Dear all, I have successfully set-up an ipsec tunnel between a suse 9.0 linux with freeswan 2.04_1_4_8 and a Cisco PIX 515. I decided to install suse 9.1to a new PC because the previous suse kernel was not working normally after freeswan was doing rekeying( ...incoming packet policy failed..blah, blah.). If anyone knows something about this please tell me. Anyway, I set-up a suse 9.1 with kernel 2.6. I installed freeswan 2.04_1_5_3 (included in the distribution) during the installation. I copied the ipsec.conf and ipsec.secrets files as well as the private, public and CA certificates from my previous successfull set-up with suse 9.0(kernel 2.4.21) to my new installation. I have a big problem now because I cannot even set-up the tunnel. PIX configuration has not been changed and my old setup is working. Here is the debug: Sep 9 16:31:37 linux pluto[21125]: added connection description "myconn" Sep 9 16:31:37 linux pluto[21125]: listening for IKE messages Sep 9 16:31:37 linux pluto[21125]: adding interface eth0/eth0 192.168.11.46 Sep 9 16:31:37 linux pluto[21125]: adding interface lo/lo 127.0.0.1 Sep 9 16:31:37 linux pluto[21125]: adding interface lo/lo ::1 Sep 9 16:31:37 linux pluto[21125]: loading secrets from "/etc/ipsec.secrets" Sep 9 16:31:37 linux pluto[21125]: loaded private key file '/etc/ipsec.d/newsuse91.pem' (887 bytes) Sep 9 16:31:37 linux pluto[21125]: "myconn" #1: initiating Main Mode Sep 9 16:31:37 linux ipsec__plutorun: 104 "myconn" #1: STATE_MAIN_I1: initiate Sep 9 16:31:37 linux ipsec__plutorun: ...could not start conn "myconn" Sep 9 16:31:37 linux pluto[21125]: "myconn" #1: ignoring Vendor ID payload [XAUTH] Sep 9 16:31:37 linux pluto[21125]: "myconn" #1: received Vendor ID payload [Dead Peer Detection] Sep 9 16:31:37 linux pluto[21125]: "myconn" #1: ignoring Vendor ID payload [Cisco-Unity] Sep 9 16:31:37 linux pluto[21125]: "myconn" #1: ignoring Vendor ID payload [3341804bef4cc911...] Sep 9 16:31:38 linux pluto[21125]: "myconn" #1: Peer ID is ID_FQDN: '@pixfw2.x.com' Sep 9 16:31:38 linux pluto[21125]: "myconn" #1: issuer crl not found Sep 9 16:31:38 linux pluto[21125]: "myconn" #1: ISAKMP SA established Sep 9 16:31:38 linux pluto[21125]: "myconn" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+UP {using isakmp#1} Sep 9 16:31:38 linux pluto[21125]: "myconn" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN Sep 9 16:31:38 linux pluto[21125]: "myconn" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT Sep 9 16:31:48 linux pluto[21125]: packet from x.x.x.x:500: not enough room in input packet for ISAKMP Message (remain=0, sd->size=28) Sep 9 16:31:48 linux pluto[21125]: packet from x.x.x.x:500: sending notification PAYLOAD_MALFORMED to x.x.x.x:500 And here is my ipsec.conf: version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup forwardcontrol=yes # default settings for connections conn %default ikelifetime=120 keylife=120 rekeymargin=30 #rekeyfuzz=0% keyexchange=ike esp=3des-md5-96 # Add connections here. conn myconn authby=rsasig left=%defaultroute leftcert=/etc/ipsec.d/newsuse91.crt right=1.1.1.1 rightid=@pixfw2.x.com rightsubnet=x.x.0.0/16 rightrsasigkey=%cert rightca=%same pfs=no auto=start # authorizes but doesn't start this # connection at startup # Switch off Opportunistic Encryption -- BEGIN conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore # Needed? conn OEself auto=ignore # Switch off Opportunistic Encryption -- END I receive this NO_PROPOSAL_CHOSEN which I don't receive using suse 9.0. I don't know what's going wrong. Please, give me some advise. Any thoughts would be appreciated too. Dimitris Stamatoulis