The roadwarrior carol sets up a connection to gateway moon.
At the outset the gateway authenticates itself to the client by sending
an IKEv2 RSA signature accompanied by a certificate.
carol then uses the Extensible Authentication Protocol
in association with an MD5 challenge and response protocol
(EAP-MD5) to authenticate against the gateway moon.
In addition to her IKEv2 identity firstname.lastname@example.org, roadwarrior
carol uses the EAP identity carol.
The user password is kept in ipsec.secrets on the client carol
and the gateway forwards all EAP messages to the RADIUS server alice.