how to configure a FreeBSD firewall to pass IPSec?

[Danny Carroll]

Quoting Guy Middleton <guy at obstruction.com>:
> Until now (and as recommended in the Handbook), I have been using ifpw
> and natd.  Everybody here who has IPSec client passthrough working seems
> to use ifw/ipnat.  Is ipf/ipnat more flexible? And why is there more than
> one firewalling scheme in FreeBSD?

FYI I have done this in ipfw/natd...  It's just as easy.  I think I only added
one rule to my firewall and nothing to my natd.conf

Now I can vpn from any machine on the internal lan to multiple vpn's.
If you want I can send you the ruleset.

ipfw and ipf are different.  I started with ipf but now I like ipfw a lot more
because I feel that it's more flexible (other do not).  I particularly like the
QOS stuff provided by dummynet so I think it would be hard for me to ever go
back.

-D