The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
The key exchange is based on NTRU encryption with a cryptographical strength of 128 bit and
192 bit for <b>carol</b> and <b>dave</b>, respectively. Authentication is based on strong
preshared keys (PSKs).
Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
by using the <b>vips = 0.0.0.0</b> parameter. The gateway <b>moon</b> assigns virtual
IP addresses from a simple pool in a monotonously increasing order.
<p/>
Upon the successful establishment of the IPsec tunnels, the updown-script automatically
inserts iptables-based firewall rules that let pass the tunneled traffic.
In order to test both tunnel and firewall, both
<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.