>From ipsec.conf(5): "… Add a pf(4) tag to all packets of phase 2 SAs created for this connection. …"
As I understand it, in your case or any other cases, it is about tagging pkts from one peer to another. Eg. from one vpn_gw to another. But this is my understanding of this. I might be wrong here. On 11 jun 2013, at 15:37, Rogier Krieger <rkrie...@gmail.com> wrote: > On Tue, Jun 11, 2013 at 3:26 PM, mxb <m...@alumni.chalmers.se> wrote: > >> Tried to tag pkts on $int_if ? Eg >> > match in on $if_int from ($if_int:network) to $pbx_net tag PBX >> > > Yes and that works. But shouldn't it already be covered by the 'PBX' tag in > ipsec.conf? > That's what I expected and what I'm trying to figure out. > > Thanks for the suggestion, though. > > Regards, > > Rogier
