The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
At the outset the gateway authenticates itself to the client by sending
an IKEv2 <b>digital signature</b> accompanied by an X.509 certificate.
<p/>
Next <b>carol</b> uses the <i>Microsoft CHAP version 2</i> (<b>EAP-MSCHAPV2</b>)
method of the <i>Extensible Authentication Protocol</i> to authenticate herself.
This EAP method is used e.g. by the Windows 7/8/10 Agile VPN client.
<p/>
In addition to her IKEv2 identity which defaults to her IP address,
roadwarrior <b>carol</b> uses the EAP identity <b>carol</b>.