The roadwarriors carol and dave set up a connection to gateway moon. The authentication is based on RSA signatures (RSASIG) using X.509 certificates followed by extended authentication (XAUTH) of carol and dave based on user names equal to the IKEv1 identity (carol@strongswan.org and dave@strongswan.org, respectively) and corresponding user passwords defined and stored in ipsec.secrets.

Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, carol and dave ping the client alice behind the gateway moon.