A connection between the subnets behind the gateways moon and sun is set up. The authentication is based on X.509 certificates and RSA private keys stored in PEM format in an SQLite database. The IKE_SA configuration details and the traffic selectors of three CHILD_SAs are also stored in the database and are marked to be automatically started by gateway moon via the start_action field in the child_configs table.
In order to test both tunnel and firewall, client alice behind gateway moon pings client bob located behind gateway sun and bob in turn ping client venus behind gateway moon.