diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
index 6b8bfdd2e..7e0e42c43 100644
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@@ -115,6 +115,8 @@ add {{5000 + item.zoneid|int }} allow ip from any to any dst-port 80 via {{item.
 {% for item in no_cp_interface_list %}
 add {{6001 + loop.index }} skipto 60000 all from any to any via {{item.if}}
 {% endfor %}
+# skip ipsec tunnel device from captive portal rules
+add 6199 skipto 60000 all from any to any via enc0
 # let the responses from the captive portal web server back out
 add 6200 pass tcp from any to any out
 # block everything else (not mentioned before)