Thanks Sam, that seems to have solved that problem - Freeswan is now starting and recognising the interfaces.
>>plutoopts="--interface ppp0 --interface ipsec0" (An aside: if you're not planning on doing opportunistic encryption, disable policy groups so that you don't get these messages relating to packetdefault, etc. This is turned on by default in the 2.x series.) http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/policygroups.html#di sable_policygroups I think I've disabled the other policy groups now - it should be a bit simpler to diagnose. Now, I think my pluto is sending stuff over to the far end, but I'm not yet getting a response back. Firewalling - are there any gotchas over and above udp/500, ESP and AH types ??? What about icmp (This firewall can't send it) ?? Gavin
