The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
At the outset the gateway authenticates itself to the client by sending
an IKEv2 <b>RSA signature</b> accompanied by a certificate.
<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
in association with an  <i>MD5</i> challenge and response protocol
(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b>.
In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior
<b>carol</b> uses the EAP identity <b>carol</b>.
The user password is kept in <b>ipsec.secrets</b> on the client <b>carol</b>
and the gateway forwards all EAP messages to the RADIUS server <b>alice</b>.