Thanks.  I think I may have got it almost working now.  The problem I am having now is when the remote side has two subnets.

The remote side has both and subnets.  If I start out by pinging something on the subnet, I can thereafter ping anything on that subnet.  But if I then ping something on the subnet I can thereafter only ping only on that subnet, and not on the subnet anymore (until I bring down the vpn connections and start over).

tcpdump shows the echo reply coming all the way back to me.  I see the ESP and the decrypted ICMP packet.  But then it gets lost in the kernel or something.  Maybe I should try a newer kernel.  I've got 2.6.18.

3 packets transmitted, 0 received, 100% packet loss, time 2009ms