In order to let packets go through the VPN, the default sysctl.conf parameter net.ipv4.conf.default.rp_filter must be set to 0. It you prefer manage it by hand and feel not confident about potential security issues, please modify the /etc/init.d/iked init script and set net.ipv4.conf.default.rp_filter=1 (or just remove the line). In order to make it work, just type 'sysctl net.ipv4.conf.default.rp_filter=0' as root each time you establish you tunnel. As this command is not very user-friendly and need root access, this has been implemented in the default script.