Same as netkey-01 but we also add a passthrough route to verify the issue
with http://lists.libreswan.org/pipermail/users/2007-April/012298.html
mentioned at  http://bugs.libreswan.org/view.php?id=907

It will require a manual adding of dir out and dir forward policies, eg
ip xfrm policy add dir in src subnet1 dst subnet2
ip xfrm policy add dir out src subnet1 dst subnet2
ip xfrm policy add dir in src subnet2 dst subnet1
ip xfrm policy add dir out src subnet2 dst subnet1
ip xfrm policy add dir fwd src subnet1 dst subnet2
ip xfrm policy add dir fwd src subnet2 dst subnet1


"westnet-eastnet": 192.0.1.0/24===192.1.2.45[@west]...192.1.2.23[@east]===192.0.2.0/24

1) west 192.1.2.45 pings east-in/east-eth0/east 192.0.2.254 on eastnet 192.0.2.0/24
2) west adds an iptable rule to block plaintext from eastnet
3) west pings 192.0.2.254 again, but pong should be dropped by rule
4) west initiates connection "westnet-eastnet"; east 192.1.2.23 responds
5) netjig sends ping packets from westnet to eastnet