On manual page for vpn(8), there are lines like in :
The pf.conf(5) rules for a tunnel which uses encryption (the ESP IPsec
protocol) and isakmpd(8) on security gateway A might look like this:
GATEWAY_A = "192.168.1.13"
GATEWAY_B = "192.168.1.15"
NETWORK_A = "10.0.50.0/24"
NETWORK_B = "10.0.99.0/24"
ext_if="ne0"
# default deny
# $ext_if is the only interface going to the outside.
block log on { enc0, $ext_if } all
# Pass encrypted traffic to/from security gateways
pass in proto esp from $GATEWAY_B to $GATEWAY_A
pass out proto esp from $GATEWAY_A to $GATEWAY_B
...
...
...
In the last two line above, if i wanted to specify the interface,
which of enc0 or $ext_if, should i use?
I mean, this one:
pass in on $ext_if proto esp from $GATEWAY_B to $GATEWAY_A
pass out on $ext_if proto esp from $GATEWAY_A to $GATEWAY_B
Or :
pass in on enc0 proto esp from $GATEWAY_B to $GATEWAY_A
pass out on enc0 proto esp from $GATEWAY_A to $GATEWAY_B
Thanks in advance.
