diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index af3567504abf..e2aa99bfa943 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -156,6 +156,7 @@ pflog_program="/sbin/pflogd"	# where the pflogd program lives
 pflog_flags=""			# additional flags for pflogd
 pfsync_enable="NO"		# Expose pf state to other hosts for syncing
 pfsync_syncdev=""		# Interface for pfsync to work through
+pfsync_syncpeer=""		# IP address of pfsync peer host
 pfsync_ifconfig=""		# Additional options to ifconfig(8) for pfsync
 tcp_extensions="YES"		# Set to NO to turn off RFC1323 extensions.
 log_in_vain="0"			# >=1 to log connects to ports w/o listeners.
diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync
index 72a22b5ec8a9..8be89282d120 100644
--- a/etc/rc.d/pfsync
+++ b/etc/rc.d/pfsync
@@ -36,8 +36,13 @@ pfsync_prestart()
 
 pfsync_start()
 {
+	local _syncpeer
+
 	echo "Enabling pfsync."
-	ifconfig pfsync0 syncdev $pfsync_syncdev $pfsync_ifconfig up
+	if [ -n "${pfsync_syncpeer}" ]; then
+		_syncpeer="syncpeer ${pfsync_syncpeer}"
+	fi
+	ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up
 }
 
 pfsync_stop()
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 3caf681c5a50..bd80de06b277 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -855,6 +855,26 @@ It must be set accordingly if
 .Va pfsync_enable
 is set to
 .Dq Li YES .
+.It Va pfsync_syncpeer
+.Pq Vt str
+Empty by default.
+This variable is optional.
+By default, state change messages are sent out on the synchronisation
+interface using IP multicast packets.
+The protocol is IP protocol 240, PFSYNC, and the multicast group used is
+224.0.0.240.
+When a peer address is specified using the
+.Va pfsync_syncpeer
+option, the peer address is used as a destination for the pfsync
+traffic, and the traffic can then be protected using
+.Xr ipsec 4 .
+See the
+.Xr pfsync 4
+manpage for more details about using
+.Xr ipsec 4
+with
+.Xr pfsync 4
+interfaces.
 .It Va pfsync_ifconfig
 .Pq Vt str
 Empty by default.