXY=ftp://10.0.0.1:21
#FETCH_ENV= HTTP_PROXY=http://10.0.0.1:80
#
#
# Port master sites.
#
# If you want your port fetches to go somewhere else than the default
# (specified below) in case the distfile/patchfile was not found,
# uncomment this and change it to a location nearest you. (Don't
# remove the "/${DIST_SUBDIR}/" part.)
#
#MASTER_SITE_BACKUP?= \
# ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
#
# If you want your port fetches to check the above site first (before
# the MASTER_SITES specified in the port Makefiles), uncomment the
# line below. You can also change the right side to point to wherever
# you want.
#
#MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
#
# Some ports use a special variable to point to a collection of
# mirrors of well-known software archives. If you have a mirror close
# to you, uncomment any of the following lines and change it to that
# address. (Don't remove the "/%SUBDIR%/" part.)
#
# Note: the right hand sides of the following lines are only for your
# information. For a full list of default sites, take a look at
# bsd.sites.mk.
#
#MASTER_SITE_AFTERSTEP= ftp://ftp.afterstep.org/%SUBDIR%/
#MASTER_SITE_COMP_SOURCES= ftp://gatekeeper.dec.com/pub/usenet/comp.sources.%SUBDIR%/
#MASTER_SITE_FREEBSD_ORG= ftp://ftp.FreeBSD.org/pub/FreeBSD/%SUBDIR%/
#MASTER_SITE_GNOME= ftp://ftp.gnome.org/pub/GNOME/%SUBDIR%/
#MASTER_SITE_GNU= ftp://ftp.gnu.org/gnu/%SUBDIR%/
#MASTER_SITE_KDE= ftp://ftp.kde.org/pub/kde/%SUBDIR%/
#MASTER_SITE_LOCAL= ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
#MASTER_SITE_MOZILLA= ftp://ftp.mozilla.org/pub/%SUBDIR%/
#MASTER_SITE_NETBSD= ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/%SUBDIR%/
#MASTER_SITE_PERL_CPAN= ftp://ftp.digital.com/pub/plan/perl/CPAN/modules/by-module/%SUBDIR%/
#MASTER_SITE_PORTS_JP= ftp://ports.jp.FreeBSD.org/pub/FreeBSD-jp/ports-jp/LOCAL_PORTS/%SUBDIR%/
#MASTER_SITE_RINGSERVER= ftp://ftp.dnsbalance.ring.gr.jp/pub/%SUBDIR%/
#MASTER_SITE_RUBY= ftp://ftp.ruby-lang.org/pub/ruby/%SUBDIR%/
#MASTER_SITE_SOURCEFORGE= ftp://ftp2.sourceforge.net/pub/sourceforge/%SUBDIR%/
#MASTER_SITE_SOURCEWARE= ftp://ftp.freesoftware.com/pub/sourceware/%SUBDIR%/
#MASTER_SITE_SUNSITE= ftp://metalab.unc.edu/pub/Linux/%SUBDIR%/
#MASTER_SITE_TCLTK= ftp://ftp.scriptics.com/pub/tcl/%SUBDIR%/
#MASTER_SITE_TEX_CTAN= ftp://ftp.tex.ac.uk/tex-archive/%SUBDIR%/
#MASTER_SITE_THEMES= ftp://ftp.themes.org/pub/themes/%SUBDIR%/
#MASTER_SITE_WINDOWMAKER= ftp://ftp.windowmaker.org/pub/%SUBDIR%/
#MASTER_SITE_XCONTRIB= ftp://ftp.x.org/contrib/%SUBDIR%/
#MASTER_SITE_XEMACS= ftp://ftp.xemacs.org/pub/xemacs/%SUBDIR%/
#MASTER_SITE_XFREE= ftp://ftp.xfree86.org/pub/XFree86/%SUBDIR%/source/
#
# Also it is highly recommended that you configure MASTER_SORT_REGEX
# to choose better mirror sites for you. List awk(1)-style regular
# expressions separated by space so MASTER_SITES will be sorted in
# that order. The following example is for Japanese users; change
# "jp" part to your ccTLD ("de", "ru", "uk", etc.) or the domain names
# of your nearest/upstream networks to meet your needs.
#
#MASTER_SORT_REGEX?= ^file: ^ftp://ftp\.FreeBSD\.org/pub/FreeBSD/ports/local-distfiles/ ://[^/]*\.jp/ ://[^/]*\.jp\.
