> I have a peer up, SA Established, and I can do interactive session things
> like ssh across the vpn, but I can't scp a large file.  My mbuf's fill up
> and thing transfers though I see ESP packets go out.
> 

Summarizing this problem/solution:

Thanks to "John R. Shannon" <john@johnrshannon.com> for prompting me to
check the basics!

I was advertising the route for the remote address across the VPN with zebra
and I had used the loopback, 127.0.0.1 as the next hop.  The MTU for the
next hop was big, 33146, so the ipsec layer wasn't fragmenting down the 1500
so when it was written to the ethernet things went awry.

I changed the next hop to be the upstream router and <poof> everything
worked well.

Peter