./h2hI3 ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
./h2hI3 ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
./h2hI3 ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
./h2hI3 loading secrets from "../samples/parker.secrets"
./h2hI3 loaded private key for keyid: PPK_RSA:AQN7wUerV/66A6 7046 BBAB E28F 310E C6C0 80EC 790E F556 2AB9
| processing whack message of size: A
| processing whack message of size: A
processing whack msg time: X size: Y
./h2hI3 loaded key: 6DF7 E7A2 B017 2118 6525 1A9E FC30 F603 ADD5 6698
| processing whack message of size: A
processing whack msg time: X size: Y
./h2hI3 loaded key: AD2F DDF5 7ABE 6140 14AA B39E 50EB EC76 CA12 3C8C
| processing whack message of size: A
processing whack msg time: X size: Y
| Added new connection alttunnel with policy RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
./h2hI3 use keyid: 1:6DF7 E7A2 B017 2118 6525 1A9E FC30 F603 ADD5 6698 / 2:<>
| counting wild cards for 192.168.1.1 is 0
./h2hI3 use keyid: 1:AD2F DDF5 7ABE 6140 14AA B39E 50EB EC76 CA12 3C8C / 2:<>
| counting wild cards for 132.213.238.7 is 0
| orient alttunnel checking against if: eth0 (AF_INET:192.168.1.1:500)
|     orient matched on IP
| orient alttunnel checking against if: eth0 (AF_INET:192.168.1.1:4500)
| orient alttunnel checking against if: eth0 (AF_INET6:2606:2800:220:1:248:1893:25c8:1946:500)
|   orient alttunnel finished with: 1 [192.168.1.1]
| find_host_pair: looking for me=192.168.1.1:500 %address him=132.213.238.7:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 192.168.1.1:500 %address 132.213.238.7:500 -> hp:none
| find_ID_host_pair: looking for me=192.168.1.1 him=132.213.238.7 (exact)
|   concluded with <none>
./h2hI3 adding connection: "alttunnel"
| 192.168.1.1...132.213.238.7
| ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1; policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|   orient alttunnel finished with: 1 [192.168.1.1]
RC=0 "alttunnel": 192.168.1.1...132.213.238.7; unrouted; eroute owner: #0
RC=0 "alttunnel":     myip=unset; hisip=unset;
RC=0 "alttunnel":   keys: 1:6DF7 E7A2 B017 2118 6525 1A9E FC30 F603 ADD5 6698 2:none...
RC=0 "alttunnel":        ....1:AD2F DDF5 7ABE 6140 14AA B39E 50EB EC76 CA12 3C8C 2:none
RC=0 "alttunnel":   ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1
RC=0 "alttunnel":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK; prio: 32,32; interface: eth0; kind=CK_PERMANENT
| find_phase1_state: no SA found for conn 'alttunnel'
| creating state object #1 at Z
| orient alttunnel checking against if: eth0 (AF_INET:192.168.1.1:500)
|     orient matched on IP
| orient alttunnel checking against if: eth0 (AF_INET:192.168.1.1:4500)
| orient alttunnel checking against if: eth0 (AF_INET6:2606:2800:220:1:248:1893:25c8:1946:500)
|   orient alttunnel finished with: 1 [192.168.1.1]
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| inserting state object #1 bucket: 4
./h2hI3 initiating v2 parent SA
./h2hI3 STATE_PARENT_I1: initiate
sending 892 bytes for ikev2_parent_outI1_common through eth0:500 [192.168.1.1:500] to 132.213.238.7:500 (using #1)
|   80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 03 7c  22 00 01 fc
|   02 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  02 00 00 2c
|   02 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 28  03 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 02  00 00 00 08  04 00 00 0e
|   02 00 00 28  04 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 2c  05 01 00 04
|   03 00 00 0c  01 00 00 0c  80 0e 00 80  03 00 00 08
|   03 00 00 02  03 00 00 08  02 00 00 02  00 00 00 08
|   04 00 00 05  02 00 00 2c  06 01 00 04  03 00 00 0c
|   01 00 00 0c  80 0e 00 80  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  07 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  08 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  09 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  02 00 00 28  0a 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   02 00 00 2c  0b 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 02  00 00 00 2c
|   0c 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 02  28 00 01 08  00 0e 00 00
|   45 a7 3f fb  25 20 77 b3  45 0a e4 91  a6 af 49 64
