Hi Thomas, > root@strongswan:/home/rudt/projects/vpn-server# swanctl -i --ike conn1
With this you initiate a childless IKE_SA. Without IPsec/CHILD_SA you obviously won't be able to tunnel any traffic. Try with `--child child1` (or use `start_action=trap` in that child config to trigger the creation of the SA based on traffic). Regards, Tobias