Hi people. At the company we have our FW with gentoo and shorewall, we handle 2 locations with this fw+shorewall+squid. Our locations are LOC-A 192.168.1.0/24 and LOC-B 192.168.2.0/24, there are connected over a private link(PL-T1), each site with his own router. This is simply, in LOC-A we have the ISP, mail server, proxy, users from LOC-B must cross the PL link to read emails and access the Internet, right now the link is heavy during some hours of the day, most of the traffic is the email data, next the www browsing, next ERP. We would like to help the p2p link, we have a DSL at LOC-B that we will like to use and pass some traffic over this link like a load-balance stuff. I use pfsense to connect from home to the company using openvpn, the server is the same fw of the company, I push both company networks (LOC-A && LOC-B) over the VPN and I can reach each network without any issue. I want to make other VPN from LOC-B to LOC-A using the DSL, how can shorewall help me with this, I mean can I use the VPN from LOC-B to LOC-A and pass some data over that link? I ask this because, normally went u setup a VPN, both networks must have different range, in this case at home I use 192.168.50.0/24 and no issue, but in this case I have the VPN inside the company network(LOC-B), went the clients need to reach the email server, they use the GW IP(Router) and clients of LOC-B have the same behaviour, is possible to avoid this with shorewall? Last thing, like u see, shorewall doesn''t have the DSL connection, he just knows the tun0 interface, suppose that we can pass some data over the tun0 interface, how he would know went to pass data over the tunnel to LOC-B and not to my home tunnel? I will have more that one GW at each location, LOC-B will have the router as gw and the VPN tunnel and LOC-B is like a mirror. I still want to understand if this is possible...? Hope to be clear, I attach the image of what I would like to create and help my network, thanks for your time!!! ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference