This is what happens when Ken is at Patrick's House and wants to IPsec 
to his house:

		209.112.44.2 [Sunrise]
			|
		209.112.44.0/24
			|
			|
		209.112.44.1 [East]
		216.191.1.2
			|
			|
			|
		24.141.1.2 [West]
		192.168.10.1------192.168.10.0/24
		192.168.20.1
			|
			|
		192.168.20.0/24
			|
		192.168.20.200 [Sunset]

There is a tunnel in place between Sunrise and Sunset, but for
the 192.168.10.0/24 <=> 209.112.44.0/24 networks.  West does NAT
of 192.168.0.0/16 to 24.141.1.2

KLIPS and/or iptables trip over each other trying to figure out
in what shape the packets from Sunset should be when heading to 
East to establish a tunnel.