The roadwarriors carol and dave set up a connection to gateway moon using IKEv1 Aggressive Mode. The authentication is based on RSA signatures (RSASIG) using X.509 certificates followed by extended authentication (XAUTH) of carol and dave based on user names defined by the xauth_identity parameter (carol and dave, respectively) and corresponding user passwords defined and stored in ipsec.secrets.
Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, carol and dave ping the client alice behind the gateway moon.