эти опции отсутствуют
options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
options IPSEC_FILTERGIF # Enbale to filter IPSEC GIF packets
ipsec теперь требует device crypto
device crypto
device enc
options IPSEC
options IPSEC_FILTERTUNNEL
*some notes
# Set IPSEC_FILTERTUNNEL to change the default of the sysctl to force packets # coming through a tunnel to be processed by any configured packet filtering # twice. The default is that packets coming out of a tunnel are _not_ processed; # they are assumed trusted.
