Hi, I've got racoon/ipsec working pretty good here.  I've got ipsec-tools version 0.5.2-1sarge1 and racoon version 0.5.2-1sarge1.  I've been using racoon-tool to create the racoon.conf and bring networks up and down.

After bringing up the network, and then pinging a host on the remote subnet, I get resource temporarily unavailable, and then a few seconds later I can ping it.  That's good.

Then after that, everything works just great from all the computers in my LAN.  They can connect to any computer on the remote subnet without any problems.

However, connecting to the remote subnet from the firewall itself is kind of flaky.  I don't understand it, but whatever computer I ping-ed I can always connect to, but other computers are kind of hit-and-miss.  Some I can connect to; others no.  If I bring down the vpn connection and back up again, then I can ping a different computer and connect to that one for sure.

I tried adding some things to my routing table, and messing with my iptables script, but that didn't change anything :(

I captured packets with tcpdump and analyzed with wireshark and both the ESP and (decrypted) ICMP reply packet show up, so it must be making it all the way back to me; so I can't understand how it could be not working.

Anyone know what's going on?