./h2hI1 ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
./h2hI1 ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
./h2hI1 ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
./h2hI1 loading secrets from "../samples/parker.secrets"
./h2hI1 loaded private key for keyid: PPK_RSA:AQN7wUerV/66A6 7046 BBAB E28F 310E C6C0 80EC 790E F556 2AB9
| processing whack message of size: A
| processing whack message of size: A
processing whack msg time: X size: Y
./h2hI1 loaded key: 6DF7 E7A2 B017 2118 6525 1A9E FC30 F603 ADD5 6698
| processing whack message of size: A
processing whack msg time: X size: Y
./h2hI1 loaded key: AD2F DDF5 7ABE 6140 14AA B39E 50EB EC76 CA12 3C8C
| processing whack message of size: A
processing whack msg time: X size: Y
| Added new connection alttunnel with policy RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
| from whack: got --esp=aes128-sha1;modp1536
| esp string values: AES(12)_128-SHA1(2)_000; pfsgroup=MODP1536(5); flags=-strict
| ike (phase1) algorihtm values: 3DES_CBC(5)_000-MD5(1)_000-MODP2048(14); flags=-strict
./h2hI1 use keyid: 1:<> / 2:<>
| counting wild cards for 192.168.1.1 is 0
./h2hI1 use keyid: 1:<> / 2:<>
| counting wild cards for 132.213.238.7 is 0
| alg_info_addref() alg_info->ref_cnt=1
| alg_info_addref() alg_info->ref_cnt=1
| orient alttunnel checking against if: eth0 (AF_INET:192.168.1.1:500)
|     orient matched on IP
| orient alttunnel checking against if: eth0 (AF_INET:192.168.1.1:4500)
| orient alttunnel checking against if: eth0 (AF_INET6:2606:2800:220:1:248:1893:25c8:1946:500)
|   orient alttunnel finished with: 1 [192.168.1.1]
| find_host_pair: looking for me=192.168.1.1:500 %address him=132.213.238.7:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 192.168.1.1:500 %address 132.213.238.7:500 -> hp:none
| find_ID_host_pair: looking for me=192.168.1.1 him=132.213.238.7 (exact)
|   concluded with <none>
./h2hI1 adding connection: "alttunnel"
| 192.168.1.1...132.213.238.7
| ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1; policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|   orient alttunnel finished with: 1 [192.168.1.1]
RC=0 "alttunnel": 192.168.1.1...132.213.238.7; unrouted; eroute owner: #0
RC=0 "alttunnel":     myip=unset; hisip=unset;
RC=0 "alttunnel":   ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1
RC=0 "alttunnel":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK; prio: 32,32; interface: eth0; kind=CK_PERMANENT
RC=0 "alttunnel":   IKE algorithms wanted: 3DES_CBC(5)_000-MD5(1)_000-MODP2048(14); flags=-strict
RC=0 "alttunnel":   IKE algorithms found:  3DES_CBC(5)_192-MD5(1)_128-MODP2048(14)
RC=0 "alttunnel":   ESP algorithms wanted: AES(12)_128-SHA1(2)_000; pfsgroup=MODP1536(5); flags=-strict
| auth algid=2 not available
RC=0 "alttunnel":   ESP algorithms loaded: none
| find_phase1_state: no SA found for conn 'alttunnel'
| creating state object #1 at Z
| orient alttunnel checking against if: eth0 (AF_INET:192.168.1.1:500)
|     orient matched on IP
| orient alttunnel checking against if: eth0 (AF_INET:192.168.1.1:4500)
| orient alttunnel checking against if: eth0 (AF_INET6:2606:2800:220:1:248:1893:25c8:1946:500)
|   orient alttunnel finished with: 1 [192.168.1.1]
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| inserting state object #1 bucket: 4
./h2hI1 initiating v2 parent SA
./h2hI1 STATE_PARENT_I1: initiate
| ikev2 parent outI1: calculated ke+nonce, sending I1
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 00
|    next-payload: ISAKMP_NEXT_v2SA [@16=0x21]
| ***emit IKEv2 Security Association Payload:
|    critical bit: none
| ****emit IKEv2 Proposal Substructure Payload:
|    prop #: 1
|    proto ID: 1
