Hello there, I have read the last days the Inet about security stuff (VPN-Howto, VPN-Masq-Howto) and got more and more confused. I want share my inet-dialup-connection with my neighbour across the street. He has a Win98SE-PC with a WLan-network-card and here will stay a standard access point. Because Win98, there are some difficults to establish a WPA-Connection. If I test with another client, the Wlan-speed with WPA enabled is awfull slow (as expected from this cheap AP here) But thats not the way we're want to go. We want a solution to keep the kiddys and normal crackers out. (I think a real Hacker doesnt give up if he sees a VPN). So I want to secure this connection with a VPN-connection. But where to start? There are no win98-clients for IPsec out there, but there is an L2TP-client. There are Firewall / Masquerade problems with VPN.... For the right way to split up the secure zones I will set the router like this: !--------------------! clients---Intranet-----!eth1 ROUTER eth0!---DSL/ISP---> via Cat5 Hub ! with FW, ! ! VPN-server ! client-----WLAN-AP-----!eth2 ! with Wlan !--------------------! +VPN-client Is this overkilled (additional Network-Card) or easier to configure? Im afraid, there are much concerns to care about, if I plug the WLAN-AP direct to the Intranet-Hub. What Server/client would you suggest to use for VPN (keep in mind the client-soft have to run on Win98SE)? Have I care about firewall concerns at eth2? As is see, there should only one piece of software listen on this network interface: the VPN-server. Because I decrypt the traffic on my router, have I worry about masqueradeing the traffic to/ from the public Inet? How could I prevent the VPN-Users from any services in the Intranet exept for the forwaring to the public Inet? Could you point me either to a howto or a software path ("Take client XXyyzz from MicroLinux, take server freegoose from SuseSoft and glue them together" or some raw main points to look for? thanks in advantage Andy