Dhaval Thakar wrote: >> If you could use a lower CPU intensive crypt like blowfish, it would be easier. >> >> Are all these trading partners in different locations or are there semi large >> groups in the same locations? >> > all these are end users. > they connect software from home / offices. Do they actually need a generic VPN? If they only run a few applications you might be able to use https or similar ssl based connections and avoid the routing/addressing/MTU issues. You can still use certificate based authentication in one or both directions if you want. Also if the application(s) can be made to run over normal https (i.e. a web interface) you get the advantage of working though most existing proxies and firewalls, plus on the host end you have the option of scaling up with a load balancer that handles the ssl processing and reverse-proxies to a pool of backend servers. -- Les Mikesell lesmikesell at gmail.com