hi list... i have a user with a VPN client, Checkpoint, using the IKE algorithm behind a SuSE 7.2 Pro system with a stock 2.2.19 kernel, being masqueraded to the net using ipchains.... when the user launches SecuRemote, and Checkpoint, he gets authenticated by the remote VPN server... the problem comes when he launches his VPN application, which requires to connect to the remote server on port 23, via the secure connection... but this part of the process fails... my guess is the Linux server is not masquerading the user's encrypted session... in light of this, i decided to enable IPSec and IKE Masquerading in the SuSE kernel sources... there is a patch available on http://www.impsec.org/linux/masquerade/ip_masq_vpn.html which adds the IPSec, PPTP and IKE options to the kernel sources.... when i apply the patch, the patch log file created shows some hunks failed on one of the lines... nonetheless, i go ahead to compile the kernel, and the "make dep" runs ok... when i start the "make bzImage" it runs okay, and then gives some errors after a couple of minutes, when compiling the ip_masq options... i have tried both the old and new 2.2.19 SuSE sources with the same problem.. i don't use the sources from kernel.org because they have always given me problems when compiling on SuSE.. the SuSE lx_sus22 sources are better on SuSE... could the problem be with the patch, or something else... is there another way the IPSec user can be masqueraded..?.. all help appreciated.. thanks.. AKNIT __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com