Hi Tiago, > Hmmm, probably the Win7 clients don't like re-authentication proposed > by the strongSwan gateway. Also check that you use modp1024 as your first DH group, and let the client initiate rekeying if it is behind NAT. See [1]. Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/Windows7#Rekeying-behavior