road:~#
 TESTNAME=nat-pluto-04
road:~#
 source /testing/pluto/bin/roadlocal.sh
road:~#
 ipsec setup start
ipsec_setup: Starting Libreswan IPsec VERSION
road:~#
 /testing/pluto/bin/wait-until-pluto-started
road:~#
 ipsec auto --add road--eastnet-nat
road:~#
 echo done
done
road:~#
 ipsec auto --up road--eastnet-nat
104 "road--eastnet-nat" #1: STATE_MAIN_I1: initiate
003 "road--eastnet-nat" #1: received Vendor ID payload [Libreswan 
003 "road--eastnet-nat" #1: received Vendor ID payload [Dead Peer Detection]
003 "road--eastnet-nat" #1: received Vendor ID payload [RFC 3947] method set to=109 
106 "road--eastnet-nat" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "road--eastnet-nat" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): I am behind NAT
108 "road--eastnet-nat" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "road--eastnet-nat" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
117 "road--eastnet-nat" #2: STATE_QUICK_I1: initiate
004 "road--eastnet-nat" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
road:~#
 ping -q -c 8 -i 10 -n sunrise
PING sunrise (192.0.2.1): 56 data bytes

--- sunrise ping statistics ---
8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
road:~#
 echo done
done
road:~#
 

road:~#
 ipsec look
road NOW
192.0.2.219/32     -> 192.0.2.0/24       => tun0xIPIP@192.1.2.23 esp0xESPSPI@192.1.2.23
ipsec0->eth0 mtu=16260(9999)->1500
tun0xTUN#@192.1.2.23 IPIP: dir=out src=192.1.3.209  natencap=none natsport=0 natdport=0  
esp0xKLIPSPIK@192.1.2.23 ESP_AES_HMAC_SHA1: dir=out src=192.1.3.209 iv_bits=128bits iv=0xIVISFORRANDOM000IVISFORRANDOM000 ooowin=64  alen=160 aklen=160 eklen=128  natencap=nonesp natsport=4500 natdport=4500  
esp0xKLIPSPIK@192.1.3.209 ESP_AES_HMAC_SHA1: dir=in  src=192.1.2.23 iv_bits=128bits iv=0xIVISFORRANDOM000IVISFORRANDOM000 ooowin=64   alen=160 aklen=160 eklen=128  natencap=nonesp natsport=4500 natdport=4500  
tun0xTUN#@192.1.3.209 IPIP: dir=in  src=192.1.2.23 policy=192.0.2.0/24->192.0.2.219/32 flags=0x8<>  natencap=none natsport=0 natdport=0  
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.1.3.254     0.0.0.0         UG       99 0          0 eth0
192.0.2.0       192.1.3.254     255.255.255.0   UG       99 0          0 ipsec0
192.1.3.0       0.0.0.0         255.255.255.0   U        99 0          0 eth0
192.1.3.0       0.0.0.0         255.255.255.0   U        99 0          0 ipsec0
road:~#
road:~#