I'm curious -- if you set the proxy arp entry "correctly", do your tunnels start working? IE: Let a client connect, observe the ARP table and that the proxy arp entry is pointing to eth2 instead of bond0. Then manually remove that ARP entry and add a proxy arp entry for the IP to bond0 manually while the tunnel is still connected... I haven't set up bonding before, but maybe there is some sort of option you can pass to the bonding driver to en/disable proxy arp. I know there are such entries in /proc ... What does /var/log/messages say when a client connects? Should say something about which interface it finds to tack the proxy arp entry to. Just brainstorming.. Ray On Thu, Jan 27, 2005 at 01:29:26PM +0000, John Horne wrote: > On Thu, 2005-01-27 at 09:37 +0000, John Horne wrote: > > > > The problem with the FC3 server is that clients connect to the server > > but have no Internet access. I can see packets trying to be sent out but > > nothing being received. The problem as far as I can see is that the arp > > table entry on the FC3 server is wrong. For the FC2 servers we have: > > > A quick update is that the problem seems to be that the server is not > sending out ARP replies for the vpn connection interfaces it creates. I > can see the network router sending out arp queries for the connection IP > addresses but the vpn server is not replying. Wonder why??