diff --git a/pkg/config/bridge.go b/pkg/config/bridge.go
index 27645c8..d9345ab 100755
--- a/pkg/config/bridge.go
+++ b/pkg/config/bridge.go
@@ -2,7 +2,7 @@ package config
 
 type Bridge struct {
 	Network  string `json:"-" yaml:"-"`
-	Peer     string `json:"peer,omitempty" yaml:"peer,omitempty"`
+	Share    string `json:"share,omitempty" yaml:"share,omitempty"`
 	Name     string `json:"name,omitempty" yaml:"name,omitempty"`
 	IPMtu    int    `json:"mtu,omitempty" yaml:"mtu,omitempty"`
 	Address  string `json:"address,omitempty" yaml:"address,omitempty"`
diff --git a/pkg/switch/network_linux.go b/pkg/switch/network_linux.go
index 29925d8..2b8dc21 100755
--- a/pkg/switch/network_linux.go
+++ b/pkg/switch/network_linux.go
@@ -74,21 +74,6 @@ func (w *WorkerImpl) Provider() string {
 	return w.cfg.Provider
 }
 
-func (w *WorkerImpl) newRoute(rt *co.PrefixRoute) *models.Route {
-	if rt.NextHop == "" {
-		w.out.Warn("WorkerImpl.NewRoute: %s noNextHop", rt.Prefix)
-		return nil
-	}
-	rte := models.NewRoute(rt.Prefix, w.IfAddr())
-	if rt.Metric > 0 {
-		rte.Metric = rt.Metric
-	}
-	if rt.NextHop != "" {
-		rte.Origin = rt.NextHop
-	}
-	return rte
-}
-
 func (w *WorkerImpl) Initialize() {
 	cfg := w.cfg
 
@@ -119,12 +104,8 @@ func (w *WorkerImpl) Initialize() {
 	w.fire = cn.NewFireWallTable(cfg.Name)
 	w.snat = cn.NewFireWallChain("XTT_"+cfg.Name+"_SNAT", cn.TNat, "")
 
-	if out, err := w.setV.Clear(); err != nil {
-		w.out.Error("WorkerImpl.Initialize: create ipset: %s %s", out, err)
-	}
-	if out, err := w.setR.Clear(); err != nil {
-		w.out.Error("WorkerImpl.Initialize: create ipset: %s %s", out, err)
-	}
+	w.setV.Clear()
+	w.setR.Clear()
 
 	w.ztrust = NewZTrust(cfg.Name, 30)
 	w.ztrust.Initialize()
@@ -946,6 +927,7 @@ func (w *WorkerImpl) forwardSubnet() {
 		input = w.br.L3Name()
 		w.forwardZone(input)
 	}
+	share := cfg.Bridge.Share
 
 	ifAddr := strings.SplitN(cfg.Bridge.Address, "/", 2)[0]
 	if ifAddr == "" {
@@ -954,6 +936,9 @@ func (w *WorkerImpl) forwardSubnet() {
 
 	// Enable MASQUERADE, and FORWARD it.
 	w.toRelated(input, "Accept related")
+	if share != "" {
+		w.toRelated(share, "Accept related")
+	}
 	for _, rt := range cfg.Routes {
 		if !w.addIpSet(rt) {
 			break
@@ -963,12 +948,18 @@ func (w *WorkerImpl) forwardSubnet() {
 	if w.vrf != nil {
 		w.toForward_i(w.vrf.Name(), w.setR.Name, "To route")
 	} else {
+		if share != "" {
+			w.toForward_i(share, w.setR.Name, "To route")
+		}
 		w.toForward_i(input, w.setR.Name, "To route")
 	}
 
 	if vpn != nil {
 		w.toMasq_s(w.setR.Name, vpn.Subnet, "To VPN")
 	}
+	if share != "" {
+		w.toMasq_i(share, w.setR.Name, "To Masq")
+	}
 	w.toMasq_i(input, w.setR.Name, "To Masq")
 }
 
