The WLAN clients <b>alice</b> and <b>venus</b> secure all their wireless traffic
by setting up an IPsec tunnel to gateway <b>moon</b>. The VPN network mask is
<b>0.0.0.0/0</b>. Traffic with destination outside the protected 10.1.0.0/10 network
is NAT-ed by router <b>moon</b>. The IPsec connections are tested by pings from
<b>alice</b> to <b>venus</b> tunneled  via <b>moon</b> and to both the internal
and external interface of gateway <b>moon</b>. Access to the gateway is
set up by <b>lefthostaccess=yes</b> in conjunction with <b>leftfirewall=yes</b>.
At last <b>alice</b> and <b>venus</b> ping the external host <b>sun</b> via the NAT router.
<p>
The host system controls the UML instances <b>alice</b> and <b>carol</b> via
ssh commands sent over the virtual <b>tap1</b> interface. In order to keep up 
the control flow in the presence of the all-encompassing 0.0.0.0/0 tunnel
to the gateway <b>moon</b> an auxiliary <b>passthrough</b> eroute restricted
to the ssh port is statically set up by <b>conn system</b>.