create host-interface name vpp
create host-interface name priv
pipe create

set interface ip addr host-vpp 192.168.10.2/24
set interface state host-vpp up

ip table add 1
set int ip table host-priv 1
set int ip table pipe0.1 1

set interface ip addr host-priv 192.168.3.1/24
set interface state host-priv up

set int ip address pipe0.0 10.0.0.1/24
set int ip address pipe0.1 10.0.0.2/24
set int state pipe0 up

ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home
ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com
ikev2 profile set pr1 traffic-selector local ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0

ip route add table 1 192.168.10.0/24 via 10.0.0.1 pipe0.1

create ipip tunnel src 10.0.0.2 dst 192.168.10.1 outer-table-id 1
set interface ip table ipip0 1

ikev2 profile set pr1 tunnel ipip0
ip route add table 1 192.168.5.0/24 via ipip0
set interface unnumbered ipip0 use pipe0.1

nat44 enable sessions 10
nat44 add address 192.168.10.2
set interface nat44 in pipe0.0 out host-vpp
nat44 add static mapping udp local 10.0.0.2 500 external 192.168.10.2 500
nat44 add static mapping udp local 10.0.0.2 4500 external 192.168.10.2 4500

event-logger clear
trace add af-packet-input 100
ikev2 set liveness 10 2
ikev2 set logging level 4