My system is i386 NetBSD 2.1_RC4.
I change to pflkm from ipf now.
but there is a problem: I could not communicate with a remote OpenVPN
client.

My Network:
rtk0: 192.168.88.0/24 internel
pppoe0: external
tun0: 10.8.1.1 <-----OpenVPN-----> 10.8.1.2 Remote Client

When tun0 is up, netstat -r can see route for 10.8.1.2,
but ping 10.8.1.2 failed, report: no route.
In /va/log/messages, here are:
Sep 18 16:26:25 sunny /netbsd: pf_test: kif == NULL, if_xname tun0

I guess that:
pflkm can't forward packages between tun interface and real interface.
Or must load pflkm module after tun interface is created?
I load it in /etc/lkm.conf

To solve it, must I update system to NetBSD 3.0? Or hack kernel?