Hello,

I've got a machine with two IPv6 tunnels:

gif0: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1480
tunnel inet 1.2.3.4 --> 5.6.7.8
inet6 2001:6f8:10e5::1 -> 2001:6f8:900:954::1 prefixlen 128
inet6 fe80::211:2fff:fe8e:931%gif0 -> prefixlen 64 scopeid 0x3
inet6 2001:6f8:10e5::2 -> prefixlen 128
inet6 2001:6f8:10e5::3 -> prefixlen 128
inet6 2001:6f8:10e5::4 -> prefixlen 128
inet6 2001:6f8:10e5::5 -> prefixlen 128
inet6 2001:6f8:900:954::2 -> prefixlen 128

gif1: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1480
tunnel inet 1.2.3.4 --> 9.10.11.12
inet6 2001:4dd0:ff00:1a4::2 -> 2001:4dd0:ff00:1a4::1 prefixlen 128
inet6 fe80::211:2fff:fe8e:931%gif1 -> prefixlen 64 scopeid 0x6

The IPv6 default route points to 2001:6f8:900:954::1, the remote
tunnel address of "gif0". I want to use PF to make sure that
packets which use 2001:4dd0:ff00:1a4::2, the local tunnel address
of "gif1", as the source address go out via "gif1". I cannot get
this to work even with a very basic "pf.conf" which looks like this:

pass in all
pass out all
pass out on gif0 route-to ( gif1 2001:4dd0:ff00:1a4::1 ) from 2001:4dd0:ff00:1a4::2 to any

Any ideas where the problem is? I've tried switching the order of the
last two rules but it didn't help.

I'm using PF 4.2 under NetBSD 5.1_RC2.

Kind regards