One of the test cases showed an issue with binding a received address from the addresspool by an XAUTH client. It turned out it was 192.0.2.0. I would suggest that if an addresspool is defined that includes a.b.c.0/32 that we actually skip that address and not hand it out. And do the same with a.b.c.255/32 Paul