[strongSwan] Testing the easiest config to send ISAKMP datagrams

[strongswan at encambio.com]

Hello list,

My goal is building a IPv4 IPSec tunnel using IKEv1.

  Ubuntu 12.10 GNU/Linux AMD64
  Strongswan 4.5.2

/etc/strongswan.conf:
  pluto {
      load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
  }

  libstrongswan {
      dh_exponent_ansi_x9_42 = no
  }

/etc/ipsec.conf:
  config setup
      plutodebug=all
      charonstart=no
      plutostart=yes

  conn %default
      ikelifetime=60m
      keylife=20m
      rekeymargin=3m
      keyingtries=1
      keyexchange=ikev1
      authby=secret

  conn here
      left=192.168.0.22
      right=12.34.56.78
      rightsubnet=192.168.1.0/24
      auto=add

/etc/ipsec.secrets:
  12.34.56.78 : PSK "0000111122223333"

It would seem that the above config should suffice to at least send
UDP packets to host 12.34.56.78 ports 500 or 4500, but...

  192.168.0.22# /etc/init.d/ipsec start

  192.168.0.22# ps aux | grep pluto
  root    3662 ... 18:08 /usr/lib/ipsec/pluto --nofork --uniqueids --debug-all

  192.168.0.22# /usr/lib/ipsec/whack --status
  000 "here": 192.168.0.22[192.168.0.22]...12.34.56.78[12.34.56.78]===192.168.1.0/24; unrouted; eroute owner; #0
  000 "here":    newest ISAKMP SA: #0; newest IPsec SA: #0;
  000

...when I run tcpdump(1) and socat(1) to test, it's clear that pluto
is not sending anything at all.

  12.34.56.78# socat UDP4-LISTEN:500,bind=12.34.56.77 -
  12.34.56.78# socat UDP4-LISTEN:4500,bind=12.34.56.77 -
  (nothing...)

  12.34.56.78# tcpdump -i eth0 port 500 or port 4500
  192.168.0.22# tcpdump -i eth0 port 500 or port 4500
  (nothing...)

Even after logging plutodebug=all I see no errors in /var/log/auth.log.
What do I need to change to make pluto(8) send IKE UDP datagrams?

Thanks,
Michael