#
# Ports can place their working directories somewhere other than under
# /usr/ports.
#WRKDIRPREFIX= /var/tmp
#
# Kerberos IV
# If you want KerberosIV (KTH eBones), define this:
#
#MAKE_KERBEROS4= yes
#
#
# Kerberos 5
# If you want Kerberos 5 (KTH Heimdal), define this:
#
#MAKE_KERBEROS5= yes
#
# Kerberos 5 su (k5su)
# If you want to use the k5su utility, define this to have it installed
# set-user-ID.
#ENABLE_SUID_K5SU= yes
#
#
# Kerberos5
# If you want to install MIT Kerberos5 port somewhere other than /usr/local,
# define this (this is also used to tell ssh1 that kerberos is needed):
#
#KRB5_HOME= /usr/local
#
#
# CVSup update flags. Edit SUPFILE settings to reflect whichever distribution
# file(s) you use on your site (see /usr/share/examples/cvsup/README for more
# information on CVSup and these files). To use, do "make update" in /usr/src.
#
#SUP_UPDATE= yes
#
#SUP= /usr/local/bin/cvsup
#SUPFLAGS= -g -L 2
#SUPHOST= cvsup.uk.FreeBSD.org
#SUPFILE= /usr/share/examples/cvsup/stable-supfile
#PORTSSUPFILE= /usr/share/examples/cvsup/ports-supfile
#DOCSUPFILE= /usr/share/examples/cvsup/doc-supfile
#
# top(1) uses a hash table for the user names. The size of this hash
# can be tuned to match the number of local users. The table size should
# be a prime number approximately twice as large as the number of lines in
# /etc/passwd. The default number is 20011.
#
#TOP_TABLE_SIZE= 101
#
# Documentation
#
# The list of languages and encodings to build and install
#
#DOC_LANG= en_US.ISO8859-1 ru_RU.KOI8-R
#
#
# sendmail
#
# The following sets the default m4 configuration file to use at
# install time. Use with caution as a make install will overwrite
# any existing /etc/mail/sendmail.cf. Note that SENDMAIL_CF is now
# deprecated. The value should be a fully qualified path name.
# Avoid using a value of /etc/mail/sendmail.mc as a buildworld will
# create /etc/mail/sendmail.cf before installworld installs an
# updated sendmail binary.
#
#SENDMAIL_MC=/etc/mail/myconfig.mc
#
# The following sets the default m4 configuration file for mail
# submission to use at install time. Use with caution as a make
# install will overwrite any existing /etc/mail/submit.cf. The
# value should be a fully qualified path name.
# Avoid using a value of /etc/mail/submit.mc as a buildworld will
# create /etc/mail/submit.cf before installworld installs an
# updated sendmail binary.
#
#SENDMAIL_SUBMIT_MC=/etc/mail/mysubmit.mc
#
# If you need to build additional .cf files during a make buildworld,
# include the full paths to the .mc files in SENDMAIL_ADDITIONAL_MC.
# Avoid using a value of /etc/mail/sendmail.mc as a buildworld will
# create /etc/mail/sendmail.cf before installworld installs an
# updated sendmail binary.
#
#SENDMAIL_ADDITIONAL_MC=/etc/mail/foo.mc /etc/mail/bar.mc
#
# Setting the following variable modifies the flags passed to m4 when
# building a .cf file from a .mc file. It can be used to enable
# features disabled by default.
#
#SENDMAIL_M4_FLAGS=
#
# Setting the following variables modifies the build environment for
# sendmail and its related utilities. For example, SASL support can be
# added with settings such as:
#
# SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -DSASL
# SENDMAIL_LDFLAGS=-L/usr/local/lib
# SENDMAIL_LDADD=-lsasl
#
# Note: If you are using Cyrus SASL with other applications which require
# access to the sasldb file, you should add the following to your
# sendmail.mc file:
#
# define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')
#
#SENDMAIL_CFLAGS=
#SENDMAIL_LDFLAGS=
#SENDMAIL_LDADD=
#SENDMAIL_DPADD=
#
# Setting SENDMAIL_SET_USER_ID will install the sendmail binary as a
# set-user-ID root binary instead of a set-group-ID smmsp binary and will
# prevent the installation of /etc/mail/submit.cf.
# This is a deprecated mode of operation. See etc/mail/README for more
# information.
#
#SENDMAIL_SET_USER_ID=
#
# The permissions to use on alias and map databases generated using
# /etc/mail/Makefile. Defaults to 0640.
#
#SENDMAIL_MAP_PERMS=
ЗЫ грешу на ipfw1 :) надо с ipfw2 собирать!