![[malb]](http://www.informatik.uni-bremen.de/~malb/images/blog.png "back to main"){kind=small}
pf.conf for IPSec
As I needed approx 4 hours to figure it out even though it’s pretty simple. When playing
around with IPSec under OpenBSD (isakmpd) and your Security Association is finally established but you cannot ping around make sure you have
pass quick on enc0
in your pf.conf.
While you’re editing pf.conf you might want to add some scrubbing for your traffic as IPSec increases the MTU:
scrub on $ext_if all fragment reassemble random-id no-df max-mss 1440
You don’t really need reassemble, random-id and fragment.
