The roadwarriors alice and venus sitting behind the NAT router moon set up tunnels to gateway sun. UDP encapsulation is used to traverse the NAT router. Authentication is based on X.509 certificates.

leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the tunnel, the NAT-ed hosts alice and venus ping the client bob behind the gateway sun.