The roadwarriors carol and dave set up a connection each to gateway moon. The key exchange is based on NTRU encryption with a cryptographical strength of 128 bit and 192 bit for carol and dave, respectively. Authentication is based on strong preshared keys (PSKs). Both carol and dave request a virtual IP via the IKEv1 mode-config payload by using the leftsourceip=%config parameter. The gateway moon assigns virtual IP addresses from a simple pool defined by rightsourceip=10.3.0.0/28 in a monotonously increasing order.

leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the tunnels, carol and dave then ping the client alice behind the gateway moon. The source IP addresses of the two pings will be the virtual IPs carol1 and dave1, respectively.