The FreeSwan VPN works perfect, but i can't figure out how I should setup the isc-dhcprelayer, so that DHCP-Broadscast from the 192.168.2.0/24 net will be forwarded to the DHCP Server 192.168.1.2 in the 192.168.1.0/24 Network. My first attempt was to setup the isc dhcprelayer shiped with the SuSE 9.0 on the Gateway 1 but no packets reached the second Gateway 2 on interface ipsec0. Should I setup the dhcp relayer on both Gateways or only on the first or second Gateway?. On both Gateway runs SuSeFirewall 2 with 50 IP, 500 UDP extern opened. Could it be an firewall issue, or doesn's work the isc dhcprelayer together with FreeSwan? Tcpdump Gateway 1 on ipsec0 shows: 19:17:25.364504 gateway-dus.local.bootps > 192.168.1.2.bootps: (request) hops:1 xid:0xa9419560 secs:51135 flags:0x8000 G:gateway-dus.local ether 0:c:6e:f2:d1:4a file ""[|bootp] (DF) 19:17:58.364405 gateway-dus.local.bootps > 192.168.1.2.bootps: (request) hops:1 xid:0x1861440d flags:0x8000 G:gateway-dus.local ether 0:c:6e:f2:d1:4a file ""[|bootp] (DF) 19:18:01.364169 gateway-dus.local.bootps > 192.168.1.2.bootps: (request) hops:1 xid:0x1861440d secs:35263 flags:0x8000 G:gateway-dus.local ether 0:c:6e:f2:d1:4a file ""[|bootp] (DF) but no Broadcast packets reached Gateway 2 on ipsec0. Here my current configuration: 192.168.2.0/24 Network | +-SuSE-Gateway-1--+ |eth1 intern | |192.1682.254 | | | |eth0/ipsec extern| |192.168.0.1 | +-----------------+ ||| VPN Tunnel ||| +-ISP DSL-ROUTER--+ |192.168.0.254 | |with NAT but | |ipsec passthrough| |enabled | |puplic static IP | |111.111.111.111 | +-----------------+ ||| ||| VPN Tunnel ||| ||| +-SuSE-Gateway-2--+ |ISP DSL-Modem | |connected on eth0| | |ipsec/ppp0 extern| |222.222.222.222 | |dynamic IP | | | |eth1 intern | |192.168.1.99 | +-----------------+ | 192.168.1.0/24 Network | | 192.168.1.2 DHCP Server Regards Dietmar Simons