X.509 test where both peers have require-id-on-certificate=no for its peer. This means a certificate
without SAN=<ip address> is allowed to continue despite the "mismatch" of IKE ID
(usually the default IP address) and cert. This test uses left=/right= with IP
addresses (not right=%any)