[OpenAFS] vlserver sync failure... VPN a problem?

[Matt]

OK, so I (theoretically) solved my previous issue with
OpenAFS behind NAT (more on that later), but now I
can't seem to get my basic setup to work.  Either I'm
missing something, or AFS is mixing badly with
FreeS/WAN.

Details:
I have a VPN set up at three (geographically distant)
sites, using Linux FreeS/WAN-based IPSec.  The three
site's private networks have addresses in the ranges
10.0.0.x, 10.0.1.x, and 10.0.2.x.  At each site, I'm
trying to set up an AFS server (OpenAFS-1.2.3), with
address 10.0.y.2 (where y={0,1,2}).  Everything goes
fine until I try to add the second server, at which
point Ubik fails to be able to synchronize the
vlservers.
Output of 'udebug <system control machine> vlserver':

Host's addresses are: 10.0.0.2
Host's 10.0.0.2 time is Thu May 23 01:40:23 2002
Local time is Thu May 23 01:40:24 2002 (time
differential 1 secs)
Last yes vote for 10.0.0.2 was 0 secs ago (sync site);
Last vote started 0 secs ago (at Thu May 23 01:40:24
2002)
Local db version is 1022117202.3
I am sync site until 60 secs from now (at Thu May 23
01:41:24 2002) (2 servers)
Recovery state f
Sync site's db version is 1022117202.3
0 locked pages, 0 of them for write
Last time a new db version was labelled was:
         821 secs ago (at Thu May 23 01:26:43 2002)

Server (10.0.1.2): (db 0.0)
    last vote rcvd 0 secs ago (at Thu May 23 01:40:24
2002),
    last beacon sent 0 secs ago (at Thu May 23
01:40:24 2002), last vote was yes
    dbcurrent=0, up=1 beaconSince=1

I don't think it's the VPN's fault, as the above
suggests that packets are clearly being exchanged on
port 7003 (and I've verified that with tcpdump), but
I've tried everything I can think of (including
running the vlservers with -nojumbo).

I've been beating my head against this for quite a
while now, so any thoughts or help would be greatly
appreciated.

Thanks,
Matt

__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com