ipsec statusall | awk {'print $3,$4,$5,$6'} | grep up
ipsec statusall
ip -s xfrm policy
https://sysadmins.co.za/setup-a-site-to-site-ipsec-vpn-with-strongswan-on-ubuntu/
https://serverfault.com/questions/1002024/strongswan-ipsec-tunnel-block-traffic-one-way
1) /etc/strongswan.d/charon.conf # Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1). reuse_ikesa = yes
2) cron disabled #*/1 * * * * /usr/sbin/ipsec up evoke1 #*/1 * * * * /usr/sbin/ipsec up evoke2 #*/1 * * * * /usr/sbin/ipsec up evoke3 #*/1 * * * * /usr/sbin/ipsec up evoke4
3) change tunnel from start to route old; auto=start new; auto=route