We do have a set of wireless networks tied together at the central office via IPSec. The wireless nets are in separate buildings. All but one are behind Comcast static IPs, the last one has a dynamic IP.
Overall, things work well except for outages at the dynamic IP site. It usually takes a site visit to get that going again.
The IPSec network is built on Debian Squeeze and Lenny and uses self-signed certs for authentication.
Getting the first link operational took forever (same situation: it should work, but...), the rest are essentially clones. Debugging the thing is a PITA, although once you get the hang of the logs, it actually starts making sense...
Does that configuration sound like it may help out?