On Thu, 24 Sep 2009, yangfly wrote: > Can I use whack directly to implement X.509 instead using ipsec.conf,For example:whack --name --rasing --cert. And please give me some > examples if it can use whack directly. Yes you can. See "man ipsec_whack" Paul