On 10/04, Zé Loff wrote: > > On 04/10/2016, at 11:58, Pavel Korovin <p...@tristero.se> wrote: > > > >> On 10/04, Zé Loff wrote: > >> On "the wanderer" iked.conf: > >> > >> ikev2 home active esp \ > >> from egress to 192.168.99.0/24 \ > >> local egress peer vpn.example.com \ > >> srcid dion.example.com dstid vpn.example.com > >> > >> On the "wanderer" pf.conf: > >> > >> match out on enc0 from any to 192.168.99.0/22 nat-to 192.168.100.3 > static-port > > > > Zé, do you have an interface with the address 192.168.100.3 on your > > wanderer? > > No
Then how your pf rewrites the address to 192.168.100.3? I believe there must be an interface with the address specified in the rewrite rules. Otherwise, pf rule won't do anything. Did you check "tcpdump -i enc0" output? -- With best regards, Pavel Korovin
