../../guestbin/algo.sh
/etc/ipsec.conf ...
config setup
	ikev1-policy=drop
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	dumpdir=/tmp
	plutodebug=all
conn algo
	# IKE
	keyexchange=ikev2
	ike=aes128-sha1-ecp256
	left=192.1.2.45
	right=192.1.2.23
	authby=secret
	leftid=@west
	rightid=@east
	# CHILD
	leftsubnet=192.0.1.0/24
	rightsubnet=192.0.2.0/24
	#phase2=
	#phase2alg=
	#type=
	#compress=
/etc/ipsec.d/ipsec.secrets ...
@west @east : PSK "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
starting pluto ...
begin #
 ipsec start
Redirecting to: [initsystem]
end #
begin #
 ipsec add algo
"algo": added IKEv2 connection
end #
west #
 ipsec auto --up algo
"algo" #1: initiating IKEv2 connection to 192.1.2.23 using UDP
"algo" #1: sent IKE_SA_INIT request to 192.1.2.23:UDP/500
"algo" #1: processed IKE_SA_INIT response from 192.1.2.23:UDP/500 {cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=DH19}, initiating IKE_AUTH
"algo" #1: sent IKE_AUTH request to 192.1.2.23:UDP/500 with shared-key-mac and FQDN '@west'; Child SA #2 {ESP <0xESPESP}
"algo" #1: initiator established IKE SA; authenticated peer using authby=secret and FQDN '@east'
"algo" #2: initiator established Child SA using #1; IPsec tunnel [192.0.1.0/24===192.0.2.0/24] {ESP/ESN=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE DPD=passive}
west #
 ../../guestbin/ping-once.sh --up -I 192.0.1.254 192.0.2.254
up
west #
 ipsec whack --trafficstatus
#2: "algo", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, maxBytes=2^63B, id='@east'
west #
