> > > > On the OpenVPN installation I set up at work, all OpenVPN tunnels had a= netmask of 255.255.255.252 - a small, two host network, just server and cl= ient. =A0All of the normal, unencrypted interfaces the tun interfaces piggy= backed on had normal, legal netmasks. =A0Not one 255.255.255.255 anywhere. > > > > Cheers, > > > > James OK, Kevin I spent some time Sunday playing with this again. I re-did my OpenVPN setup to mirror yours, with the exception that I didn't= use a default route. =A0Instead, I just mapped a class C over. =A0So I did= a one-server to many-clients setup. Just like you, OpenVPN filled up my routing table with 255.255.255.255 entr= ies. =A0Odd. =A0It weren't that way with the static key setup, where they w= ere 255.255.255.252 routes. =A0 Did some very basic research that I should have done before and I guess tha= t all point to point interfaces use these maps. =A0Something I never though= t about, even though I've seen my share of pptp connections before. =A0The = software handles routing on either end, not the kernel. =A0(I guess learnin= g networking with a cable modem instead of DSL has it's drawbacks.) =46or a time I had a similar problem as you do - the OpenVPN tunnel would c= ome up, but no packets would go over the tunnel. =A0That was because my ser= ver did not have a valid route back to the client. =A0I think this is the s= ame thing you are seeing since when you provide an alternate path (plugging= the cable in), the tunnel suddenly works. So: pf on the server, route tables on the server, or else a firewall on the= client. One other thing to look at - in my configs I use "device tun" and you use "= device tun0". Cheers, James ------------------------------------ The Juneau Linux Users Group -- http://www.juneau-lug.org This is the Juneau-LUG mailing list. To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the word unsubscribe in the subject header.