east:~#
 route delete -net 192.0.1.0 netmask 255.255.255.0
east:~#
 route delete -net default
east:~#
 route add -net default gw 192.1.2.45
east:~#
 named
east:~#
 dig sunrise-oe.uml.freeswan.org a

; <<>> DiG VERSION<<>> sunrise-oe.uml.freeswan.org a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sunrise-oe.uml.freeswan.org.	IN	A

;; ANSWER SECTION:
sunrise-oe.uml.freeswan.org. 604800 IN	A	192.0.2.2

;; Query time: 25 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 netstat -rne
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.9.2.0       0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.1.2.0       0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.1.2.45      0.0.0.0         UG    0      0        0 eth1
east:~#
 ipsec setup start
ipsec_setup: Starting Libreswan IPsec VERSION
east:~#
 /testing/pluto/bin/wait-until-pluto-started
east:~#
 ipsec auto --add private
east:~#
 ipsec whack --listen
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"
002 loading group "/etc/ipsec.d/policies/private"
east:~#
 ipsec auto --route private
east:~#
east:~#
 dig 3.1.0.192.in-addr.arpa. txt

; <<>> DiG VERSION<<>> 3.1.0.192.in-addr.arpa. txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;3.1.0.192.in-addr.arpa.		IN	TXT

;; ANSWER SECTION:
3.1.0.192.in-addr.arpa.	604800	IN	TXT	"X-IPsec-Server(10)=192.1.2.45" " AQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1j" "QKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7"

;; Query time: 25 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 : we expect that east can ping west
east:~#
 ping -c 1 -n 192.1.2.45
PING 192.1.2.45 (192.1.2.45): 56 data bytes
64 bytes from 192.1.2.45: icmp_seq=0 ttl=257 time=999 ms

--- 192.1.2.45 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
east:~#
 : we expect that this will result in a %drop, as 1.1 is not OE enabled.
east:~#
 ping -c 8 -n 192.0.1.1
PING 192.0.1.1 (192.0.1.1): 56 data bytes

--- 192.0.1.1 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
east:~#
 ipsec eroute
0          0.0.0.0/0          -> 0.0.0.0/0          => %trap
1          192.1.2.23/32      -> 192.0.1.0/24       => %trap
8          192.1.2.23/32      -> 192.0.1.1/32       => %drop
east:~#
 : we expect that this will result in a tunnel, as 1.3 is OE enabled.
east:~#
 ping -c 8 -n 192.0.1.3
PING 192.0.1.3 (192.0.1.3): 56 data bytes
64 bytes from 192.0.1.3: icmp_seq=0 ttl=257 time=999 ms
64 bytes from 192.0.1.3: icmp_seq=1 ttl=257 time=999 ms
64 bytes from 192.0.1.3: icmp_seq=2 ttl=257 time=999 ms
64 bytes from 192.0.1.3: icmp_seq=3 ttl=257 time=999 ms
64 bytes from 192.0.1.3: icmp_seq=4 ttl=257 time=999 ms
64 bytes from 192.0.1.3: icmp_seq=5 ttl=257 time=999 ms
64 bytes from 192.0.1.3: icmp_seq=6 ttl=257 time=999 ms
64 bytes from 192.0.1.3: icmp_seq=7 ttl=257 time=999 ms

--- 192.0.1.3 ping statistics ---
8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
east:~#
 ipsec eroute
8          0.0.0.0/0          -> 0.0.0.0/0          => %trap
2          192.1.2.23/32      -> 192.0.1.0/24       => %trap
8          192.1.2.23/32      -> 192.0.1.1/32       => %drop
8          192.1.2.23/32      -> 192.0.1.3/32       => tun0x1002@192.1.2.45
east:~#
 : the nether world according to pluto
east:~#
east:~#
 : we expect that the resulting tunnel will not affect communication
east:~#
 : to hosts which are not OE enabled.
east:~#
 ping -c 8 -n 192.0.1.1
PING 192.0.1.1 (192.0.1.1): 56 data bytes

--- 192.0.1.1 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
east:~#
 : we further expect that we can continue to communicate with the outside
east:~#
 : interface of west.
east:~#
 ping -c 1 -n 192.1.2.45
PING 192.1.2.45 (192.1.2.45): 56 data bytes
64 bytes from 192.1.2.45: icmp_seq=0 ttl=257 time=999 ms

--- 192.1.2.45 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
east:~#
 ipsec eroute
8          0.0.0.0/0          -> 0.0.0.0/0          => %trap
2          192.1.2.23/32      -> 192.0.1.0/24       => %trap
16         192.1.2.23/32      -> 192.0.1.1/32       => %drop
8          192.1.2.23/32      -> 192.0.1.3/32       => tun0x1002@192.1.2.45
east:~#
 echo end
end
east:~#
 

east:~#
east:~#