Hi Helio, since I do not have the full information on network setup/routing, I can only do a guess:
Try making your rules for traffic between the GATEWAYs on ext_if and the rules for traffic between the NETWORKs in tun0 stateful (keep state). Michael these: Helio Santana <[EMAIL PROTECTED]> wrote: > # VPN Rules > # Passing in encrypted traffic from security gateways > pass in quick on $ext_if from $GATEWAY_B to $GATEWAY_A > pass out quick on $ext_if from $GATEWAY_A to $GATEWAY_B > > # Need to allow ipencap traffic on enc0. > pass in quick on tun0 all > > # Passing in traffic from the designated subnets. > pass in quick on tun0 from $NETWORK_B to $NETWORK_A > pass out quick on tun0 from $NETWORK_A to $NETWORK_B btw: these are never reached (more special than above): > # Passing in isakmpd(8) traffic from the security gateways > pass in quick on $ext_if proto udp from $GATEWAY_B to $GATEWAY_A port 1194 > pass out quick on $ext_if proto udp from $GATEWAY_A to $GATEWAY_B port 1194
