east:~# route delete -net 192.0.1.0 netmask 255.255.255.0 east:~# route delete -net default east:~# route add -net default gw 192.1.2.45 east:~# arp -an east:~# ipsec setup start ipsec_setup: Starting Libreswan IPsec VERSION east:~# /testing/pluto/bin/wait-until-pluto-started east:~# ipsec auto --add block east:~# ipsec whack --listen 002 listening for IKE messages 002 forgetting secrets 002 loading secrets from "/etc/ipsec.secrets" 002 loaded private key for keyid: PPK_RSA:ADEADBEEF 002 loaded private key for keyid: PPK_RSA:ADEADBEEF 002 loading group "/etc/ipsec.d/policies/block" east:~# ipsec auto --route block east:~# echo end end east:~# ping -c 1 -n 192.1.2.45 PING 192.1.2.45 (192.1.2.45): 56 data bytes 64 bytes from 192.1.2.45: icmp_seq=0 ttl=257 time=999 ms --- 192.1.2.45 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms east:~# ping -c 8 -n 192.0.1.3 PING 192.0.1.3 (192.0.1.3): 56 data bytes --- 192.0.1.3 ping statistics --- 8 packets transmitted, 0 packets received, 100% packet loss east:~# ping -c 1 -n 192.1.2.45 PING 192.1.2.45 (192.1.2.45): 56 data bytes 64 bytes from 192.1.2.45: icmp_seq=0 ttl=257 time=999 ms --- 192.1.2.45 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms east:~# ipsec look east NOW 0.0.0.0/0 -> 0.0.0.0/0 => %trap 192.1.2.23/32 -> 192.0.1.0/24 => %reject ipsec0->eth1 mtu=16260(9999)->1500 ROUTING TABLE 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23 192.1.2.0/24 dev ipsec0 proto kernel scope link src 192.1.2.23 192.0.1.0/24 dev ipsec0 scope link 0.0.0.0/1 via 192.1.2.45 dev ipsec0 128.0.0.0/1 via 192.1.2.45 dev ipsec0 default via 192.1.2.45 dev eth1 east:~# echo end end east:~# east:~# ipsec setup stop IPSEC EVENT: KLIPS device ipsec0 shut down. ipsec_setup: Stopping Libreswan IPsec... east:~# kill `cat /var/run/klogd.pid`; cat /tmp/klog.log klogd 1.3-3#33.1, log source = /proc/kmsg started. east:~# halt -p -f System halted.