|    spi size: 0
|    # transforms: 4
| *****emit IKEv2 Transform Substructure Payload:
|    transform type: 1
|    transform ID: 3
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    transform type: 3
|    transform ID: 1
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    transform type: 2
|    transform ID: 1
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    transform type: 4
|    transform ID: 14
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 40
| emitting length of IKEv2 Security Association Payload: 44
|    next-payload: ISAKMP_NEXT_v2KE [@28=0x22]
| ***emit IKEv2 Key Exchange Payload:
|    critical bit: none
|    transform type: 14
| emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
| ikev2 g^x  bf da ea a0  86 55 9f df  bf bb 5e 42  b9 a6 18 18
|   ab ca 13 b4  cf 6a 92 77  44 6c 57 46  1c 07 a0 86
|   44 e0 9c 5f  98 41 7c 4a  3b ab 6c 35  56 5a 63 cc
|   0b 2e 40 97  16 18 bf c0  83 55 57 cc  94 04 cd 6b
|   a2 f2 b9 a6  3b 9b 0d fd  73 7f 91 04  06 28 86 f9
|   cb 0b 8a 65  14 a0 f5 b2  ed 6b 23 1f  7d df 90 28
|   b8 0f 28 95  fb 00 22 c9  e3 8f b9 df  b8 7c 66 bc
|   75 1b c8 61  ba b5 93 17  d6 df 87 26  d3 4d 2d 0a
|   a4 80 e4 51  fd 38 fa 42  ca b5 f5 2d  90 80 be a4
|   9c 08 17 b6  ab a9 49 4c  f7 45 53 50  cb 49 f8 b4
|   44 50 86 91  37 f7 5c b0  4a ce 96 1f  fc 2a a5 16
|   e9 45 e4 f2  e5 f0 c9 81  c1 66 68 55  ed c9 3b 62
|   27 a9 34 0e  01 a8 54 63  7f 99 2f ea  6d 3a 21 4c
|   32 72 bf bb  85 df 2b 8e  cc a0 40 3e  96 16 fa 03
|   96 7f cd d7  d0 11 d0 17  89 96 cd 01  25 d3 3d dd
|   d2 5e 2c bd  2e 3a e4 97  b6 33 a3 5c  41 01 ed 8e
| emitting length of IKEv2 Key Exchange Payload: 264
|    next-payload: ISAKMP_NEXT_v2Ni [@72=0x28]
| ***emit IKEv2 Nonce Payload:
|    critical bit: none
| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
| IKEv2 nonce  3c d5 15 14  50 ab 73 9a  c8 ac 54 1c  0d e6 bc 04
| emitting length of IKEv2 Nonce Payload: 20
| nat chunk  80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   c0 a8 01 01  01 f4
| Adding a v2N Payload
|    next-payload: ISAKMP_NEXT_v2N [@336=0x29]
| ***emit IKEv2 Notify Payload:
|    critical bit: none
|    Protocol ID: PROTO_RESERVED
|    SPI size: 0
|    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP
| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data  ea 59 1e 1b  30 a3 e0 94  4c dc 91 5b  b0 95 3c 48
|   70 73 62 f1
| emitting length of IKEv2 Notify Payload: 28
| nat chunk  80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   84 d5 ee 07  01 f4
| Adding a v2N Payload
|    next-payload: ISAKMP_NEXT_v2N [@356=0x29]
| ***emit IKEv2 Notify Payload:
|    critical bit: none
|    Protocol ID: PROTO_RESERVED
|    SPI size: 0
|    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP
| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data  cd bc 1b 74  02 d7 5e 4c  da 5b cd 1c  a1 08 87 2b
|   f9 7d c4 c2
| emitting length of IKEv2 Notify Payload: 28
|    next-payload: ISAKMP_NEXT_v2V [@384=0x2b]
| ***emit ISAKMP Vendor ID Payload:
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID  4f 45 70 6c  75 74 6f 75  6e 69 74 30
| emitting length of ISAKMP Vendor ID Payload: 16
| emitting length of ISAKMP Message: 428
sending 428 bytes for ikev2_parent_outI1_common through eth0:500 [192.168.1.1:500] to 132.213.238.7:500 (using #1)
|   80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 01 ac  22 00 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  28 00 01 08  00 0e 00 00
|   bf da ea a0  86 55 9f df  bf bb 5e 42  b9 a6 18 18
|   ab ca 13 b4  cf 6a 92 77  44 6c 57 46  1c 07 a0 86
|   44 e0 9c 5f  98 41 7c 4a  3b ab 6c 35  56 5a 63 cc
|   0b 2e 40 97  16 18 bf c0  83 55 57 cc  94 04 cd 6b
