I have a VPN setup using a Sonicwall and it works great when connecting from a Windows based PC, such as when at work, using their client. The rest of the time, I would really like to be able to use the VPN from Linux.

Using Ubuntu as the base PC and Openswan, I have partial success in that I am able to establish a tunnel, using the various how-to documents that I have been pouring over. The configuration and is pretty standard, but I had to include things like ipv4_forwarding on and disable redirects, etc. The tunnel indicates that it is established on both ends, including the Firewall status on Sonicwall administration screen. Furthermore, ipsec --verify indicates all is well as there are no warnings or errors. The trick here was DH group 5, no PFS, aggressive mode, etc... all as the how to docs show. But ....

The problem that I am facing is that traffic won't route through the tunnel. I am not seeing a virtual adapter, e.g. ipsec0, nor am I seeing any additional entries in the routing table. From the research I have done, I understand that this is typical of the switch to NETKEY from KLIPS, which did establish a tunnel. From what I understand, the routing is done at the netfilter level in the kernel instead of at the virtual interface layer.

In this particular case, I am using a cell phone modem rather than the typical wired ethernet port. This means by default adapter is ppp0. I am looking at several options to get past this point and I was wondering if anyone has any suggestions, ideas, or comments on these approaches or better yet, some information on how they got it working?

I am looking at the following:
1 - this may be the easiest approach (I saw this today and haven't had a chance to try it yet): it looks like in ipsec.conf you can specify interfaces=”ipsec0=eth0” in the config setup or even interfaces=%defaultroute. In this case, the ppp0 device is the default route.
2 - There is another tool that can be used in conjunction, xlt2pd, layer 2 protocol daemon. It seems that a lot of people have used this tool to "ping pong" between Netkey and the PPP device when connecting with phones.
3 - I spent quite a bit of time trying to compile a custom kernel with KLIPS support. I found some additional instructions on it. One critical pieces is that you can't have both Klips and Netkey installed. Ultimately I was able to build the kernel with Netkey removed and run Ubuntu on it. Unfortunately, try as hard as I might, I couldn't get the kernel modules from the openswan to compile and kept running into error after error.
4 - I noticed that the openswan download page has Ubuntu binaries, including what appear to be Ubuntu Images supposedly with KLIPS patched and built in.

Can anyone either shed some light on what I a missing and / or give me a shove in the right direction?