Here is some more data on my current state, I checked the currently active states and they are as expected:
Code:
$ pfctl -s state
all ipencap <tunnel_src> <- <tunnel_dest> MULTIPLE:MULTIPLE
all tcp 127.0.0.1:1001 (<web_address>:80) <- <client_address>:22234 FIN_WAIT_2:FIN_WAIT_2
all tcp 127.0.0.1:1001 (<web_address>:80) <- <client_address>:45406 FIN_WAIT_2:FIN_WAIT_2
all tcp 127.0.0.1:1001 (<web_address>:80) <- <client_address>:54255 ESTABLISHED:ESTABLISHED
As I suspected a state was created for the tunnel without me requiring it which is fine by me, the others are my attempts to connect from the client network.
The last one is a connection that was open when I typed the command showing that as far as pf is concerned everything is fine
When i disconnect the client the right part transition to "CLOSING:FIN_WAIT_2" and some seconds later to "FIN_WAIT_2:FIN_WAIT_2" (I suppose the checksum problem prevent both parts to properly close the connection)