The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
Authentication is based on X.509 certificates.
<p/>
Upon the successful establishment of the IPsec tunnels, the updown script automatically
inserts iptables-based firewall rules that let pass the tunneled traffic.
In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
ping the client <b>bob</b> behind the gateway <b>sun</b>.