as netkey-vti-01 but now the IPsec SA is a host-to-host tunnel

This test sets up a "routed vpn" with a 192.1.2.45/32 <-> 192.1.2.23/32 policy

It is to confirm VTI works with host routes

This test seems to fail on linux 4.0.4 but succeeds on 4.9.9

Note east shows 4 XFRM errors due to receiving unencrypted traffic meant to be
only received encrypted (XfrmInTmplMismatch)
