> > The "ip neigh {add|del|change|replace} ..." sequence? Yeah. Look in /usr/share/doc/iproute and print off one of the cref (command reference) docs (note the .ps file wants A4 paper)
> > > Problem is that it burns another external IP address. > > Um... not good. Well, yeah. That is the thing with NAT as opposed to Masq but NAT is a lot faster. If you have the addresses to spare, you assign one for the internal IPSec or PPTP or whatever VPN unit and NAT it at the firewall. The thing is that a lot of these protocols use things like GRE that Linux does not like to masquerade. Heck, Linux doesn't like UDP all that much ... try running a CIPE VPN from behind a firewall ... no can do.