Hi I've changed from redhat 9 SuperFreeSwan 1.99.8 to suse 9.1 FreeSwan 2.05. With a few changes done on ipsec.conf it all should have worked fine. I can start conns, the freeswan deamon negotiates all its SAs with the other sides. And I can ping the other sides. But I fail to get any other communication through any tunnel. I never have seen before the "PROTO_IPSEC_ESP SA(0x79b5f800) not found (maybe expired)" error message. As a matter of fact I recompiled the kernel with ESP, IPCOMP and IPIP compiled into the kernel not just added as modules. This dropped a number error messages at the initial Freeswan start-up. However it did not change the situation. Then I dropped the SuSE FreeSwan daemon and installed newest StrongSwan 2.1.5 release. No change. So problem probably not deriving from FreeSwan. I can ping, the rtt is normal. But I don't get neither UDP nor TCP nor traceroute through any tunnel. Does anybody know a work around (please don't say change distro). Philipp