--- east.console.txt 2019-08-24 18:12:56.227675547 +0000 +++ OUTPUT/east.console.txt 2019-08-26 13:13:49.545783725 +0000 @@ -17,33 +17,13 @@ ../../pluto/bin/ipsec-look.sh east NOW XFRM state: -src 192.1.2.45 dst 192.1.2.23 - proto esp spi 0xSPISPI reqid REQID mode tunnel - replay-window 32 flag af-unspec - aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 -src 192.1.2.23 dst 192.1.2.45 - proto esp spi 0xSPISPI reqid REQID mode tunnel - replay-window 32 flag af-unspec - aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 XFRM policy: -src 192.0.1.0/24 dst 192.0.2.0/24 - dir fwd priority 1042407 ptype main - tmpl src 192.1.2.45 dst 192.1.2.23 - proto esp reqid REQID mode tunnel -src 192.0.1.0/24 dst 192.0.2.0/24 - dir in priority 1042407 ptype main - tmpl src 192.1.2.45 dst 192.1.2.23 - proto esp reqid REQID mode tunnel -src 192.0.2.0/24 dst 192.0.1.0/24 - dir out priority 1042407 ptype main - tmpl src 192.1.2.23 dst 192.1.2.45 - proto esp reqid REQID mode tunnel XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES default via 192.1.2.254 dev eth1 -192.0.1.0/24 dev eth1 scope link src 192.0.2.254 +192.0.1.0/24 via 192.1.2.45 dev eth1 192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23 NSS_CERTIFICATES