west:~# named west:~# ifdown eth1 west:~# ifconfig eth1 inet 192.1.2.45 netmask 255.255.255.224 up west:~# route add -net default gw 192.1.2.62 west:~# : try default route west:~# ping -c 1 -n 192.1.2.62 PING 192.1.2.62 (192.1.2.62): 56 data bytes 64 bytes from 192.1.2.62: icmp_seq=0 ttl=257 time=999 ms --- 192.1.2.62 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms west:~# : try hitting east before doing IPsec west:~# ping -c 1 -n 192.1.2.23 PING 192.1.2.23 (192.1.2.23): 56 data bytes 64 bytes from 192.1.2.23: icmp_seq=0 ttl=257 time=999 ms --- 192.1.2.23 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms west:~# ipsec setup start ipsec_setup: Starting Libreswan IPsec VERSION west:~# /testing/pluto/bin/wait-until-pluto-started west:~# ipsec auto --add us-to-anyone west:~# ipsec auto --route us-to-anyone west:~# ipsec auto --replace clear west:~# ipsec whack --listen 002 listening for IKE messages 002 forgetting secrets 002 loading secrets from "/etc/ipsec.secrets" 002 loading group "/etc/ipsec.d/policies/clear" west:~# ipsec auto --route clear west:~# : check out if .23 has proper TXT record. west:~# dig 23.2.1.192.in-addr.arpa. txt ; <<>> DiG VERSION<<>> 23.2.1.192.in-addr.arpa. txt ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;23.2.1.192.in-addr.arpa. IN TXT ;; ANSWER SECTION: 23.2.1.192.in-addr.arpa. 604800 IN TXT "X-IPsec-Server(10)=192.1.2.23" " AQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwX" "IKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL" ;; Query time: 25 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: DATE ;; MSG SIZE rcvd: SIZE west:~# ipsec look west NOW 192.0.1.0/24 -> 0.0.0.0/0 => %trap (0) 192.1.2.45/32 -> 192.0.2.0/24 => %pass (0) 192.1.2.45/32 -> 192.1.2.0/24 => %pass (0) 192.1.2.45/32 -> 192.1.2.129/32 => %pass (12) 192.1.2.45/32 -> 192.1.2.130/32 => %pass (4) 192.1.2.45/32 -> 192.1.2.254/32 => %pass (12) ipsec0->eth1 mtu=16260(1500)->1500 Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.1.2.62 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 192.1.2.62 128.0.0.0 UG 0 0 0 ipsec0 128.0.0.0 192.1.2.62 128.0.0.0 UG 0 0 0 ipsec0 192.0.2.0 192.1.2.62 255.255.255.0 UG 0 0 0 ipsec0 192.1.2.0 192.1.2.62 255.255.255.0 UG 0 0 0 ipsec0 192.1.2.129 192.1.2.62 255.255.255.255 UGH 0 0 0 ipsec0 192.1.2.130 192.1.2.62 255.255.255.255 UGH 0 0 0 ipsec0 192.1.2.254 192.1.2.62 255.255.255.255 UGH 0 0 0 ipsec0 192.1.2.32 0.0.0.0 255.255.255.224 U 0 0 0 eth1 192.1.2.32 0.0.0.0 255.255.255.224 U 0 0 0 ipsec0 west:~# echo end end west:~# west:~# west:~# ipsec eroute 0 0.0.0.0/0 -> 0.0.0.0/0 => %trap 0 192.0.1.0/24 -> 0.0.0.0/0 => %trap 0 192.1.2.45/32 -> 192.0.2.0/24 => %pass 2 192.1.2.45/32 -> 192.1.2.0/24 => %pass 12 192.1.2.45/32 -> 192.1.2.129/32 => %pass 4 192.1.2.45/32 -> 192.1.2.130/32 => %pass 12 192.1.2.45/32 -> 192.1.2.254/32 => %pass