I think I need to start digging into the quantum code more. I will ask some other folks I work with to see if they are interested in adding that functionality.

I am 99% sure this is has to do with OpenStack not allowing IP spoofing. Is there a way to turn off IP spoofing in Grizzly?

Thanks Aaron Rosen, that solved my question.

Yes I have enabled IP forwarding. I have an OpenVPN tunnel between two vms in two different clouds. Each of those VMs are doing routing for their local subnet they are connected to. I have the appropriate routes in place on all virtual machines. I want to ping from a VM on one cloud to a VM on another cloud. I want to go over the OpenVPN tunnel. I am doing this as you said above by using those OpenVPN vms as the gateway. I see the traffic going over the tunnel. I see the traffic hitting the far side VM. The strange thing is I see the echo reply coming back. But it STOPS at the VM that is the gateway for my VM I'm pinging from. When I run a capture on the actual ethernet interface for that VM that is running OpenVPN, and is doing the routing, I see echo replies.....but they are never routed back to the VM who sent out the echo requests. I ran a capture on the tap interface and am seeing echo replies, but when I run a capture the q interface on ovs I don't see the echo replies..... Normally I was going to say there must be some kind of quantum rule for IP spoofing or something, but that doesn't make any sense because the traffic gets all the way to the far side VM over the tunnel. And when it gets routed at the other side of the tunnel the source address is an address that is different then the IP address assigned to the interface. This probably isn't an OpenStack issue.