west:~# TZ=GMT export TZ west:~# ipsec spi --clear west:~# ipsec eroute --clear west:~# enckey=0x4043434545464649494a4a4c4c4f4f515152525454575758 west:~# ipsec klipsdebug --set rcv west:~# ipsec spi --af inet --edst 192.1.2.45 --spi 0x12345678 --proto esp --src 192.1.2.23 --esp 3des-md5-96 --enckey $enckey --authkey 0x87658765876587658765876587658765 --natt nonesp --sport 4500 --dport 4500 west:~# ipsec spi --af inet --edst 192.1.2.45 --spi 0x12345678 --proto tun --src 192.1.2.23 --dst 192.1.2.45 --ip4 west:~# ipsec spigrp inet 192.1.2.45 0x12345678 tun inet 192.1.2.45 0x12345678 esp west:~# ipsec tncfg --attach --virtual ipsec0 --physical eth1 west:~# ifconfig ipsec0 inet 192.1.2.45 netmask 0xffffff00 broadcast 192.1.2.255 up west:~# ipsec look west NOW ipsec0->eth1 mtu=16260(1500)->1500 esp0x12345678@192.1.2.45 ESP_3DES_HMAC_MD5: dir=in src=192.1.2.23 iv_bits=64bits iv=0xDEADF00DDEADF00D alen=128 aklen=128 eklen=192 life(c,s,h)= natencap=nonesp natsport=4500 natdport=4500 refcount=4 ref=3 tun0x12345678@192.1.2.45 IPIP: dir=in src=192.1.2.23 life(c,s,h)= natencap=none natsport=0 natdport=0 refcount=4 ref=4 ROUTING TABLE west:~# route add -host 192.0.2.1 gw 192.1.2.23 dev ipsec0 west:~# /usr/obj/programs/ikeping/ikeping --ikeport 4500 --listen --natt& [1] 9999 west:~# tcpdump -t -x -X -e -i ipsec0 -n -c 4 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ipsec0, link-type EN10MB (Ethernet), capture size 96 bytes 10:00:00:64:64:23 > 10:00:00:64:64:45, ethertype IPv4 (0x0800), length 98: IP 192.0.2.1 > 192.0.1.1: icmp 64: echo request seq 1280 0x0000: 1000 0064 6445 1000 0064 6423 0800 4500 ...ddE...dd#..E. 0x0010: 0054 0000 4000 3f01 b8a6 c000 0201 c000 .T..@.?......... 0x0020: 0101 0800 baf0 6f00 0500 239b c73b f234 ......o...#..;.4 0x0030: 0100 0809 0a0b 0c0d 0e0f 1011 1213 1415 ................ 0x0040: 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 ...........!"#$% 0x0050: 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 &'()*+,-./012345 10:00:00:64:64:23 > 10:00:00:64:64:45, ethertype IPv4 (0x0800), length 98: IP 192.0.2.1 > 192.0.1.1: icmp 64: echo request seq 1536 0x0000: 1000 0064 6445 1000 0064 6423 0800 4500 ...ddE...dd#..E. 0x0010: 0054 0000 4000 3f01 b8a6 c000 0201 c000 .T..@.?......... 0x0020: 0101 0800 72f0 6f00 0600 289b c73b 3435 ....r.o...(..;45 0x0030: 0100 0809 0a0b 0c0d 0e0f 1011 1213 1415 ................ 0x0040: 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 ...........!"#$% 0x0050: 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 &'()*+,-./012345 10:00:00:64:64:23 > 10:00:00:64:64:45, ethertype IPv4 (0x0800), length 98: IP 192.0.2.1 > 192.0.1.1: icmp 64: echo request seq 1792 0x0000: 1000 0064 6445 1000 0064 6423 0800 4500 ...ddE...dd#..E. 0x0010: 0054 0000 4000 3f01 b8a6 c000 0201 c000 .T..@.?......... 0x0020: 0101 0800 d9ef 6f00 0700 2d9b c73b c735 ......o...-..;.5 0x0030: 0100 0809 0a0b 0c0d 0e0f 1011 1213 1415 ................ 0x0040: 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 ...........!"#$% 0x0050: 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 &'()*+,-./012345 10:00:00:64:64:23 > 10:00:00:64:64:45, ethertype IPv4 (0x0800), length 98: IP 192.0.2.1 > 192.0.1.1: icmp 64: echo request seq 2048 0x0000: 1000 0064 6445 1000 0064 6423 0800 4500 ...ddE...dd#..E. 0x0010: 0054 0000 4000 3f01 b8a6 c000 0201 c000 .T..@.?......... 0x0020: 0101 0800 e8ef 6f00 0800 329b c73b b235 ......o...2..;.5 0x0030: 0100 0809 0a0b 0c0d 0e0f 1011 1213 1415 ................ 0x0040: 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 ...........!"#$% 0x0050: 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 &'()*+,-./012345 4 packets captured 4 packets received by filter 0 packets dropped by kernel