iptables -t nat -F
nic #
 iptables -F
nic #
 
nic #
 ip addr add 192.1.3.130/24 dev eth1
nic #
 # Destination NAT to east's address not the port
nic #
 iptables -t nat -A PREROUTING -d 192.1.3.130 -j DNAT --to-destination 192.1.2.23
nic #
 # A tunnel should have established with non-zero byte counters
nic #
 ip addr show scope global
2: ip_vti0@NONE: <NOARP> mtu XXXX qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
19274: eth0@if19275: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 06:9f:33:9e:cd:32 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.1.2.254/24 scope global eth0
       valid_lft forever preferred_lft forever
19276: eth1@if19277: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3a:a8:f0:8a:98:6e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.1.3.254/24 scope global eth1
       valid_lft forever preferred_lft forever
    inet 192.1.3.130/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
nic #
 # jacob two two for east?
nic #
 ipsec whack --trafficstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
nic #
 ipsec whack --trafficstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
nic #
 ../../pluto/bin/ipsec-look.sh
nic #
 # you should see both RSA and NULL
nic #
 grep IKEv2_AUTH_ /tmp/pluto.log
nic #
nic #
 ../bin/check-for-core.sh
nic #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi