Alright, I've got a Debian box configured with 3 IPSEC Tunnel established. I did not configure the IPSEC tunnels myself; there are no virtual interfaces (ipsec0 etc), just eth0 (public net) and eth1 (private net).
There are 4 other servers on the private net, all in a 10.0.0.0/255.0.0.0 subnet. The question boils down to this:
The VPN Debian Box has ipv4_forwarding on, however traffic from the remote net over IPSEC tunnel directed at other boxes on the VPN Debian Box's local net is NOT being forwarded back to the appropriate computers.
(Local Net 10.x.x.x)<--VPN Box <--IPSEC TUNNEL--> Remote VPN Router --> (Remote Network 172.20.x.x)
Packets destined for the remote network from the VPN box arrive just fine; packets destined for the VPN box from the remote network arrive fine; packets to or from the local network dont get routed. The VPN box does communicate directly with the local net.
The routing table on the VPN box shows the 10.0.0.0/255.0.0.0 being router over eth1 with itself as the gateway.
Right now, the iptables default policies are ACCEPT for INPUT, OUTPUT, and FORWARD, with no rules.
How can I get the VPN box to know that traffic over its private net are supposed to be part of the overall VPN?