VPNs: Key Exchange, Misc

Various VPNs use the esp, gre protocols, also remember isakmp (udp port 500 for key exchange)

  pass quick inet proto esp 
  pass quick inet proto udp to port isakmp ## udp port 500 for key exchange 
  pass quick proto gre 

Since we filter on anything that's in /etc/protocols you can even have

pass quick proto l2tp # Layer Two Tunneling Protocol 

Note: Your context may require more restrictive criteria