I have trouble connecting multiple XP roadworriors to a freeswan gateway. For each client an IPSEC tunnel can be established individually. But to have both clients connected at the same time is not possible. I have the following setup: Roadwarrior1/2 --- ras-router --- vpn-gateway --- internal-subnet 10.5.5.(1,2) --- 10.6.1.3 --- 10.6.1.1/10.7.1.1 --- 192.168.0.0/24 For roadwarrior1 everything works as espected. The tunnel can be established and the client can ping the internal subnet. When roadwarrior2 tries to connect, I get the following error "roadwarrior"[5] 10.5.5.2 #5: discarding duplicate packet; already STATE_MAIN_R2 and the connection of roadwarrior1 hangs too! Seems as if freeswan/x509 (SuSE 8.2) wouldn't be able to separate the connections. My ipsec.conf: --- # basic configuration config setup interfaces="ipsec0=eth0" klipsdebug=none plutodebug=all plutoload=%search plutostart=%search uniqueids=yes #nat_traversal=yes # defaults for subsequent connection descriptions conn %default keyingtries=3 disablearrivalcheck=yes authby=rsasig leftcert=vpncert.pem left=10.6.1.1 leftnexthop=10.6.1.3 leftsubnet=192.168.0.0/24 rightrsasigkey=%cert leftupdown=/usr/lib/ipsec/_updown.x509 pfs=yes auto=add conn roadwarrior right=%any rightsubnetwithin=10.5.5.0/24 auto=add --- Did anybody have a similar problem. Any hints are welcome. Mirko ----------------------------------- Mirko Belick Bundesdruckerei GmbH IT-Netzmanagement 10598 Berlin Oranienstrasse 91 Email: belick@bdr.de http://www.bundesdruckerei.de