east:~# D=/testing/scripts/ipsec.conf-alsoflip-01
east:~# export IPSEC_CONFS="$D/etc-alsoflip"
east:~# ipsec setup start ; i=0 ; while i=`expr $i + 1`; [ $i -lt 20 ] && ! { ipsec auto --status | grep 'prospective erouted' >/dev/null ; } ; do sleep 1 ; done
pluto[PID]: Starting Pluto (Libreswan Version VERSION)
pluto[PID]: Setting port floating to off
pluto[PID]: port floating activate 0/1
pluto[PID]:   including NAT-Traversal patch (Version 0.6c) [disabled]
pluto[PID]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
pluto[PID]: starting up 1 cryptographic helpers
pluto[PID]: Could not change to directory '/testing/scripts/ipsec.conf-alsoflip-01/etc-alsoflip/ipsec.d/cacerts'
pluto[PID]: Changing to directory '/testing/scripts/ipsec.conf-alsoflip-01/etc-alsoflip/ipsec.d/aacerts'
pluto[PID]: Changing to directory '/testing/scripts/ipsec.conf-alsoflip-01/etc-alsoflip/ipsec.d/ocspcerts'
pluto[PID]: Changing to directory '/testing/scripts/ipsec.conf-alsoflip-01/etc-alsoflip/ipsec.d/crls'
pluto[PID]:   Warning: empty directory
pluto[PID]: added connection description "packetdefault"
pluto[PID]: listening for IKE messages
pluto[PID]: adding interface ipsec0/eth1 192.1.2.23:500
pluto[PID]: loading secrets from "/testing/scripts/ipsec.conf-alsoflip-01/etc-alsoflip/ipsec.secrets"
east:~# ipsec auto --add flip-base-net
pluto[PID]: added connection description "flip-base-net"
east:~# ipsec auto --add flip-flip-net-base
pluto[PID]: added connection description "flip-flip-net-base"
east:~# ipsec auto --add noflip-base-base
pluto[PID]: added connection description "noflip-base-base"
east:~# ipsec auto --status
000 interface ipsec0/eth1 192.1.2.23
000 %myid = (none)
000 debug none
000  
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000  
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000  
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 
000  
000 "flip-base-net": 192.1.2.23[@east]...192.1.2.45[@west]===192.0.1.0/24; unrouted; eroute owner: #0
000 "flip-base-net":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "flip-base-net":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "flip-base-net":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,24; interface: eth1; 
000 "flip-base-net":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "flip-flip-net-base": 192.0.2.0/24===192.1.2.23[@east]...192.1.2.45[@west]; unrouted; eroute owner: #0
000 "flip-flip-net-base":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "flip-flip-net-base":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "flip-flip-net-base":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,24; interface: eth1; 
000 "flip-flip-net-base":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "noflip-base-base": 192.1.2.23[@east]...192.1.2.45[@west]; unrouted; eroute owner: #0
000 "noflip-base-base":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "noflip-base-base":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "noflip-base-base":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,32; interface: eth1; 
000 "noflip-base-base":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "packetdefault": 0.0.0.0/0===192.1.2.23[%myid]---192.1.2.254...%opportunistic; prospective erouted; eroute owner: #0
000 "packetdefault":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "packetdefault":   ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "packetdefault":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failurePASS+lKOD+rKOD; prio: 0,0; interface: eth1; 
000 "packetdefault":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000  
000  
east:~# ipsec setup stop
pluto[PID]: shutting down
pluto[PID]: "noflip-base-base": deleting connection
pluto[PID]: "flip-flip-net-base": deleting connection
pluto[PID]: "flip-base-net": deleting connection
pluto[PID]: "packetdefault": deleting connection
pluto[PID]: shutting down interface ipsec0/eth1 192.1.2.23:500
IPSEC EVENT: KLIPS device ipsec0 shut down.
ipsec_setup: Stopping Libreswan IPsec...
ipsec_setup: Unknown HZ value! (9) Assume 100.