I have a home lan to which a remote vpn host connects to via frees/wan. I cannot know in advance what the IP of the remote host is going to be (it''s dialup) and I want to ensure that it has complete access to the home lan. The only way that I can ensure this is by relaxing the permissions/security settings on the home lan servers (example, squid server has an access control for " allow all"). I have shorewall installed and dropping every incoming connection from the internet except vpn connections: SOURCE DEST POLICY LOG LEVEL LINIT:BURST loc net ACCEPT net all DROP fw net ACCEPT loc fw ACCEPT fw loc ACCEPT fw vpn ACCEPT vpn fw ACCEPT vpn net ACCEPT vpn loc ACCEPT loc vpn ACCEPT all all REJECT info 1. Should I be worried? Or is the home lan secure? 2. Slightly off topic: To allow the roadwarrior to connect to the home lan via vpn, I had to disable the roadwarrior firewall. (it is a windows xp laptop road warrior with norton internet security). Is the road warrior vulnerable when the vpn tunnel is up? Thanks.