diff --git a/pkg/switch/openlan_linux.go b/pkg/switch/openlan_linux.go
index 8fab1bf..54c9145 100755
--- a/pkg/switch/openlan_linux.go
+++ b/pkg/switch/openlan_linux.go
@@ -6,9 +6,7 @@ import (
 	"github.com/luscis/openlan/pkg/api"
 	"github.com/luscis/openlan/pkg/cache"
 	co "github.com/luscis/openlan/pkg/config"
-	"github.com/luscis/openlan/pkg/libol"
 	cn "github.com/luscis/openlan/pkg/network"
-	nl "github.com/vishvananda/netlink"
 )
 
 func PeerName(name, prefix string) (string, string) {
@@ -83,49 +81,11 @@ func (w *OpenLANWorker) UpBridge(cfg *co.Bridge) {
 	if err := master.Delay(cfg.Delay); err != nil {
 		w.out.Warn("OpenLANWorker.UpBridge: Delay %s", err)
 	}
-	w.connectPeer(cfg)
 	if err := master.CallIptables(0); err != nil {
 		w.out.Warn("OpenLANWorker.Start: CallIptables %s", err)
 	}
 }
 
-func (w *OpenLANWorker) connectPeer(cfg *co.Bridge) {
-	if cfg.Peer == "" {
-		return
-	}
-	in, ex := PeerName(cfg.Network, "-e")
-	link := &nl.Veth{
-		LinkAttrs: nl.LinkAttrs{Name: in},
-		PeerName:  ex,
-	}
-	br := cn.NewBrCtl(cfg.Peer, cfg.IPMtu)
-	promise := &libol.Promise{
-		First:  time.Second * 2,
-		MaxInt: time.Minute,
-		MinInt: time.Second * 10,
-	}
-	promise.Go(func() error {
-		if !br.Has() {
-			w.out.Warn("%s notFound", br.Name)
-			return libol.NewErr("%s notFound", br.Name)
-		}
-		err := nl.LinkAdd(link)
-		if err != nil {
-			w.out.Error("OpenLANWorker.connectPeer: %s", err)
-			return nil
-		}
-		br0 := cn.NewBrCtl(cfg.Name, cfg.IPMtu)
-		if err := br0.AddPort(in); err != nil {
-			w.out.Error("OpenLANWorker.connectPeer: %s", err)
-		}
-		br1 := cn.NewBrCtl(cfg.Peer, cfg.IPMtu)
-		if err := br1.AddPort(ex); err != nil {
-			w.out.Error("OpenLANWorker.connectPeer: %s", err)
-		}
-		return nil
-	})
-}
-
 func (w *OpenLANWorker) Start(v api.Switcher) {
 	w.uuid = v.UUID()
 	w.startTime = time.Now().Unix()
@@ -138,33 +98,16 @@ func (w *OpenLANWorker) Start(v api.Switcher) {
 	w.WorkerImpl.Start(v)
 }
 
-func (w *OpenLANWorker) downBridge(cfg *co.Bridge) {
-	w.closePeer(cfg)
+func (w *OpenLANWorker) downBridge() {
 	_ = w.br.Close()
 }
 
-func (w *OpenLANWorker) closePeer(cfg *co.Bridge) {
-	if cfg.Peer == "" {
-		return
-	}
-	in, ex := PeerName(cfg.Network, "-e")
-	link := &nl.Veth{
-		LinkAttrs: nl.LinkAttrs{Name: in},
-		PeerName:  ex,
-	}
-	err := nl.LinkDel(link)
-	if err != nil {
-		w.out.Error("OpenLANWorker.closePeer: %s", err)
-		return
-	}
-}
-
 func (w *OpenLANWorker) Stop() {
 	w.out.Info("OpenLANWorker.Close")
 	w.WorkerImpl.Stop()
 	w.UnLoadLinks()
 	w.startTime = 0
-	w.downBridge(w.cfg.Bridge)
+	w.downBridge()
 }
 
 func (w *OpenLANWorker) UpTime() int64 {