Yeah, it works. :-) Thank you for your interest in my problem, and your ambition to help me. I've never solved it myself. ;-) > On Friday 2005-September-09 23:45, I wrote: > > Most of the story, but an important part was missing. Apologies to > anyone who is seeing this on both lists. > >> Home machine: LAN address 192.168.6.6/24 (no direct external >> interface) Remote machine: x.y.z.112/29 >> >> Home openvpn config: >> remote x.y.z.112 >> ifconfig x.y.z.116 192.168.6.248 >> ifconfig-nowarn >> >> Remote openvpn config: >> remote my.dynamic.dnsname >> ifconfig 192.168.6.248 x.y.z.116 >> >> Started both ends of the tunnel. At home: >> # echo 64 tunnel >> /etc/iproute2/rt_tables >> # ip rule add from x.y.z.116 table tunnel >> # ip route add default via 192.168.6.248 table tunnel >> # ip route flush cache >> (These should go in an openvpn --up script.) > > Also, at the remote: > # echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp > # echo 1 > /proc/sys/net/ipv4/ip_forward > (These might be wanted in an --up script at the other endpoint.) > > The first command tells the eth0 interface (substitute the name of > yours) to listen for proxy ARP: hosts other than itself, but for whom > it has an explicit route. http://en.wikipedia.org/wiki/Proxy_ARP > explains better than I can. > > Earlier, by accident, I had bound the wrong IP's at each endpoint, so > the system arp(8) cache was still answering for x.y.z.116. In time the > cache timed out, and the tunnel stopped working. > > The second command is not needed if you were already using the machine > as a router, which I was, but it occurred to me that you and others > might not be doing that. > -- > mail to this address is discarded unless "/dev/rob0" > or "not-spam" is in Subject: header > >