east:~#
 TZ=GMT export TZ
east:~#
 ipsec spi --clear
east:~#
 ipsec eroute --clear
east:~#
 enckey1=0x43434545464649494a4a4c4c4f4f51515252545457575840
east:~#
 authkey1=0x65876587658765876587658765876587
east:~#
 ipsec spi --af inet --edst 192.1.2.45 --spi 0x12345678 --proto esp --src 192.1.2.23 --esp 3des-md5-96 --enckey $enckey1 --authkey $authkey1
east:~#
 ipsec spi --af inet --edst 192.1.2.45 --spi 0x12345678 --proto tun --src 192.1.2.23 --dst 192.1.2.45 --ip4
east:~#
 enckey2=0x434545464649494a4a4c4c4f4f5151525254545757584043
east:~#
 authkey2=0x87658765876587658765876587658765
east:~#
 ipsec spi --af inet --edst 192.0.1.1 --spi 0xabcdabcd --proto esp --src 192.1.2.23 --esp 3des-md5-96 --enckey $enckey2 --authkey $authkey2
east:~#
 ipsec spi --af inet --edst 192.0.1.1 --spi 0xabcdabcd --proto tun --src 192.1.2.23 --dst 192.0.1.1 --ip4
east:~#
 ipsec spigrp 	inet 192.1.2.45 0x12345678 tun inet 192.1.2.45 0x12345678 esp 
east:~#
 ipsec spigrp 	inet 192.0.1.1  0xabcdabcd esp inet 192.1.2.45 0x12345678 tun 
east:~#
 ipsec spigrp    inet 192.0.1.1  0xabcdabcd tun inet 192.0.1.1  0xabcdabcd esp 
east:~#
 ipsec eroute --add --eraf inet --src 192.0.2.1/32 --dst 192.0.1.1/32 --said tun0xabcdabcd@192.0.1.1
east:~#
 ipsec tncfg --attach --virtual ipsec0 --physical eth1
east:~#
 ifconfig ipsec0 inet 192.1.2.23 netmask 0xffffff00 broadcast 192.1.2.255 up
east:~#
 arp -s 192.1.2.45 10:00:00:64:64:45
east:~#
 arp -s 192.1.2.254 10:00:00:64:64:45
east:~#
 ipsec look
east NOW
192.0.2.1/32       -> 192.0.1.1/32       => tun0xabcdabcd@192.0.1.1 esp0xabcdabcd@192.0.1.1 tun0x12345678@192.1.2.45 esp0x12345678@192.1.2.45  (0)
ipsec0->eth1 mtu=16260(1500)->1500
esp0x12345678@192.1.2.45 ESP_3DES_HMAC_MD5: dir=out src=192.1.2.23 iv_bits=64bits iv=0xDEADF00DDEADF00D alen=128 aklen=128 eklen=192 life(c,s,h)= natencap=none natsport=0 natdport=0 refcount=3 ref=1 refhim=0
esp0xabcdabcd@192.0.1.1 ESP_3DES_HMAC_MD5: dir=out src=192.1.2.23 iv_bits=64bits iv=0xDEADF00DDEADF00D alen=128 aklen=128 eklen=192 life(c,s,h)= natencap=none natsport=0 natdport=0 refcount=4 ref=3 refhim=0
tun0x12345678@192.1.2.45 IPIP: dir=out src=192.1.2.23 life(c,s,h)= natencap=none natsport=0 natdport=0 refcount=4 ref=2 refhim=0
tun0xabcdabcd@192.0.1.1 IPIP: dir=out src=192.1.2.23 life(c,s,h)= natencap=none natsport=0 natdport=0 refcount=3 ref=4 refhim=0
ROUTING TABLE
east:~#
 route add -host 192.0.1.1 gw 192.1.2.45 dev ipsec0