FreeSwan Challenge

Hi,

I am trying to replace a router and VPN box with a linux box having 3
intefaces: Red, Green, and Orange. Since I no longer will have the router,
the Linux/FreeSwan box will have to:

A. Have the Red interface connected to the public network similar to that of
the old router.
B. Perform the VPN operation of the old VPN box, but without making changes
to the "other" side of the VPN link.

This is a challenge, since the Linux/FreeSwan box will need to go out on the
Red interface with IPSEC packets formatted for the Orange interface. That
is, I want the IPSEC packets to be formatted as if they were sent out on the
Orange interface. (This to make the other side of the VPN link happy with
whom it communicates with). Second, these packets need to get an IP header,
and leave on the Red interface. I am uncertain if it is sufficient that the
VPN packet has the right look, or if also the IP header must match. That
is, the IP address of the VPN packets leaving on the Red interface must also
have the source address of the Orange interface.

I have experimented with this and found that I am having trouble having left
set to anything other than the Ip address of the interfaces in ipsec.conf.
Also, IPSEC is not happy when leftnexthop is not on the same net as left...
I have been trying to add a second Ip address to the Orange interface to
resolve the leftnexthop issue, but still no luck.

So, the bottom line is; Can I configure FreeSwan in any way such that it
uses the IP address of the Orange interface for its VPN traffic over the Red
interface?

Any suggestions would be helpful and appreciated.

AJ