Welcome back!
The
enc(4) pseudo driver is for integrating IPSec protected traffic with PF for packet filtering, and for diagnostics with
tcpdump(8). It's not a directly usable device for networking, because every packet runs through the pseudo device twice.
I've never tried it -- so I cannot give any guidance -- but you might be able to redirect the appropriate enc(4) traffic via PF rules. PF's
route-to or
reply-to rule options come to mind as possible tools. But be careful. The enc(4) man page states:
Quote:
... the use of translation rules to map and redirect network traffic requires some care. Packets destined to be IPsec processed are seen by the filter/translation engine twice, both before and after being IPsec processed. If a packet's translated address on the way back fails to match an existing IPsec flow, from the translated address to the original source address, it will be discarded by the filter. It is best to avoid this situation where possible, though a flow may be explicitly created to work around it.
|
There are very few of us here who use IPSec. You'll probably get better answers if you post your question to the misc@ mailing list. It's just as raucous as it was six years ago... and sometimes, just as helpful.