The roadwarrior carol sets up a connection to gateway moon. At the outset the gateway authenticates itself to the client by sending an IKEv2 RSA signature accompanied by a certificate. carol then uses the Extensible Authentication Protocol in association with an MD5 challenge and response protocol (EAP-MD5) to authenticate against the gateway moon. In addition to her IKEv2 identity carol@strongswan.org, roadwarrior carol uses the EAP identity carol. The user password is kept in ipsec.secrets on the client carol and the gateway forwards all EAP messages to the RADIUS server alice.