--- road.console.txt	2019-08-24 18:12:56.304672833 +0000
+++ OUTPUT/road.console.txt	2019-08-26 13:20:25.776911066 +0000
@@ -123,7 +123,7 @@
  sleep 45
 road #
  ipsec whack --trafficstatus
-006 #2: "private#192.1.2.23/32"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=168, outBytes=168, id='ID_NULL'
+whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
 road #
  sleep 45
 road #
@@ -132,12 +132,21 @@
  # Template (dir out) for %trap to 192.1.2.23/32 should be there
 road #
  ipsec whack --trafficstatus
+whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
 road #
  ip xfrm pol
 src 192.1.3.209/32 dst 192.1.2.23/32 
 	dir out priority 2088927 ptype main 
-	tmpl src 0.0.0.0 dst 0.0.0.0
-		proto esp reqid 0 mode transport
+	tmpl src 192.1.3.209 dst 192.1.2.23
+		proto esp reqid 16429 mode tunnel
+src 192.1.2.23/32 dst 192.1.3.209/32 
+	dir fwd priority 2088927 ptype main 
+	tmpl src 192.1.2.23 dst 192.1.3.209
+		proto esp reqid 16429 mode tunnel
+src 192.1.2.23/32 dst 192.1.3.209/32 
+	dir in priority 2088927 ptype main 
+	tmpl src 192.1.2.23 dst 192.1.3.209
+		proto esp reqid 16429 mode tunnel
 src 192.1.2.253/32 dst 192.1.3.209/32 
 	dir fwd priority 1564639 ptype main 
 src 192.1.2.253/32 dst 192.1.3.209/32 
@@ -162,22 +171,6 @@
 	dir in priority 1564639 ptype main 
 src 192.1.3.209/32 dst 192.1.2.254/32 
 	dir out priority 1564639 ptype main 
-src 0.0.0.0/0 dst 0.0.0.0/0 
-	socket out priority 0 ptype main 
-src 0.0.0.0/0 dst 0.0.0.0/0 
-	socket in priority 0 ptype main 
-src 0.0.0.0/0 dst 0.0.0.0/0 
-	socket out priority 0 ptype main 
-src 0.0.0.0/0 dst 0.0.0.0/0 
-	socket in priority 0 ptype main 
-src 0.0.0.0/0 dst 0.0.0.0/0 
-	socket out priority 0 ptype main 
-src 0.0.0.0/0 dst 0.0.0.0/0 
-	socket in priority 0 ptype main 
-src 0.0.0.0/0 dst 0.0.0.0/0 
-	socket out priority 0 ptype main 
-src 0.0.0.0/0 dst 0.0.0.0/0 
-	socket in priority 0 ptype main 
 road #
  echo done
 done
@@ -185,6 +178,14 @@
  ../../pluto/bin/ipsec-look.sh
 road NOW
 XFRM state:
+src 192.1.2.23 dst 192.1.3.209
+	proto esp spi 0xSPISPI reqid REQID mode tunnel
+	replay-window 32 flag af-unspec
+	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
+src 192.1.3.209 dst 192.1.2.23
+	proto esp spi 0xSPISPI reqid REQID mode tunnel
+	replay-window 32 flag af-unspec
+	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
 XFRM policy:
 src 192.1.2.253/32 dst 192.1.3.209/32
 	dir fwd priority 1564639 ptype main
@@ -210,10 +211,18 @@
 	dir fwd priority 1564639 ptype main
 src 192.1.3.254/32 dst 192.1.3.209/32
 	dir in priority 1564639 ptype main
+src 192.1.2.23/32 dst 192.1.3.209/32
+	dir fwd priority 2088927 ptype main
+	tmpl src 192.1.2.23 dst 192.1.3.209
+		proto esp reqid REQID mode tunnel
+src 192.1.2.23/32 dst 192.1.3.209/32
+	dir in priority 2088927 ptype main
+	tmpl src 192.1.2.23 dst 192.1.3.209
+		proto esp reqid REQID mode tunnel
 src 192.1.3.209/32 dst 192.1.2.23/32
 	dir out priority 2088927 ptype main
-	tmpl src 0.0.0.0 dst 0.0.0.0
-		proto esp reqid REQID mode transport
+	tmpl src 192.1.3.209 dst 192.1.2.23
+		proto esp reqid REQID mode tunnel
 XFRM done
 IPSEC mangle TABLES
 NEW_IPSEC_CONN mangle TABLES