On Tue, Sep 08, 2009 at 01:44:23PM +0300, Miika Komu wrote: > does even tunnel mode work? No, that doesn't work either. setkey output is still the same, except for the mode, which is listed as "tunnel", rather than "3" (with BEET mode). Tunnel mode: $ setkey -D 192.168.5.56 192.168.5.1 esp mode=tunnel spi=0(0x00000000) reqid=0(0x00000000) seq=0x00000000 replay=0 flags=0x00000000 state=larval created: Jan 1 04:22:52 1970 current: Jan 1 04:22:57 1970 diff: 5(s) hard: 30(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=1254 refcnt=0 BEET mode: $ setkey -D 192.168.5.56 192.168.5.1 esp mode=3 spi=0(0x00000000) reqid=0(0x00000000) seq=0x00000000 replay=0 flags=0x00000000 state=larval created: Jan 1 04:12:24 1970 current: Jan 1 04:12:32 1970 diff: 8(s) hard: 30(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=1228 refcnt=0 -- Thomas Jansen, "Mithi" --- mithi@xxxxxxxxx GPG 9D5C682B, feel free to sign or encrypt your mail