I have it working, it turned out I needed to assign ip addresses (duh!) to the server and the client in iked.conf, which is in the iked.conf man page under the AUTOMATIC KEYRING POLICIES heading:
Code:
config option address
Send one or more optional configuration payloads (CP) to the peer.
The configuration option can be one of the following with the expected
address format:
address address
Assign a static address on the internal network.
address address/prefix
Assign a dynamic address on the internal network. The address
will be assigned from an address pool with the size specified by prefix.
netmask netmask
The IPv4 netmask of the internal network.
name-server address
The DNS server address within the internal network.
netbios-server address
The NetBIOS name server (WINS) within the internal network. This option is provided for
compatibility with legacy clients.
dhcp-server address
The address of an internal DHCP server for further configuration.
protected-subnet address/prefix
The address of the protected subnet within the internal network.
access-server address
The address of an internal remote access server.
After setting a static address, netmask on both, and a name-server on the client in iked.conf, it was easy to route the DNS traffic through pf.
Are Tea Eff Im