Accomodate both RADIUS and pool IP addresses in IPsec
Strongswan now allows multiple dynamic address pools in mobile IPsec.
I was able to coerce it to work by forcing eap-radius to load earlier by placing load = 255 in /usr/local/etc/strongswan.d/charon/eap-radius.conf causing that plugin to load earlier.
I also manually placed rightsourceip = %radius,172.25.25.0/24 in /var/etc/ipsec/ipsec.conf in the mobile IPsec connection.
After manually stopping and starting ipsec the Framed-IP-Address attribute was honored if present. If not, the 172.25.25.0/24 pool was used.