Hello everyone, Quick bit of background. I've been using 2 Asus WL-520gU routers with DD-WRT firmware to form a site-to-site layer 2 VPN tunnel between two buildings, each with a symmetrical 30 megabit internet connection. This has worked well for a year or so now, with one exception, the transfer speed over the VPN is quite slow, far far beneath the WAN connection speed. This is almost certainly due to the lack of CPU power available from the little Asus WL-520gU. So, with that in mind, I've purchased 2 Asus RT-N16 routers. Now, I could use DD-WRT to reform the VPN tunnel with that hardware, and will if I must, but DD-WRT is, well..., frankly, slow. Very slow, in fact, and its not just the VPN I'm talking about. Even the Web GUI is slow with DD-WRT, and God have mercy on your poor pathetic soul if you choose to enable QoS on DD-WRT. Which brings me to Tomato. I've been hearing extremely good things about the Tomato firmware and its speed/responsiveness, and it seems to support both OpenVPN tunnels and the RT-N16 hardware. So, the only point of uncertainy for me, is if it supports ebtables [sourceforge]. My VPN layout is as follows. So what I need ebtables for, and what iptables is totally incapable of doing, is preventing DHCP broadcasts from traversing the VPN tunnel. AKA filtering layer 2 traffic. Each router should take care of DHCP requests on its side of the VPN tunnel. Under absolutely no circumstances should a VPN reply pass over the VPN tunnel, because if that happens whatever host gets that DHCP reply is going to start sending all traffic destined for the internet over the VPN to its new default-gateway. Inefficient, to say the very least. So, the one little question that all of this has been leading up to..... 1. Is it possible to configure ebtables on the OpenVPN version of Tomato? Note - If you've read to this point, go to the kitchen and get a nice cookie. You've earned it.