I have the same setup at home and i didn't dig to deep in ipsec things but implemented it in the following way: - created gif tunnel. - in "ike esp transport proto ipencap" rule i specified exact IPs (physical address of gif tunnel). - set default route to tunnel's peer. I believe it's possible to make it using just IPSEC, but have no time to play with it :(
-- Alexey Vatchenko http://www.bsdua.org
