The roadwarrior carol sets up a connection to gateway moon using multiple authentication exchanges (RFC 4739). In a first round both carol and moon authenticate themselves by sending an IKEv2 RSA signature accompanied by a certificate.
In a second round carol then uses the Extensible Authentication Protocol in association with a GSM Subscriber Identity Module (EAP-SIM) to authenticate herself against the remote RADIUS server alice. In this scenario, triplets from the file /etc/ipsec.d/triplets.dat are used instead of a physical SIM card on the client carol. The gateway forwards all EAP messages to the RADIUS server alice which also uses a static triplets file.
The roadwarrior dave also uses multiple authentication and succeeds in the first round but sends wrong EAP-SIM triplets in the second round. As a consequence the radius server alice returns an Access-Reject message and the gateway moon sends back an EAP_FAILURE.