The net-to-net for an IPCop to IPCop connection is easy. Each side must have a different green IP address and a “bridge”, “pass-through” or “DMZ plus” Internet IP address. It will not work if both sides have a 192.168.1.0 network behind IPCop. You can choose from any of the RFC1918 private addresses. I use 192.168.69.0/24 for my home network, so it won’t collide with any of my clients. First go to one IPCop and follow the instructions in Create CA & Certs, except don’t create the client certificate. You will only need the root CA and host certificate. Each side must have a different host name and email address, although the other information can be the same. On the second IPCop, you would set up the connection to the first one similar the above page, but you would choose “Upload a certificate” radio button instead of “Generate a certificate” and browse to your USB drive or computer for the host certificate of the remote IPCop. Use the email address you put into the “subjectAltName” field on each side for the Local/Remote ID field. and then click “Save”. Yes, you need to create Root CA and host certificates on both boxes before you can add the connection. This means two trips. Once at the first IPCop to generate the root CA and host certificates, copy them to your USB stick, Then go to the second IPCop, create its root CA and host certificates, copy them to your USB stick and upload the first IPCop CA and create the client connection using the first IPCop host certificate. Then go back to the first IPCop to add the second IPCop root CA and create the client connection. Then you would go back to the VPNs->IPsec and if both sides have the connection enabled, it should come up.