east:~#
 route delete -net 192.0.1.0 netmask 255.255.255.0
east:~#
 route delete -net default
east:~#
 route add -net default gw 192.1.2.45
east:~#
 named
east:~#
 TESTNAME=food-groups-clear-or-oe-01
east:~#
 source /testing/pluto/bin/eastlocal.sh
east:~#
 echo end eastinit.sh
end eastinit.sh
east:~#
 dig 23.2.1.192.in-addr.arpa. txt

; <<>> DiG VERSION<<>> 23.2.1.192.in-addr.arpa. txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;23.2.1.192.in-addr.arpa.	IN	TXT

;; ANSWER SECTION:
23.2.1.192.in-addr.arpa. 604800	IN	TXT	"X-IPsec-Server(10)=192.1.2.23" " AQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwX" "IKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL"

;; Query time: 25 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 /testing/pluto/bin/look-for-txt 23.2.1.192.in-addr.arpa. AQN3cn11F
LOOK-FOR-TXT FOUND AQN3cn11F
east:~#
 ipsec setup start
ipsec_setup: Starting Openswan IPsec VERSION
east:~#
 /testing/pluto/basic-pluto-01/eroutewait.sh trap
east:~#
 ipsec auto --add clear-or-private
east:~#
 ipsec whack --listen
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/tmp/food-groups-clear-or-oe-01/ipsec.secrets"
002 loading group "/tmp/food-groups-clear-or-oe-01/ipsec.d/policies/clear-or-private"
east:~#
 ipsec auto --route clear-or-private
east:~#
 ipsec whack --debug-oppo --debug-control
east:~#
 ipsec look
east NOW
0.0.0.0/0          -> 0.0.0.0/0          => %trap
192.1.2.23/32      -> 192.0.1.0/24       => %pass
ipsec0->eth1 mtu=16260(9999)->1500
ROUTING TABLE
192.1.2.0/24 dev eth1  proto kernel  scope link  src 192.1.2.23
192.1.2.0/24 dev ipsec0  proto kernel  scope link  src 192.1.2.23
192.0.1.0/24 via 192.1.2.45 dev ipsec0
0.0.0.0/1 via 192.1.2.45 dev ipsec0
128.0.0.0/1 via 192.1.2.45 dev ipsec0
default via 192.1.2.45 dev eth1
east:~#
 ping -c 1 -n 192.0.1.1
PING 192.0.1.1 (192.0.1.1): 56 data bytes
64 bytes from 192.0.1.1: icmp_seq=0 ttl=257 time=999 ms

--- 192.0.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
east:~#
 sleep 5
east:~#
 ping -c 8 -n 192.0.1.1
PING 192.0.1.1 (192.0.1.1): 56 data bytes
64 bytes from 192.0.1.1: icmp_seq=0 ttl=257 time=999 ms
64 bytes from 192.0.1.1: icmp_seq=1 ttl=257 time=999 ms
64 bytes from 192.0.1.1: icmp_seq=2 ttl=257 time=999 ms
64 bytes from 192.0.1.1: icmp_seq=3 ttl=257 time=999 ms
64 bytes from 192.0.1.1: icmp_seq=4 ttl=257 time=999 ms
64 bytes from 192.0.1.1: icmp_seq=5 ttl=257 time=999 ms
64 bytes from 192.0.1.1: icmp_seq=6 ttl=257 time=999 ms
64 bytes from 192.0.1.1: icmp_seq=7 ttl=257 time=999 ms

--- 192.0.1.1 ping statistics ---
8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
east:~#
 ipsec look
east NOW
0.0.0.0/0          -> 0.0.0.0/0          => %trap
192.1.2.23/32      -> 192.0.1.0/24       => %pass
ipsec0->eth1 mtu=16260(9999)->1500
ROUTING TABLE
192.1.2.0/24 dev eth1  proto kernel  scope link  src 192.1.2.23
192.1.2.0/24 dev ipsec0  proto kernel  scope link  src 192.1.2.23
192.0.1.0/24 via 192.1.2.45 dev ipsec0
0.0.0.0/1 via 192.1.2.45 dev ipsec0
128.0.0.0/1 via 192.1.2.45 dev ipsec0
default via 192.1.2.45 dev eth1
east:~#
 echo end eastrun.sh
end eastrun.sh
east:~#
 

east:~#
 ipsec setup stop
IPSEC EVENT: KLIPS device ipsec0 shut down.
ipsec_setup: Stopping Openswan IPsec...
east:~#
 kill `cat /var/run/klogd.pid`; cat /tmp/klog.log
klogd 1.3-3#33.1, log source = /proc/kmsg started.
east:~#
 halt -p -f
Power down.

