Hello! > What he's trying to accomplish doesn't sound all that weird,
Absolutely sane. > does anyone have any other ideas? The question is where is this host really? If it is far far away and connected only via IPsec tunnel with destionation of tunnel different of host address ip ro add THEHOST dev dummy0 should be enough. It asserts that THEHOST is not on eth0. IPsec policy will figure out correct route, unless something is broken. If tunnel endpoint is THEHOST, then it is necessary to make a prescription how to reach it bypassing IPsec. This can be made with a rule telling that THEHOST is reachable from router and only from router: ip ru add from OUR_TUNNEL_ENDPOINT to THEHOST table XXX ip ro add THEHOST via THAT_ROUTE_WHICH_IS_SUPPOSED_TO_KNOW table XXX Alexey - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html