*hmmm*
i did a test using ipsec vpn colouring aka. tagging
ipsec.conf offers the option to tag the vpn traffic for further PF filtering
using these tags i can instruct PF to use different public NAT addresses
(outgoing to internet) for each VPN
but when you have overlapping subnets behind the VPNs then it it difficult to
get the reply traffic into the right VPN
maybe i am missing something here...
i expected some feature so tagged traffic will be routed into the VPN carrying
the same tag (...somehow...)
did some tests using 'reply-to' in pf rules but that did not work... - an a
default route will not help because i have many VPN all overlapping in worst
case
any ideas? an important option i missed?
thank you
/pat
