Ok, I gave it a try...

18:45:10.545802 IP ding.rowi.net > dong.rowi.net: ESP(spi=0x00003d54,seq=0x46), length 88
0x0000: 4500 006c 0007 4000 3832 b251 5558 060b [Email][email protected]..[/Email]
0x0010: 5410 e094 0000 3d54 0000 0046 6688 9675 T.....=T...Ff..u
0x0020: 4004 3205 b8c0 5a09 48c4 cd3a a791 c201 @.2...Z.H..:....
0x0030: 3f3b 63cf bfab abfd 2580 e29b e134 90a2 ?;c.....%....4..
0x0040: 3644 9b08 d5ad 21e6 aebc 570b 1721 1787 6D....!...W..!..
0x0050: 5da3 ].


Hmm, looks like there is something working. Does the modprobe work on 2.6 kernels, too? It just worked so I have one 2.4 and one 2.6 running, without any error message.

Pings to each other reaches the other host (snipplet above) but ping obviously won't be decrypted. Am I right to switch the IP addresses IP1 and IP2 in the scripts for the other host or do I have to start the scripts exactly as it is on one host at the other (without any changes)?
[EDIT: Now I edited the script at ONE server, copied it to the other server and - it seems to work. But now neither tcpdump nor iptraf see packets between these two machines, a good sign?]

What if I need one Server and 100 clients? Is this a strict P2P configuration due to the 2 IP-addresses?

Rolf

P.S.: Ok, maybe IPSec works well, too. Sounds good at this time.