Hi Stephan, What is the output of “ipsec statusall” on both systems? Best, -Michael > On 30 Apr 2020, at 22:28, Stephan Mending wrote: > > Hello, > > I have a situation. ;) > > It looks like the following: > > > (SRV-01) ----------- (IPFIRE) -------orange------- (SRV-02) > > public-IP 192.168.0.100 > > > SRV-01 is hooked up to the ipfire via a roadwarrior IPsec connection. Establishment of the tunnel works as one would expect it. > > ping from SRV-02 to SRV-01 works fine and passes through the tunnel. So far, so good. > > ping from SRV-01 to SRV-02 does not. > > > Iptables is blocking ? No, I did check that. Nothing. > > IPS ? No, neither. > > > So what's the matter ? When watching the interface using tcpdump I can see ESP packets and afterwards its unencrypted icmp echo request content (both on ppp0). That is the end. > > And the packet has never been seen any after. > > Anyone an idea? > > > (Yes the SRV-02 accepts incoming icmp type 8 and outgoing type 0) > > > Best regards, > > Stephan > >