> The VPN solutions I have used (e.g. Bay Networks, MS PPTP) send *every*
packet from the end user machine to the VPN end-point, not just selected
packets (like with SSH tunneling).
If you want a commercial solution that does selective tunnelling - the
FW-1 addin (VPN-1) exports a "topography" file to the client at setup; this
really consists of a list of subnets that the VPN will handle, and is set at
the server side. anything not on the topography list goes out via the dialup
adaptor or network card as normal.