In order for vpnc to actually get any received IPsec packet, you have
to disable ESP in your kernel like this:

    sysctl net.inet.esp.enable=0

If you are behind a NAT gateway, you have to disable UDP encapsulation
as well:

    sysctl net.inet.esp.udpencap=0
