On 2010/10/09 03:38, Evgeniy Sudyr wrote: > I' need to allow access from my private network to other private > network through IPSEC. So I need only one way access from my net to > another via NAT on lo1 interface. > I've read this post and found it's great, so I tried to get same NAT > config with PF but it not works as expected. > > Can I ask you guys to share your experience on this configuration. > > http://www.mail-archive.com/pf@benzedrine.cx/msg07969.html > > > Btw, there is my configs http://pastebin.ca/1957804 > -- > -- > With regards, > Eugene Sudyr
Using lo1 for this is an old hack, there is proper support now, see "OUTGOING NETWORK ADDRESS TRANSLATION" in ipsec.conf(5).