The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
Both <b>carol</b> and <b>dave</b> request the same <b>virtual IP</b> via the IKEv2
-configuration payload by using the <b>leftsourceip=PH_IP_DAVE1</b> parameter. On a first-come,
-first-served basis, <b>dave</b> gets <b>PH_IP_DAVE1</b> from the simple address pool managed
-by gateway <b>moon</b> and <b>carol</b> gets the first free address <b>PH_IP_CAROL1</b>
+configuration payload by using the <b>leftsourceip=PH_IP_CAROL1</b> parameter. On a first-come,
+first-served basis, <b>carol</b> gets <b>PH_IP_CAROL1</b> from the simple address pool managed
+by gateway <b>moon</b> and <b>dave</b> gets the next free address <b>PH_IP_DAVE1</b>
from the pool.
<p>
<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
dave::ipsec status::home.*INSTALLED::YES
dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::cat /var/log/daemon.log::adding virtual IP address pool::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES
+moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
moon::cat /var/log/daemon.log::assigning virtual IP::YES
moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
conn home
left=PH_IP_CAROL
- leftsourceip=PH_IP_DAVE1
+ leftsourceip=PH_IP_CAROL1
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
- leftsourceip=PH_IP_DAVE1
+ leftsourceip=PH_IP_CAROL1
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
moon::/etc/init.d/iptables start 2> /dev/null
carol::/etc/init.d/iptables start 2> /dev/null
dave::/etc/init.d/iptables start 2> /dev/null
-dave::ipsec start
carol::ipsec start
+dave::ipsec start
moon::ipsec start
-dave::sleep 2
-dave::ipsec up home
+carol::sleep 2
carol::ipsec up home
+dave::ipsec up home
dave::sleep 1