Dear all: Due to the extremely bad competition between ISPs in my country (bad competition means competition that doesn't leads to better quality but leads to division of the Internet) it's very hard for me to figure out a way that solves my connectivity problems. As demonstrated in the attached graph (made with dia), we have one server on the internet, and 3 offices, office A, office B and office C. Each office must use different ISP because of the location of the office (each city is occupied by a different ISP). Here is the connection quality. ======= Table: connection quality ======= [office A] <-almost impossible to connect-> [office C] [office B] <-almost impossible to connect-> [office C] [office B] <- very fast and realiable -> [office A] [office B] <- very fast and realiable -> [internet server "bossdog"] [office C] <- very fast and realiable -> [internet server "bossdog"] [office A] <-almost impossible to connect-> [internet server "bossdog"] Note: All the "almost impossible to connect" means the ISP of the two sides compete by (almost) blocking each other using bandwidth limit, a problem existed in my country for years. The goal is fast and reliable inter-communication within the company. First idea I have is to install VPN service the best-connected hosts. The two best connected hosts are the host in office B ("renaissance") and "bossdog", see connection quality table. The connection quality from every office to the Internet server "bossdog" is the top priority, thus I have only one choice: to install VPN on office B ("renaissance") and let office A dial to office B so that it gets fast access to Internet server "bossdog". The problem remaining is office C cannot access to hosts and servers in office A, but let's just face this impossibility and accept it. Before I begin I post my plan on the mailing list as past experience suggested me that my humble ideas often have faults and there are often very good ideas coming from kindly help on the list. I'd like to hear some suggestions. Thank you very much for your comment and I really appreciate. Another question is, if I install VPN on "renaissance" and let office A dial to this VPN server, I can 1) install VPN client on every workstation in office A and ask everyone to dial or 2) install NAT firewall on the router "hatch.realss.com" and let hatch.realss.com dial to renaissance.realss.com, and masqueraded all workstation connections. (maybe there are other possibilities, but I only know this two methods.) Which one of 1) and 2) would be better for my case? -- 锐业软服(国内业务) http://www.realss.cn Real SoftService http://www.realss.com 销售咨询(Sales Department): 0086 592 20 99987 (Chinese, German, English) 国际业务(International Sales): 0086 10 8460 6011 (German and English) 联系:厦门大学科技园,嘉庚二号楼6楼 邮政:厦门大学2312号信箱(邮编361005)