After looking for possible reasons (iptables, tc etc.), I found that the usage count reported by the kernel corresponds exactly to the permanent arp entries:
frank ~# ip neigh ls dev vpn0 10.0.0.22 lladdr fe:fd:80:00:00:07 nud permanent 10.9.0.33 lladdr fe:fd:80:00:00:12 nud permanent 10.0.0.24 lladdr fe:fd:80:00:00:09 nud permanent 10.0.0.5 lladdr fe:fd:80:00:00:02 nud permanent 10.9.0.37 lladdr fe:fd:80:00:00:16 nud permanent 10.9.0.35 lladdr fe:fd:80:00:00:14 nud permanent 10.0.0.23 lladdr fe:fd:80:00:00:08 nud permanent 10.9.0.30 lladdr fe:fd:80:00:00:0f nud permanent 10.9.0.32 lladdr fe:fd:80:00:00:11 nud permanent 10.9.0.34 lladdr fe:fd:80:00:00:13 nud permanent 10.0.0.29 lladdr fe:fd:80:00:00:0e nud permanent 10.0.0.27 lladdr fe:fd:80:00:00:0c nud permanent 10.0.0.19 lladdr fe:fd:80:00:00:05 nud permanent 10.9.0.36 lladdr fe:fd:80:00:00:15 nud permanent 10.0.0.28 lladdr fe:fd:80:00:00:0d nud permanent 10.0.0.26 lladdr fe:fd:80:00:00:0b nud permanent 10.9.0.31 lladdr fe:fd:80:00:00:10 nud permanent 10.0.0.25 lladdr fe:fd:80:00:00:0a nud permanent 10.9.0.38 lladdr fe:fd:80:00:00:17 nud permanent 10.9.0.39 lladdr fe:fd:80:00:00:18 nud permanent 10.0.0.21 lladdr fe:fd:80:00:00:06 nud permanent 10.0.0.17 lladdr fe:fd:80:00:00:03 nud permanent 10.0.0.20 lladdr fe:fd:80:00:00:01 nud permanent 10.0.0.5 lladdr fe:fd:80:00:00:02 nud reachable Indeed, if there are less, the usage count is less, and if I remove all permanent arp entries then I have no problem with restarting the gvpe daemon. Why this happens in the debian config but not in mine is interesting, but this is likely an upstream bug with respect to (rarely used) static arp entries. -- The choice of a -----==- _GNU_ ----==-- _ generation Marc Lehmann ---==---(_)__ __ ____ __ [EMAIL PROTECTED] --==---/ / _ \/ // /\ \/ / http://schmorp.de/ -=====/_/_//_/\_,_/ /_/\_\ XX11-RIPE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]