On Fri, 15 Dec 2000, Matt Herzog wrote:

> Could ipf interfere with ipsec working properly?
> I have a feeling I should probably disable ipfilter
> between host and node before continuing.

I wouldn't do that because if you disable ipf then your node will become
less secure and as you'll be an extension of someother lan you'll also
make that lan less secure.

The basic config is you should allow comms with
UDP, port = 500 for IKE
IP proto of 50 for ESP. Dunno about AH as I never use it.

Alex