On Friday 2005-September-09 23:45, I wrote: Most of the story, but an important part was missing. Apologies to anyone who is seeing this on both lists. > Home machine: LAN address 192.168.6.6/24 (no direct external > interface) Remote machine: x.y.z.112/29 > > Home openvpn config: > remote x.y.z.112 > ifconfig x.y.z.116 192.168.6.248 > ifconfig-nowarn > > Remote openvpn config: > remote my.dynamic.dnsname > ifconfig 192.168.6.248 x.y.z.116 > > Started both ends of the tunnel. At home: > # echo 64 tunnel >> /etc/iproute2/rt_tables > # ip rule add from x.y.z.116 table tunnel > # ip route add default via 192.168.6.248 table tunnel > # ip route flush cache > (These should go in an openvpn --up script.) Also, at the remote: # echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp # echo 1 > /proc/sys/net/ipv4/ip_forward (These might be wanted in an --up script at the other endpoint.) The first command tells the eth0 interface (substitute the name of yours) to listen for proxy ARP: hosts other than itself, but for whom it has an explicit route. http://en.wikipedia.org/wiki/Proxy_ARP explains better than I can. Earlier, by accident, I had bound the wrong IP's at each endpoint, so the system arp(8) cache was still answering for x.y.z.116. In time the cache timed out, and the tunnel stopped working. The second command is not needed if you were already using the machine as a router, which I was, but it occurred to me that you and others might not be doing that. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
