iptables -t nat -F
nic #
 iptables -F
nic #
 # NAT to NIC's address
nic #
 iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -j SNAT --to-source 192.1.2.254
nic #
 # A tunnel should have established with non-zero byte counters
nic #
 ipsec whack --trafficstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
nic #
 # you should see both RSA and NULL
nic #
 grep IKEv2_AUTH_ /tmp/pluto.log
nic #
nic #
 ../bin/check-for-core.sh
nic #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi