Hi Sven, > can nobody help me with this issue? What more is there? You already had a look a the source code and found it's not supported, so... And regarding the first one, there is an in-memory certificate/CRL cache (may be flushed with the `ipsec purge*` commands). Regards, Tobias