IKEv2 AUTH test. The certs are valid but both ends use an
explicit ID, not the cert ID. These IDs may only be trusted
if they appear as subjectAltName (SAN) on the certificate.

The leftid/rightid matches the email in the RDN, not any email
in the DNS SAN. The connection is expected to fail.