> no, that's wrong. use this instead: > > pass in on enc0 proto ipencap from $OTHER to $ME
Where OTHER and ME are the IP addresses your IPsec endpoints. In other words the two machines between which you encapsulate your traffic. Mind you this will ONLY be possible if you have static IP's on either end. If you are running a roaming user setup then you will have to use the rule Cedric suggested. -- Mathieu Sauve-Frankel [EMAIL PROTECTED] || [EMAIL PROTECTED]
