west:~#
 TZ=GMT export TZ
west:~#
 ipsec spi --clear
west:~#
 ipsec eroute --clear
west:~#
 ipsec klipsdebug --set pfkey
west:~#
 ipsec eroute --add --eraf inet --src 192.0.1.0/24 --dst 192.0.2.0/24 --said %trap
west:~#
 ipsec tncfg --attach --virtual ipsec0 --physical eth1
west:~#
 ifconfig ipsec0 inet 192.1.2.45 netmask 0xffffff00 broadcast 192.1.2.255 up
west:~#
 arp -s 192.1.2.23 10:00:00:64:64:45
west:~#
 arp -s 192.1.2.254 10:00:00:64:64:45
west:~#
 ipsec look
west NOW
192.0.1.0/24       -> 192.0.2.0/24       => %trap (0)
ipsec0->eth1 mtu=16260(1500)->1500
ROUTING TABLE
west:~#
 route add -host 192.0.2.1 gw 192.1.2.23 dev ipsec0
west:~#
 mkdir -p /var/run/pluto
west:~#
 ipsec pf_key --daemon /var/run/pluto/pf_key.pid >/tmp/pfkey.txt
west:~#
 echo start now
start now
west:~#
 kill `cat /var/run/pluto/pf_key.pid`
west:~#
 cat /tmp/pfkey.txt; echo ===

pfkey v2 msg. type=7(register) seq=1 len=5 pid=987 errno=0 satype=2(AH)
version=2 type=7 errno=0 satype=2 len=5 seq=1 pid=987 {ext=14 len=3 bytes=0x000000000300a000a00000000200800080000000 } 

pfkey v2 msg. type=7(register) seq=2 len=10 pid=987 errno=0 satype=3(ESP)
version=2 type=7 errno=0 satype=3 len=10 seq=2 pid=987 {ext=14 len=4 bytes=0x0000000009008000800000000300a000a00000000200800080000000 } {ext=15 len=4 bytes=0x000000000340c000c00000000c808000000100000340a800a8000000 } 

pfkey v2 msg. type=7(register) seq=3 len=4 pid=987 errno=0 satype=9(IPIP)
version=2 type=7 errno=0 satype=9 len=4 seq=3 pid=987 {ext=15 len=2 bytes=0x000000000100200020000000 } 

pfkey v2 msg. type=7(register) seq=4 len=4 pid=987 errno=0 satype=10(COMP)
version=2 type=7 errno=0 satype=10 len=4 seq=4 pid=987 {ext=15 len=2 bytes=0x000000000200010001000000 } 
pf_key: Exiting on signal 15
===
west:~#
 ipsec eroute
0          192.0.1.0/24       -> 192.0.2.0/24       => %trap