Alaa Dalghan wrote: > What I am looking for is the portion of the C code in the kernel where > the Decryption function is called to decrypt a received packet. When I > find this statement, maybe i can make it conditionnal such as: If the > destination is me then Decrypt else DO NOT! I don't think so. You would need to modify the clients as well, so that every client encrypts each connection with a different key, depending on the real destination. As far as I know, you cannot patch Windows XP :-) The gateway overhead you are experiencing right now is the only way to avoid the 30^2 tunnels you mentioned--in Tunnel Mode VPN. Why don't you look into Transport Mode VPN instead? Toby -- «Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.» —Brian W. Kernighan - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
