Hi koos147, The correct solution for this problem is for ROS to implement VTI , or even better XFRM interfaces . But until such time comes what I normally do which does not require double tunneling is to use IPSec in transport mode with an IPIP tunnel, then you can put whatever routing protocol you ...