I have a laptop and a LEAF/Bering system with Orinoco Gold wireless cards. That works fine. I''d like to use OpenVPN to secure the wireless portion of my network in place of WEP. I also take my laptop to various locations that provide free wireless access. Although I use predominately secure protocols, I''d still like to prevent people from seeing what I''m doing or where I''m connecting to. As such, I''d like to establish an OpenVPN connection to my LEAF/Bering box back home and use that as my default gateway to the internet. I''m struggling with how best to configure these tunnels. The local WLAN has a Shorewall zone (WLAN), and I currently only allow (mostly) secure protocols outbound (ssh, smtp, http, https, pop3-s, imap-s). The OpenVPN connection isn''t really a seperate zone since its'' end-points are both known to Shorewall (a host in the WLAN zone, and the firewall itself). I''d like to be able to masquerade traffic arriving through the OpenVPN tunnel out to the internet. Ideally I''d like to have a default policy of ACCEPT for this traffic, while simultaneously REJECTing all non-VPN WLAN traffic. I''ll need two seperate OpenVPN instance: one for the local WLAN, and one listening on the router''s public IP address for when I connect from outside. This, too, is confusing me: how can I masquerade incoming traffic from the VPN out via my public IP address? I can''t be guaranteed that the free wireless providers will be using a fixed addressing scheme, so the tunnels file doesn''t seem to quite solve the problem. Can anyone give me some suggestions? Is this a feasible configuration? A few links related to this: http://sourceforge.net/mailarchive/forum.php?thread_id=1836713&forum_id=8453 http://slackerbit.ch/archives/2002/12/11/securing_wifi_with_openvpn.html Thanks! Scott