Hi all :-) I have a problem with my current configuration of ipsec. I'm using ipsec with kernel 2.6 and racoon. I have two computers linked by wireless cards. The first (192.168.1.1 Zeus) is connected to internet through a DSL modem and the second (192.168.1.2 Memphis) is accessing internet through the first. I want with ipsec to encrypt all datas between the two computers. I can exchange data between the two computers and Memphis can access the internet but when I tried to download a big file, it didn't work although it worked fine on Zeus. I've tried to change the MTU to 1300 but it changed nothing. I have another problem, when I exchanged data between Memphis and internet, the ip header is not protected by AH , I can see the destination adress with tcpdump! Can somebody help me? Thanks in advance! Here is my configuration file for Zeus (it's nearly the same for Memphis) Setkey : #!/user/sbin/setkey -f flush; spdflush; spdadd 192.168.1.2/32 0.0.0.0/0 any -P out ipsec esp/tunnel/192.168.1.2-192.168.1.1/require ah/tunnel/192.168.1.2-192.168.1.1/require; spdadd 0.0.0.0/0 192.168.1.2/32 any -P in ipsec esp/tunnel/192.168.1.1-192.168.1.2/require ah/tunnel/192.168.1.1-192.168.1.2/require; Racoon.conf remote 192.168.1.1 { exchange_mode main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "Memphis.public" "Memphis.private"; peers_certfile "Zeus.public"; proposal{ encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group modp1024; #I don't understand this option } } sainfo anonymous { pfs_group modp1024; #I don't understand this option lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/