|   a2 f2 b9 a6  3b 9b 0d fd  73 7f 91 04  06 28 86 f9
|   cb 0b 8a 65  14 a0 f5 b2  ed 6b 23 1f  7d df 90 28
|   b8 0f 28 95  fb 00 22 c9  e3 8f b9 df  b8 7c 66 bc
|   75 1b c8 61  ba b5 93 17  d6 df 87 26  d3 4d 2d 0a
|   a4 80 e4 51  fd 38 fa 42  ca b5 f5 2d  90 80 be a4
|   9c 08 17 b6  ab a9 49 4c  f7 45 53 50  cb 49 f8 b4
|   44 50 86 91  37 f7 5c b0  4a ce 96 1f  fc 2a a5 16
|   e9 45 e4 f2  e5 f0 c9 81  c1 66 68 55  ed c9 3b 62
|   27 a9 34 0e  01 a8 54 63  7f 99 2f ea  6d 3a 21 4c
|   32 72 bf bb  85 df 2b 8e  cc a0 40 3e  96 16 fa 03
|   96 7f cd d7  d0 11 d0 17  89 96 cd 01  25 d3 3d dd
|   d2 5e 2c bd  2e 3a e4 97  b6 33 a3 5c  41 01 ed 8e
|   29 00 00 14  3c d5 15 14  50 ab 73 9a  c8 ac 54 1c
|   0d e6 bc 04  29 00 00 1c  00 00 40 04  ea 59 1e 1b
|   30 a3 e0 94  4c dc 91 5b  b0 95 3c 48  70 73 62 f1
|   2b 00 00 1c  00 00 40 05  cd bc 1b 74  02 d7 5e 4c
|   da 5b cd 1c  a1 08 87 2b  f9 7d c4 c2  00 00 00 10
|   4f 45 70 6c  75 74 6f 75  6e 69 74 30
| #1 complete v2 state transition with STF_OK
./h2hI1 transition from state STATE_IKEv2_START to state STATE_PARENT_I1
| v2_state_transition: st is #1; pst is #0; transition_st is #0
./h2hI1 STATE_PARENT_I1: sent v2I1, expected v2R1 (msgid: 00000000/4294967295)
./h2hI1 deleting state #1 (STATE_PARENT_I1)
| considering request to delete IKE parent state
| removing state object #1
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
./h2hI1 deleting connection
| pass 0: considering CHILD SAs to delete
| pass 1: considering PARENT SAs to delete
| alg_info_delref(ADDRESS) alg_info->ref_cnt=1
| alg_info_delref(ADDRESS) freeing alg_info
| alg_info_delref(ADDRESS) alg_info->ref_cnt=1
| alg_info_delref(ADDRESS) freeing alg_info
./h2hI1 leak: saved first packet, item size: X
./h2hI1 leak: reply packet for ikev2_parent_outI1_tail, item size: X
./h2hI1 leak: sa in main_outI1, item size: X
./h2hI1 leak: db_v2_trans, item size: X
./h2hI1 leak: db_v2_prop_conj, item size: X
./h2hI1 leak: db_v2_prop, item size: X
./h2hI1 leak: initiator nonce, item size: X
./h2hI1 leak: long term secret, item size: X
./h2hI1 leak: saved gi value, item size: X
./h2hI1 leak: msg_digest, item size: X
./h2hI1 leak: ikev2_outI1 KE, item size: X
./h2hI1 leak: db_v2_trans, item size: X
./h2hI1 leak: db_v2_prop_conj, item size: X
./h2hI1 leak: db_v2_prop, item size: X
./h2hI1 leak: sa copy attrs array, item size: X
./h2hI1 leak: sa copy trans array, item size: X
./h2hI1 leak: sa copy prop array, item size: X
./h2hI1 leak: sa copy prop conj array, item size: X
./h2hI1 leak: sa copy prop_conj, item size: X
./h2hI1 leak: sa copy attrs array, item size: X
./h2hI1 leak: sa copy 1 trans array, item size: X
./h2hI1 leak: sa copy 1 prop array, item size: X
./h2hI1 leak: sa copy 1 prop conj array, item size: X
./h2hI1 leak: sa copy prop_conj, item size: X
./h2hI1 leak: struct state in new_state(), item size: X
./h2hI1 leak: policies path, item size: X
./h2hI1 leak: ocspcerts path, item size: X
./h2hI1 leak: aacerts path, item size: X
./h2hI1 leak: certs path, item size: X
./h2hI1 leak: private path, item size: X
./h2hI1 leak: crls path, item size: X
./h2hI1 leak: cacert path, item size: X
./h2hI1 leak: acert path, item size: X
./h2hI1 leak: default conf var_dir, item size: X
./h2hI1 leak: default conf conffile, item size: X
./h2hI1 leak: default conf ipsecd_dir, item size: X
./h2hI1 leak: default conf ipsec_conf_dir, item size: X
./h2hI1 leak: 2 * id list, item size: X
./h2hI1 leak: rfc3110 format of public key [created], item size: X
./h2hI1 leak: pubkey, item size: X
./h2hI1 leak: secret, item size: X
./h2hI1 leak: 2 * hasher name, item size: X
./h2hI1 leak detective found Z leaks, total size X
