../../guestbin/prep.sh
east #
 ../../guestbin/ip.sh link add dev ipsec1 type xfrm dev eth1 if_id 0x1
east #
 ../../guestbin/ip.sh addr add 198.18.23.23/24 dev ipsec1
east #
 ../../guestbin/ip.sh link set ipsec1 up
east #
 ../../guestbin/ip.sh addr show ipsec1
X: ipsec1@eth1: <NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN
    inet 198.18.23.23/24 scope global ipsec1
       valid_lft forever preferred_lft forever
    inet6 fe80::xxxx/64 scope link stable-privacy proto kernel_ll
       valid_lft forever preferred_lft forever
east #
 ../../guestbin/ip.sh link show ipsec1
X: ipsec1@eth1: <NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN
east #
 ipsec _kernel policy
east #
 ip -4 route add 198.18.45.0/24 dev ipsec1
east #
 ../../guestbin/ip.sh xfrm state add src 192.1.2.45 dst 192.1.2.23 proto esp spi 4523 reqid 4523 if_id 0x1 mode tunnel enc 'cbc(aes)' '45-----Key----23' auth 'hmac(sha1)' '45------Hash------23'
east #
 ../../guestbin/ip.sh xfrm state add src 192.1.2.23 dst 192.1.2.45 proto esp spi 2345 reqid 2345 if_id 0x1 mode tunnel enc 'cbc(aes)' '23-----Key----45' auth 'hmac(sha1)' '23------Hash------45'
east #
 # ignore forward policy
east #
 #../../guestbin/ip.sh xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 if_id 0x1 dir fwd tmpl src 192.1.2.45 dst 192.1.2.23 proto esp reqid 4523 mode tunnel
east #
 ../../guestbin/ip.sh xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 if_id 0x1 dir in  tmpl src 192.1.2.45 dst 192.1.2.23 proto esp reqid 4523 mode tunnel
east #
 ../../guestbin/ip.sh xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 if_id 0x1 dir out tmpl src 192.1.2.23 dst 192.1.2.45 proto esp reqid 2345 mode tunnel
east #
 ipsec _kernel state
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	if_id 0x1
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	if_id 0x1
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
east #
 ipsec _kernel policy
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priority 0 ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
	if_id 0x1
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priority 0 ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
	if_id 0x1
east #
 ../../guestbin/ping-once.sh --up -I 198.18.23.23 198.18.45.45
up
east #
 ipsec _kernel state
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	lastused YYYY-MM-DD HH:MM:SS
	if_id 0x1
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	lastused YYYY-MM-DD HH:MM:SS
	if_id 0x1
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
east #
 ipsec _kernel policy
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priority 0 ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
	if_id 0x1
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priority 0 ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
	if_id 0x1
east #
 #../../guestbin/ip.sh xfrm state flush
east #
 #../../guestbin/ip.sh link delete ipsec1
east #
