Linux 2.6 IPSec Tunnels

[securitylists () speed seas upenn edu]

Hi list,

I'm trying to set up IPSec tunnels between two private (nonrouteable)
networks using the 2.6 kernel's native IPSec and ipsec-tools (which are
a port of the KAME IPSec utilities). I've successfully gotten transport
mode working (using the information at
http://www.ipsec-howto.org/x237.html) but I am unsure on how to do
tunnel mode (and documentation is, as a whole, quite scarce). Following
the directions on that site, I can set up the tunnels between the
gateways allright (apparently, but I cannot test it--traffic between the
gateways themselves is unencrypted). But I don't know what to do on the
gateways to get the proper routing. 

So if I have the following network setup:


[10.0.1.0/24] <--> [gateway1] <---Internet---> [gateway2] <-->
[10.0.2.0/24]

How do I configure gateway1 to route 10.0.2.0/24 through the tunnel, and
vice-versa on gateway2? I assume I need to turn on ip_forwarding, but
there must be some route configuration I need to perform as well, I
assume?

Can anyone direct me on what to do or where to find better documentation
on this? 

Thanks, 
Dan

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------