I hope this isn't to far OT for some folks, but I hoping
someone can point out the error of my ways...
--------------------------------------------------

I just can not seem to have a default deny for the enc0
interface. Once I comment out the block, my traffic flows
as expected.

block in log on enc0 from any to any
pass in on enc0 from $B to $A
pass out on enc0 from $A to $B

My default deny works fine for the other two physical
interfaces, just not enc0. I have checked/double checked
against the sample rules in the 'man vpn' page, but it just
keeps getting blocked.

I feel this must be something obvious...anyone?