Hi list, i googled and rtfm+faq on freeswan.org for some hours but cannot find a solution for the example 192.168.1.0/24 as Subnet1 --> 192.168.1.1 : 10.10.10.1 as FreeS/Wan Router 1--> 192.168.10.11 : ext.ip.addr.no1 as external router does nat --> INTERNET INTERNET <-- ext.ip.addr.no2 : 192.168.2.1 : as FreeS/Wan Router 2 192.168.2.0/24 as Subnet 2 The error is ever the same: packet from ext.ip.addr.no1:xxx: initial Main Mode message received on ext.ip.addr.no2:500 but no connection has been authorized I think the problen is the router that does NAT because FreeS/Wan Router 1 gots an privat IP that not routeable. ipsec.conf on freeS/Wan Router 1 conn snt left=10.10.10.1 leftsubnet=192.168.1.0/24 leftnexthop=192.168.10.11 leftrsasigkey=xxx leftfirewall=yes right=ext.ip.adrr.no2 rightsubnet=192.168.2.0/24 rightnexthop= rightrsasigkey=xxx auto=start ipsec.conf on freeS/Wan Router 2 conn snt left=10.10.10.1 leftsubnet=192.168.1.0/24 leftnexthop=192.168.10.11 leftrsasigkey=xxx leftfirewall=yes right=ext.ip.adrr.no2 rightsubnet=192.168.2.0/24 rightnexthop= rightrsasigkey=xxx auto=add In the FAQ i read, that this error only occurs if left/right or leftsubnet/rightsubnet differs, but they dont. ???? Michael