I'm trying to setup a simple ipsec tunnel between two 10.2 boxes and I'm running into problems. If I look at /var/log/messages I can see that my tunnel has been established. Feb 16 08:32:39 server-01 ipsec__plutorun: 004 "testlink" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x68ac18fd <0x69557d5b xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none} But I can't ping the other side. Here is a copy of my ipsec.conf file: ++++++++++++++++++++++++++++++++++++++++++++++++++++++ version 2.0 config setup plutowait=yes conn %default include /etc/ipsec.d/examples/no_oe.conf conn testlink left=A.B.C.113 leftnexthop=A.B.C.118 leftsubnet=192.168.100.0/24 leftrsasigkey=sAQN5Ze+hnho5repR4/NY3Fg8x5ghshIdc.... <trimmed> # right=X.Y.Z.61 rightnexthop=X.Y.Z.57 rightsubnet=192.168.200.0/24 rightrsasigkey=0sAQPBqwAOBlFlRZsXiUlsE8vNHU3jrT.... <trimmed> # authby=rsasig auto=start ++++++++++++++++++++++++++++++++++++++++++++++++++++++ I have ipsec enabled in SuSE firewall. To forward packets back and forth. I have added the string 192.168.100.0/24,192.168.200.0/24,,,ipsec 192.168.200.0/24,192.168.100.0/24,,,ipsec to FW_FORWARD in sysconfig. A.B.C.113's route looks like: Destination Gateway Genmask Flags Metric Ref Use Iface A.B.C.112 0.0.0.0 255.255.255.248 U 0 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.200.0 A.B.C.118 255.255.255.0 UG 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 A.B.C.118 0.0.0.0 UG 0 0 0 eth0 X.Y.Z.61's route looks like: Destination Gateway Genmask Flags Metric Ref Use Iface X.Y.Z.56 0.0.0.0 255.255.255.248 U 0 0 0 eth1 192.168.100.0 X.Y.Z.57 255.255.255.0 UG 0 0 0 eth1 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 X.Y.Z.57 0.0.0.0 UG 0 0 0 eth1 Is there something else I'm missing? TIA, Ken -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org