A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b>
is set up using VTI interfaces.
<p/>
The gateways use <b>route-based forwarding</b> with <b>VTI tunnels</b>, with
firewall rules to allow traffic to pass. The IPsec traffic selector used is
0.0.0.0/0, however specific routing is achieved with routes on the VTI
interfaces. The IKE daemon is configured to not install routes with
<em>charon.install_routes=0</em>, and static routes are installed for the
target subnets on the VTI interfaces.
<p/>
Client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located
behind gateway <b>sun</b>.