east:~#
 TZ=GMT export TZ
east:~#
 ipsec spi --clear
east:~#
 ipsec eroute --clear
east:~#
 enckey=0xaaaabbbbccccdddd4043434545464649494a4a4c4c4f4f515152525454575758
east:~#
 authkey=0x8765876587658765876587658765876587658765
east:~#
 ipsec spi --af inet --edst 192.1.2.45 --spi 0xD1234567 --proto esp --src 192.1.2.23 --esp aes-sha1-96 --enckey $enckey --authkey $authkey
east:~#
 ipsec spi --af inet --edst 192.1.2.45 --spi 0xD1234567 --proto tun --src 192.1.2.23 --dst 192.1.2.45 --ip4
east:~#
 ipsec spigrp inet 192.1.2.45 0xD1234567 tun inet 192.1.2.45 0xD1234567 esp 
east:~#
 ipsec eroute --add --eraf inet --src 192.0.2.0/24 --dst 192.0.1.0/24 --said tun0xD1234567@192.1.2.45
east:~#
 ipsec tncfg --attach --virtual ipsec0 --physical eth1
east:~#
 ifconfig ipsec0 inet 192.1.2.23 netmask 0xffffff00 broadcast 192.1.2.255 up
east:~#
 arp -s 192.1.2.45 10:00:00:64:64:45
east:~#
 arp -s 192.1.2.254 10:00:00:64:64:45
east:~#
 ipsec look
east NOW
192.0.2.0/24       -> 192.0.1.0/24       => tun0xd1234567@192.1.2.45 esp0xd1234567@192.1.2.45  (0)
ipsec0->eth1 mtu=16260(1500)->1500
esp0xd1234567@192.1.2.45 ESP_AES_HMAC_SHA1: dir=out src=192.1.2.23 iv_bits=128bits iv=0xDEADF00DDEADF00DDEADF00DDEADF00D alen=160 aklen=160 eklen=256 life(c,s,h)= natencap=none natsport=0 natdport=0 refcount=4 ref=3
tun0xd1234567@192.1.2.45 IPIP: dir=out src=192.1.2.23 life(c,s,h)= natencap=none natsport=0 natdport=0 refcount=4 ref=4
ROUTING TABLE
east:~#
 route add -host 192.0.1.1 gw 192.1.2.45 dev ipsec0