The roadwarrior carol sets up a connection to gateway moon. At the outset the gateway authenticates itself to the client by sending an IKEv2 digital signature accompanied by an X.509 certificate.

Next carol uses the GSM Subscriber Identity Module (EAP-SIM) method of the Extensible Authentication Protocol to authenticate herself. In this scenario triplets from the file /etc/ipsec.d/triplets.dat are used instead of a physical SIM card.

The gateway forwards all EAP messages to the RADIUS server alice which also uses static triplets. In addition to her IKEv2 identity carol@strongswan.org, roadwarrior carol uses the EAP identity 228060123456001.