>> But now there's another problem, one which is obvious in retrospect.
>> [...traffic coming from internal address...]
> Maybe I do not understand what you are trying to accomplish, but here
> are three suggestions/questions:

> 1 Is there any reason you do not, say, bridge sip0 and rtk0 to a VLAN
>   on the 192.168.1 segment---the VLAN being optional?

That is exactly what I'm working to set up: install openvpn and use it
to bridge 10.10.10.0/23 onto the piece that I've shown as being
10.10.10.72/29.  That's whence my questions over on tech-kern about tap
drivers - the desire is to get Ethernet-level bridging (I'd just run
openvpn in tun mode if all I cared about were IP).

The network questions I have here derive from my attempting to set up
an infrastructure that allows me direct access to all three of the
involved machines while I'm trying to bludgeon the final setup into
shape.  As a practical matter, if this aspect of it ends up taking much
more time, I will simply ignore the routing issues and copy things
point-to-point over the network cabling with commands issued from the
consoles instead of through ssh logins - but when I run into a problem
like this, something which it seems to me should be doable, I tend to
ask about it even if I have a workaround that sidesteps it for my
particular ultimate need.

> 2 Set static routes or run routed(8)?  (ISTR you already explained
>   why this would not work.)

I don't think there is any routing protocol being run on 10.10.10.0/23,
certainly none that everyone listens to.  And some of the machines that
B (and C, which I didn't show in my latest diagram) want to talk to are
not sufficiently under my control for me to go casually installing
static routes or starting routing daemons on.  That's whence the proxy
arp attempts.

> 3 Try 'route add -net 10.10.10/23 192.168.1.1 -ifa 10.10.10.74' ?
>   (I do not remember if the -ifa argument is limited to an address on
>   the nexthop interface or not.)

-ifa?  That's an interesting idea; I hadn't thought of that - this
isn't the kind of thing I think of -ifa as being for.  I'll try it next
time I'm there and see if it helps (the machines are turned off when
I'm not at work working on them).  Thank you - suggestions like that
are the sort of thing I was hoping someone would have.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B