有用过strongswan的吗？？iOS和win 7客户端都测试成功，但是linux上可以连接，却无法访问

服务器端OS:debian 6 64位,安装strongswan 5.0.2, 内网ip(192.168.1.200/24), 外网ip(123.234.123.234)
iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT
配置信息如下
===================================
# /etc/ipsec.conf
config setup
conn ios
keyexchange = ikev1
authby = xauthrsasig
xauth = server
left = %defaultroute
leftsubnet = 0.0.0.0/0
leftfirewall = yes
leftcert = serverCert.pem
right = %any
rightid="C=CN, O=StrongSwan, CN=*"
rightsubnet = 10.0.0.0/24
rightsourceip = 10.0.0.0/24
rightcert = clientCert.pem
auto = add

conn rw
keyexchange=ikev2
left=%defaultroute
leftsubnet=0.0.0.0/0
leftcert=serverCert.pem
leftfirewall=yes
right=%any
rightsourceip=10.0.0.0/24
auto=add

# /etc/ipsec.secrets
: RSA serverKey.pem

# /etc/strongswan.conf
charon {
threads = 16
dns1 = 8.8.8.8
dns2 = 8.8.4.4
}
===================================

客户端OS:debian 6 32位,安装strongswan 5.0.2, 内网ip(192.168.0.2/24), 外网ip(234.123.234.123)
配置信息如下
===================================
# /etc/ipsec.conf
config setup
conn rw
keyexchange=ikev2
left=%defaultroute
leftsourceip=%config
leftcert=clientCert.pem
leftfirewall=yes
right=123.234.123.234
rightsubnet=10.0.0.0/24
rightid="C=CN, O=StrongSwan, CN=client"
auto=add

# /etc/ipsec.secrets
: RSA clientKey.pem
===================================

用 iOS 6.1.2 的原生 cisco ipsec 客户端测试成功(conn ios)，用 windows 7 也测试成功。
在linux上测试，连接上后无法访问远程的局域网，访问外网也是通过本地的网络(234.123.234.123)
# ip route list
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
default via 192.168.0.1 dev eth0
# ip route list table 220
10.0.0.0/24 via 192.168.0.1 dev eth0 proto static src 10.0.0.1

应该是路由表设置问题吧??该如何配置路由表呢??