The peers <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that the
<b>remote_addrs</b> field contains a <b>Fully Qualified Domain Name</b> (FQDN) which
is evaluated just before use via a DNS lookup (simulated by an /etc/hosts entry).
This will allow an IKE main mode rekeying to arrive from an arbitrary IP address
under the condition that the peer identity remains unchanged. When this happens
the old tunnel is replaced by an IPsec connection to the new origin.
<p>
In this scenario <b>carol</b> first initiates a tunnel to <b>moon</b>. After some
time <b>carol</b> suddenly changes her IP address and restarts the connection to
<b>moon</b> without deleting the old tunnel first (simulated by iptables blocking
IKE packets to and from <b>carol</b> and starting the connection from host <b>dave</b>
using <b>carol</b>'s identity).
