Routing Racoon
I had the hardest time convincing things to route properly from my home network to my work network, over the VPN (racoon<->netscreen25).
Here's what my routing table used to look like:
166.70.37.148/30 dev eth1 proto kernel scope link src 166.70.37.150
172.17.0.0/24 dev eth0 proto kernel scope link src 172.17.0.3
default via 166.70.37.149 dev eth1
default via 172.17.0.3 dev eth0 scope link
So even though ping 172.16.59.143 would go over the VPN, it would have a
source of 166.70.37.150. This was unacceptable, and was messing things up
although it kind of half-worked. The following fixed it:
# ip route add 172.16.0.0/12 via 166.70.37.149 dev eth1 src 172.17.0.3
# ip route get 172.16.59.143
172.16.59.143 via 166.70.37.149 dev eth1 src 172.17.0.3
cache mtu 1500 advmss 1460 metric10 64