create packet-generator interface pg0
create packet-generator interface pg1

pipe create

ip table add 1
set int ip table pg1 1
set int ip table pipe0.1 1

set int ip address pg0 192.168.0.1/24
set int ip address pg1 192.168.1.1/24

set int ip address pipe0.0 10.0.0.1/24
set int ip address pipe0.1 10.0.0.2/24

set int state pg0 up
set int state pg1 up
set int state pipe0 up

ipsec sa add 20 spi 200 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
ipsec sa add 30 spi 300 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128

create ipip tunnel src 10.0.0.1 dst 10.0.0.2
create ipip tunnel src 10.0.0.2 dst 10.0.0.1 outer-table-id 1

ipsec tunnel protect ipip0 sa-in 20 sa-out 30
ipsec tunnel protect ipip1 sa-in 30 sa-out 20

set int state ipip0 up
set int unnum ipip0 use pg0

set int state ipip1 up
set int ip table ipip1 1
set int unnum ipip1 use pg1

ip route add 192.168.1.0/24 via ipip0
set ip neighbor pg1 192.168.1.2 00:11:22:33:44:55
ip route add table 1 192.168.0.0/24 via ipip1
set ip neighbor pg0 192.168.0.2 00:11:22:33:44:66

trace add pg-input 100

packet-generator new {						\
  name ipsec1							\
  limit 1							\
  rate 1e4							\
  node ip4-input						\
  interface pg0							\
  size 100-100							\
  data {							\
   UDP: 192.168.0.2 -> 192.168.1.2				\
   UDP: 4321 -> 1234						\
    length 72							\
    incrementing 100						\
  }								\
}
packet-generator new {						\
  name ipsec2							\
  limit 1							\
  rate 1e4							\
  node ip4-input						\
  interface pg1							\
  size 100-100							\
  data {							\
   UDP: 192.168.1.2 -> 192.168.0.2				\
   UDP: 4321 -> 1234						\
    length 72							\
    incrementing 100						\
  }								\
}