Server_1 - 192.168.1.1
$ apt-get install ipsec-tools
$ cat <<'EOF' > /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
## Flush the SAD and SPD
## SAD = Security Association Database
## SPD = Security Policy Database
flush;
spdflush;
## AH = Authentication Header
## AH SAs using 128 bit long keys - dd if=/dev/random count=16 bs=1 | xxd -ps
add 192.168.1.1 192.168.1.2 ah 0x100 -A hmac-md5 0xe30415cf6ce70bd6d38ebf203822d869;
add 192.168.1.2 192.168.1.1 ah 0x200 -A hmac-md5 0x5954d4400c8ef23b3025c6cb1a62894c;
## ESP = Encapsulated Security Payload
## ESP SAs using 192 bit long keys (168 + 24 parity) - dd if=/dev/random count=24 bs=1 | xxd -ps
add 192.168.1.1 192.168.1.2 esp 0x101 -E 3des-cbc 0x2fc9ec8da583ba15371d6ebfaef1344772720d61911e1e73;
add 192.168.1.2 192.168.1.1 esp 0x201 -E 3des-cbc 0x9d0ae2ed9b24798d705be82c15404bf00f56bd1537d37d07;
## Security Policies
spdadd 192.168.1.1 192.168.1.2 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.1.1 192.168.1.2 any -P in ipsec esp/transport//require ah/transport//require;
EOF
$ chmod 750 /etc/ipsec-tools.conf
$ /etc/init.d/setkey start
$ /etc/init.d/setkey stop
$ setkey -D
$ setkey -DP
$ setkey -F
$ setkey -FP
Server_2 - 192.168.1.2
$ apt-get install ipsec-tools
$ cat <<'EOF' > /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
## Flush the SAD and SPD
## SAD = Security Association Database
## SPD = Security Policy Database
flush;
spdflush;
## AH = Authentication Header
## AH SAs using 128 bit long keys - dd if=/dev/random count=16 bs=1 | xxd -ps
add 192.168.1.1 192.168.1.2 ah 0x100 -A hmac-md5 0xe30415cf6ce70bd6d38ebf203822d869;
add 192.168.1.2 192.168.1.1 ah 0x200 -A hmac-md5 0x5954d4400c8ef23b3025c6cb1a62894c;
## ESP = Encapsulated Security Payload
## ESP SAs using 192 bit long keys (168 + 24 parity) - dd if=/dev/random count=24 bs=1 | xxd -ps
add 192.168.1.1 192.168.1.2 esp 0x101 -E 3des-cbc 0x2fc9ec8da583ba15371d6ebfaef1344772720d61911e1e73;
add 192.168.1.2 192.168.1.1 esp 0x201 -E 3des-cbc 0x9d0ae2ed9b24798d705be82c15404bf00f56bd1537d37d07;
## Security Policies
spdadd 192.168.1.2 192.168.1.1 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.1.2 192.168.1.1 any -P in ipsec esp/transport//require ah/transport//require;
EOF
$ chmod 750 /etc/ipsec-tools.conf
$ /etc/init.d/setkey start
$ /etc/init.d/setkey stop
$ setkey -D
$ setkey -DP
$ setkey -F
$ setkey -FP
Source: http://www.linux360.ro/forum/tutoriale/rutare-avansata-in-linux-si-controlul-traficului-t8996.html