east:~#
 route delete -net 192.0.1.0 netmask 255.255.255.0
east:~#
 route delete -net default
east:~#
 route add -net default gw 192.1.2.254
east:~#
 named
east:~#
 ipsec setup start
ipsec_setup: Starting Libreswan IPsec VERSION
east:~#
 /testing/pluto/bin/wait-until-pluto-started
east:~#
 ipsec look
east NOW
0.0.0.0/0          -> 0.0.0.0/0          => %trap (0)
ipsec0->eth1 mtu=16260(1500)->1500
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.1.2.254     0.0.0.0         UG        0 0          0 eth1
0.0.0.0         192.1.2.254     128.0.0.0       UG        0 0          0 ipsec0
128.0.0.0       192.1.2.254     128.0.0.0       UG        0 0          0 ipsec0
192.1.2.0       0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.1.2.0       0.0.0.0         255.255.255.0   U         0 0          0 ipsec0
east:~#
 ipsec auto --add clear
east:~#
 ipsec auto --add private-or-clear
east:~#
 ipsec auto --delete packetdefault
east:~#
 ipsec whack --listen
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"
002 loading group "/etc/ipsec.d/policies/private-or-clear"
002 loading group "/etc/ipsec.d/policies/clear"
003 "/etc/ipsec.d/policies/clear" line 1: subnet "192.0.1.0/24", source 192.1.2.23/32, already "private-or-clear"
east:~#
 ipsec auto --route clear
east:~#
 ipsec auto --route private-or-clear
east:~#
 ipsec eroute
0          192.1.2.23/32      -> 192.0.1.0/24       => %trap
0          192.1.2.23/32      -> 192.1.2.129/32     => %pass
0          192.1.2.23/32      -> 192.1.2.130/32     => %pass
0          192.1.2.23/32      -> 192.1.2.254/32     => %pass
east:~#
 echo end
end
east:~#
 : we expect that east can ping west
east:~#
 ping -c 1 -n 192.1.2.45
PING 192.1.2.45 (192.1.2.45): 56 data bytes
64 bytes from 192.1.2.45: icmp_seq=0 ttl=257 time=999 ms

--- 192.1.2.45 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
east:~#
 : we expect that this will result no tunnel, as we are not prepared for 
east:~#
 : a tunnel, but west will attempt it.
east:~#
 ping -c 2 -w 4 -n 192.0.1.3
ping: invalid option -- w
usage: ping [-LRdfnqrv] [-c count] [-i wait] [-l preload]
	[-p pattern] [-s packetsize] [-t ttl] [-I interface address] host
east:~#
 : make sure we can still ping west.
east:~#
 ping -c 1 -n 192.1.2.45
PING 192.1.2.45 (192.1.2.45): 56 data bytes
64 bytes from 192.1.2.45: icmp_seq=0 ttl=257 time=999 ms

--- 192.1.2.45 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
east:~#
 ipsec look
east NOW
192.1.2.23/32      -> 192.0.1.0/24       => %trap (0)
192.1.2.23/32      -> 192.1.2.129/32     => %pass (0)
192.1.2.23/32      -> 192.1.2.130/32     => %pass (0)
192.1.2.23/32      -> 192.1.2.254/32     => %pass (0)
ipsec0->eth1 mtu=16260(1500)->1500
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.1.2.254     0.0.0.0         UG        0 0          0 eth1
192.0.1.0       192.1.2.254     255.255.255.0   UG        0 0          0 ipsec0
192.1.2.0       0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.1.2.0       0.0.0.0         255.255.255.0   U         0 0          0 ipsec0
192.1.2.129     192.1.2.254     255.255.255.255 UGH       0 0          0 ipsec0
192.1.2.130     192.1.2.254     255.255.255.255 UGH       0 0          0 ipsec0
192.1.2.254     192.1.2.254     255.255.255.255 UGH       0 0          0 ipsec0
east:~#
 echo end
end
east:~#
 

east:~#