pretect you sit tunnel with ipsec

LEFT=10.0.4.11

RIGHT=45.137.181.106

l2r=in

r2l=out

if ip route g $LEFT |grep local; then

   l2r=out;

   rtl=in;

fi

if ip route g $RIGHT |grep local; then

   l2r=in;

   rtl=out;

fi

ip xfrm state flush

ip xfrm state add src $LEFT dst $RIGHT proto esp spi 2172667646 mode transport enc blowfish 0xc0de0102 sel src $LEFT dst $RIGHT proto 41

ip xfrm state add src $RIGHT dst $LEFT proto esp spi 2172667647 mode transport enc blowfish 0xc0ed0012 sel src $RIGHT dst $LEFT proto 41

ip xfrm policy flush

ip xfrm policy add src $LEFT dst $RIGHT proto 41 dir $l2r tmpl src $LEFT dst $RIGHT proto esp mode transport

ip xfrm policy add src $RIGHT dst $LEFT proto 41 dir $r2l tmpl src $LEFT dst $RIGHT proto esp mode transport