Hi Kenneth > How can I know the IPsec connection status to avoid pure L2TP connection? One way to ensure plain L2TP connections are refused is to use iptables like this: iptables -A INPUT -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT iptables -A INPUT -p udp --dport 1701 -j REJECT HTH, Simon