It seems to me this is written exactly backwards.  :)

Suppose I want to set up a VNPish thing that has a remote network of
192.168.42/24.  It appears I have to do this:

	ifconfig ipip0 local-real remote-real netmask 0xffffffff up
	route add 192.168.42.0 remote-real netmask 0xffffff00

This does two things:

	(1) makes it so I cannot ping the remote-real address any
            longer.  Try it, it complains about "message too long"

	(2) to be part of the VNP itself, I need to add an ifconfig
	    alias for the local host.  If I do this on the ipip0
	    interface itself, netstat -rn shows Bad Stuff.

	(3) It seems to be very confusing, and basically a hack.


It seems that it should work more like this:

	ifconfig ipip0 local-vpn remote-vpn netmask 0xffffff00
	ipipcfg ipip0 local-real remote-real

That allows ipf to filter based on interface as well as address, if
you are trying to do what I am trying to do, which is have multiple
VPNs go to the same remote-real address.

The problem is, the ipip protocol doesn't include any sort of
identifcation other than the tunnel endpoints of the encapsulated
addresses.  This makes selecting which ipipN interface problematic...

Or am I just totally confused about this whole thing, and it's not as
hard as it appears to be?

The real problem seems to be that I want to specify a source address
to use for a route...  And not hack the routing table like is done
now...

--Michael