Hi, In Linux FreeS/WAN project, they implement the ESP/AH tunnel mode like this: 1. to encapsulate the orginal IP packet in IP-in-IP mode; 2. to apply ESP/AH transport on the encapsulated IP packet. that is: ESP/AH tunnel mode= ESP/AH transport mode(IP in IP tunnel mode) Is this right? Thanks, Chen L.