Hi, We have a satellite link between an ethernet networks full of windows PCs and the internet. Windows PCs don't have it's TCP stack optimized for a satellite link (i.e. 700ms delay, 3Mbps) so they barely use it (they wait for acks and use a little sliding-window, so the rtt kills the throughput). Our ISP uses something called a PEP,: a tcp proxy that answers all the LAN's tcp connections. This PEP is well optimized, so it can fully use the satellite link and feed the ethernet PCs at full speed. This page: http://www.sonet.at/dsdsl-vpn/dsdsl-vpn.htm explains the problem with more detail. Everything works OK except when we put a VPN to connect this place with another office. The PEP is on the ISP's side, so it sees IPSEC traffic. So I want to make a PEP (or say, a proxy that can transparently proxy any tcp connection) in the inside. From reading I think it can be done: haproxy has tproxy support, so I could tproxy everything to haproxy, and tune the TCP stack of the proxy for the satellite link. But as I have never done it, I thought I may ask: Am I missing something horribly big here? Thanks in advance, -- Diego.