east:~#
 TZ=GMT export TZ
east:~#
 ipsec spi --clear
east:~#
 ipsec eroute --clear
east:~#
 ipsec klipsdebug --set pfkey
east:~#
 ipsec eroute --add --eraf inet --src 192.0.2.0/24 --dst 192.0.1.0/24 --said %trapsubnet
east:~#
 ipsec tncfg --attach --virtual ipsec0 --physical eth1
east:~#
 ifconfig ipsec0 inet 192.1.2.23 netmask 0xffffff00 broadcast 192.1.2.255 up
east:~#
 arp -s 192.1.2.45 10:00:00:64:64:45
east:~#
 arp -s 192.1.2.254 10:00:00:64:64:45
east:~#
 ipsec look
east NOW
192.0.2.0/24       -> 192.0.1.0/24       => %trapsubnet (0)
ipsec0->eth1 mtu=16260(1500)->1500
ROUTING TABLE
east:~#
 route add -host 192.0.1.1 gw 192.1.2.45 dev ipsec0
east:~#
 mkdir -p /var/run/pluto
east:~#
 ipsec pf_key --daemon /var/run/pluto/pf_key.pid >/tmp/pfkey.txt
east:~#
 echo start now
start now
east:~#
 kill `cat /var/run/pluto/pf_key.pid`
east:~#
 cat /tmp/pfkey.txt; echo ===

pfkey v2 msg. type=7(register) seq=1 len=5 pid=987 errno=0 satype=2(AH)
version=2 type=7 errno=0 satype=2 len=5 seq=1 pid=987 {ext=14 len=3 bytes=0x000000000300a000a00000000200800080000000 } 

pfkey v2 msg. type=7(register) seq=2 len=10 pid=987 errno=0 satype=3(ESP)
version=2 type=7 errno=0 satype=3 len=10 seq=2 pid=987 {ext=14 len=4 bytes=0x0000000009008000800000000300a000a00000000200800080000000 } {ext=15 len=4 bytes=0x000000000340c000c00000000c808000000100000340a800a8000000 } 

pfkey v2 msg. type=7(register) seq=3 len=4 pid=987 errno=0 satype=9(IPIP)
version=2 type=7 errno=0 satype=9 len=4 seq=3 pid=987 {ext=15 len=2 bytes=0x000000000100200020000000 } 

pfkey v2 msg. type=7(register) seq=4 len=4 pid=987 errno=0 satype=10(COMP)
version=2 type=7 errno=0 satype=10 len=4 seq=4 pid=987 {ext=15 len=2 bytes=0x000000000200010001000000 } 

pfkey v2 msg. type=6(acquire) seq=1 len=29 pid=987 errno=0 satype=3(ESP)
version=2 type=6 errno=0 satype=3 len=29 seq=1 pid=987 {ext=5 len=3 proto=0 prefixlen=0 addr=0x02000000c00002010000000000000000 } {ext=6 len=3 proto=0 prefixlen=0 addr=0x02000000c00001010000000000000000 } {ext=13 len=21 bytes=0x400000000203010080008000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e10000000000008051010000000000000000000000000003030100a000a000a800a8000000000000000000000000000000000000000000000000000000000000e1000000000000805101000000000000e100000000000080510100000000000000000000000000 } 
pf_key: Exiting on signal 15
===
east:~#
 ipsec eroute
8          192.0.2.0/24       -> 192.0.1.0/24       => %hold