The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
Authentication is based on X.509 certificates.
<p/>
Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the tunnel,
the NAT-ed hosts <b>alice</b> and <b>venus</b> ping the client <b>bob</b> behind the gateway <b>sun</b>.
