The roadwarriors carol and dave set up an IPv4 connection each to gateway moon using the IKEv1 and IKEv2 key exchange protocol, respectively. The authentication is based on X.509 certificates. dave advertises the support of the IKEv2 fragmentation protocol defined in RFC 7383 which prevents the IP fragmentation of the IKEv2 messages carrying large X.509 certificates whereas carol announces support of non-standardized IKEv1 fragmentation.
Upon the successful establishment of the IPsec tunnels, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both carol and dave ping the client alice behind the gateway moon.