I'm setting up an IPSec tunnel and in PF, I'm not skipping on
enc0 (i.e. no 'set skip on enc0').  I'm curious to how direction is
specified on enc0 when routing traffic.  My scenario is like this:

remote box --> (IPSec tunnel) --> OpenBSD firewall --> OpenBSD server

I want to send all my logs from 'remote box' to 'OpenBSD server' via
the tunnel.  The tunnel is working fine -- it's up and I can see some
basic traffic.  So on my firewall, where the traffic in the tunnel comes
out, is traffic coming out or in from enc0?


pass in on enc0 proto udp from $remote_box to $server port 514 tag VPN
pass out on $int_if proto udp from $remote_box to $server port 514 tagged VPN

OR

pass out on enc0 proto udp from $remote_box to $server port 514 tag VPN
pass out on $int_if proto udp from $remote_box to $server port 514 tagged VPN


Why don't I just try it out?  I'm away from accessing the machines for the
time being and the idea (and how to solve it) is just swimming around in my
head.

Thanks in advance for any pointers.

cheers.
ryanc

Reply via email to