Got a reply in the forums from "junovitch": "There is a bug in 10.0-RELEASE with how how the kernel is tagging the mbuf allocated with IPSEC packets as it gets tagged to skip firewalling. Hence PF can't NAT what it can't see. Short answer is you need to upgrade to 10.0-STABLE or use an older version of FreeBSD.
Long answers: http://www.freebsd.org/cgi/query-pr.cgi?pr=185876 - The PR with the technical details. https://forums.freebsd.org/viewtopic.php?f=7&t=45691 - Same issue and the troubleshooting that helped find it." Upgrading to 10 STABLE fixed the issue. Cheers, S. _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
