The address of your nfe0 NIC is 192.168.1.4, but in the routing table it is 192.168.1.1
Code:
$ route -n show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
0/1 10.100.1.1 UGS 0 0 - 8 tun0
default 192.168.1.1 UGS 9 62319 - 8 nfe0
10.100.1/24 link#6 UC 1 0 - 4 tun0
10.100.1/24 10.100.1.1 UGS 0 0 - 8 tun0
10.100.1.1 link#6 UHLc 3 0 - 4 tun0
92.241.168.20/32 192.168.1.1 UGS 0 0 - 8 nfe0
127/8 127.0.0.1 UGRS 0 0 33200 8 lo0
127.0.0.1 127.0.0.1 UH 7 134400 33200 4 lo0
128/1 10.100.1.1 UGS 0 0 - 8 tun0
192.168.1/24 link#1 UC 1 0 - 4 nfe0
192.168.1.1 00:xx:xx:xx:xx:xx UHLc 2 1643 - 4 nfe0
192.168.1.4 127.0.0.1 UGHS 0 0 33200 8 lo0
224/4 127.0.0.1 URS 0 0 33200 8 lo0
$ ifconfig nfe0
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:xx:xx:xx:xx:86
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::2xx:xxff:fexx:xx86%nfe0 prefixlen 64 scopeid 0x1
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
In the routing table
tun0 shows up in the 10.100.1.0/24 network but the ifconfig shows it is 10.100.2.106 and thus in 10.100.2.0/24.
Because of these two abnormalities you are getting these 'no routes to host' messages.
Code:
tun1: flags=9803<UP,BROADCAST,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:a9
priority: 0
groups: tun
status: no carrier
inet 10.100.1.9 netmask 0xffffff00 broadcast 10.100.1.255
inet6 fe80::fcxx:xxff:fexx:xxa9%tun1 prefixlen 64 scopeid 0x7
tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:34
priority: 0
groups: tun
status: active
inet 10.100.2.106 netmask 0xffffff00 broadcast 10.100.2.255
inet6 fe80::fcxx:xxff:fexx:xx34%tun0 prefixlen 64 scopeid 0x8
And I wonder what
tun1 is doing, it shows 'no carrier', although it is in the 10.100.1.0/24 network which happens to be in the routing tables.
OpenVPN seems to configure
tun0
Code:
Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 destroy
Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 create
Tue Feb 1 15:14:00 2011 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 10.100.2.106 netmask 255.255.255.0 mtu 1500 broadcast 10.100.2.255 link0
Tue Feb 1 15:14:00 2011 TUN/TAP device /dev/tun0 opened
Although I wonder how pf handles network devices that don't exist when the rules are loading,
How about the Windows approach, rebooting the system?