> 1) All machines in a given subnet have to see the m0n0 in that subnet as
> the route to the "remote subnets". If the m0n0 isn't the default gateway
> for that subnet, then whatever machine *is* the default gateway needs a
> static routing entry to that effect. The rest of the machines *should*
> then be able to pick that up via ICMP redirect.
> 2) Each m0n0 needs to have static routes configured to reach the remote
> subnets via the remote m0n0, except that with IPsec it gets the "route" to
> the *one* remote subnet described by the tunnel "for free".
The routes on the lan's are set up correctly to forward traffic to the
m0n0. I think it is part 2 that is having the problem. I can't add the
route to the remote networks using the remote mono as the gateway as
m0n0 then complains that its not on the local lan with the following
/kernel: arplookup 18.104.22.168 failed: host is not on local network
/kernel: arpresolve: can't allocate llinfo for 22.214.171.124rt
(I've tried adding the external ip address and the internal ip for the
remote m0n0 and still get the same error message). Any more ideas?