The roadwarriors carol and dave set up a connection each to gateway moon. The strong mutual authentication is based on EAP-TTLS only (without a separate IKEv2 authentication) with the gateway being authenticated by a server certificate during the EAP-TLS tunnel setup (phase1 of EAP-TTLS). This tunnel protects the ensuing weak client authentication based on EAP-MD5 (phase2 of EAP-TTLS).
With the default setting charon.plugins.eap-ttls.phase2_piggyback = no the server moon passively waits for the clients to initiate phase2 of the EAP-TTLS protocol by sending a tunneled orphan EAP Identity response upon the reception of the server's TLS Finished message. Client carol presents the correct MD5 password and succeeds whereas client dave chooses the wrong password and fails.