Hello List, I am using SuSE 8.2 on two systems, together with freeswan ipsec. Both systems run: kernel 2.4.20-4GB freeswan 1.99_0.9.23 I have configured freeswan successfully with a Server-and-roadwarrior setup using Certs. By successfully I mean: in /var/log/messages I find a line like --------- Oct 16 21:54:26 Server ipsec__plutorun: 004 "VPN-ERMER" #2: STATE_QUICK_I2: sent QI2, IPsec SA established --------- or similar after starting ipsec on both systems and there are definitely no errors on both servers. On the server side we have the subnet x.x.89.0 to be accessible, on the roadwarrior side (which is connected via dsl) we have the x.x.0.0 subnet connected. My Problem: When i try to ping from one subnet to the other (of course from a different member of the subnet, not the machine running ipsec), the packets are routed correctly to the ipsec device, but there they vanish: ---------------------------- Server:/ # tcpdump -i ipsec0 tcpdump: listening on ipsec0 22:25:17.996878 217.229.160.84 > x.x.89.0: icmp: echo request (DF) 22:25:18.996902 217.229.160.84 > x.x.89.0: icmp: echo request (DF) 22:25:19.996909 217.229.160.84 > x.x.89.0: icmp: echo request (DF) (...) no answer is given to the ping and on the other side of the tunnel, nothing arrives - this happens to every packet that is sent to the tunnel, no matter which port, protocol and destination. As far as i can see, the packets are dropped, before they are given to ppp0: ----------------------------- Server:/ # ifconfig ipsec0 ipsec0 Link encap:IPIP Tunnel HWaddr inet addr:217.229.160.84 Mask:255.255.255.255 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:2002 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ---------------------------- I stopped all Firewall rules, and checked the ipsec configuration over and over, but i can't find a solution. Can anyone help me? If you need, I can post both my ipsec.conf files and barfs, but i didn't want to cause big traffic. Perhaps someone already knows the solution.... Thanks!! -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net