On 2007/04/23 19:59, Martin Toft wrote:
> I've had to add the following rule to make my users happy:
> pass in on $lan_if inet proto { ah gre esp } from <lan_clients> to
> !<bad_destinations> keep stateIPsec NAT-T transports ESP inside UDP packets (normally) on port 4500; that rule shouldn't be needed for NAT-T.