|   99 d7 99 08  e8 86 1f d1  29 c7 68 64  ab 29 c3 fb
|   ad 47 9a d0  6b 35 08 ed  d0 9c 59 fb  e8 b8 1e d8
|   0b a6 83 90  ca 4a 73 f6  5c c1 9f ad  32 57 70 e3
|   65 27 9a 8f  69 2d 52 ec  e1 42 bc db  80 8b 10 6a
|   02 71 fe 15  29 1e fa 8a  e6 21 89 84  d0 dd 72 19
|   09 1c 26 01  c4 3e bb c1  b6 cd ca fc  d6 f7 aa 0d
|   86 62 21 e4  1e 86 8a 74  5b 06 d5 2c  19 27 55 ca
|   bb 5e 1d 20  e0 e3 24 79  9b d9 65 a7  50 57 48 b1
|   5a d0 71 a2  60 ef 14 75  69 dd 14 1a  09 88 6d c3
|   b2 7d f5 18  bd c1 33 1d  b0 7d b6 dc  2b 1e a1 98
|   06 bb aa c4  a4 69 b3 c4  f0 4e 08 f3  ee 73 85 41
|   4f 5a dd d3  55 e1 ec a2  e1 97 fb 2f  f2 b0 6f bc
|   fc 5f 6b c2  3a 32 e6 46  e1 df 42 70  03 1c 0e a9
|   1d cb e0 75  ca dd 45 ad  d7 17 f9 02  ef e0 f9 78
|   d1 1e 82 8f  c2 b7 aa 25  19 6f 2f 08  4d 2b df dc
|   29 00 00 14  80 01 02 03  04 05 06 07  08 09 0a 0b
|   0c 0d 0e 0f  29 00 00 1c  00 00 40 04  ea 59 1e 1b
|   30 a3 e0 94  4c dc 91 5b  b0 95 3c 48  70 73 62 f1
|   2b 00 00 1c  00 00 40 05  cd bc 1b 74  02 d7 5e 4c
|   da 5b cd 1c  a1 08 87 2b  f9 7d c4 c2  00 00 00 10
|   4f 45 70 6c  75 74 6f 75  6e 69 74 30
| #1 complete v2 state transition with STF_OK
./h2hI3 transition from state STATE_IKEv2_START to state STATE_PARENT_I1
| v2_state_transition: st is #1; pst is #0; transition_st is #0
./h2hI3 STATE_PARENT_I1: sent v2I1, expected v2R1 (msgid: 00000000/4294967295)
0: input from h2hR1.pcap
|   =========== input from pcap file h2hR1.pcap ========
| *received 428 bytes from 132.213.238.7:500 on eth0 (port=500)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   21 20 22 20  00 00 00 00  00 00 01 ac  22 00 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  28 00 01 08  00 0e 00 00
|   25 9a 4e 99  8d ac d9 7b  7d ad 9b 2a  bd 38 04 00
|   f7 71 32 4c  b0 95 5e 5c  c1 0b e2 92  80 c3 9f b5
|   30 9b f3 89  51 96 5b 75  c6 5b 85 1a  8f f3 2d 6a
|   b1 b9 66 fe  c5 2e a9 f4  9e e2 34 c3  d9 dd 47 17
|   18 90 fd ce  66 bd 6c e4  43 8a 74 49  1c 72 97 9f
|   d7 74 86 b1  82 7e 9f 17  82 5e 06 ba  d2 fd 71 7e
|   73 10 4b 8b  52 14 00 26  48 d2 59 2e  1c 89 3c bb
|   e7 e0 12 4a  cb 9b b4 06  45 ca df 18  ca 11 f3 28
|   68 35 09 9f  16 e5 14 33  ff a8 5c 28  ab 17 4b 29
|   3b 56 32 c7  53 ad 99 61  9c 56 f8 50  25 21 34 ab
|   2d b8 f0 ec  f9 23 ae 8c  b5 24 4d e0  e6 3e 29 d4
|   2e da b1 9c  6c 3b 1f 0b  bf ae be 6d  0f 58 c3 7a
|   95 be 9b 9f  8a e7 07 38  a6 54 e9 32  80 63 8c 60
|   b3 ed 8b 59  27 d3 03 7d  46 04 05 4c  6d d1 26 3c
|   4e 09 ea 63  e0 7a 6a 7a  a6 3d ed ac  39 8c bf 1f
|   de 9c d9 09  d2 a1 63 e1  28 12 5a 18  31 fb 82 ee
|   29 00 00 14  00 84 b6 7e  d1 b6 d1 52  89 0e d7 1c
|   74 b9 26 e4  29 00 00 1c  00 00 40 04  1d 77 eb e3
|   db b6 db 7c  4b b5 ef 4b  57 c6 f1 b8  ec 7e 9b fe
|   2b 00 00 1c  00 00 40 05  81 b5 74 15  c4 1e 64 b8
|   4c 1a 4e 9c  14 92 f7 ab  25 31 bf 62  00 00 00 10
|   4f 45 70 6c  75 74 6f 75  6e 69 74 30
| **parse ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
|    length: 428
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34), msgid: 00000000
| I am IKE SA Initiator
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| v2 state object not found
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 peer and cookies match on #1
| v2 state object #1 (alttunnel) found, in STATE_PARENT_I1
| removing state object #1
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| inserting state object #1 bucket: 28
| state found and its state is:STATE_PARENT_I1 msgid: 00000
| ***parse IKEv2 Security Association Payload:
|    critical bit: none
|    length: 44
| processing payload: ISAKMP_NEXT_v2SA (len=44)
| ***parse IKEv2 Key Exchange Payload:
|    critical bit: none
|    length: 264
|    transform type: 14
| processing payload: ISAKMP_NEXT_v2KE (len=264)
| ***parse IKEv2 Nonce Payload:
|    critical bit: none
|    length: 20
| processing payload: ISAKMP_NEXT_v2Ni (len=20)
| ***parse IKEv2 Notify Payload:
|    critical bit: none
|    length: 28
|    Protocol ID: PROTO_RESERVED
|    SPI size: 0
|    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP
| processing payload: ISAKMP_NEXT_v2N (len=28)
| ***parse IKEv2 Notify Payload:
|    critical bit: none
|    length: 28
|    Protocol ID: PROTO_RESERVED
|    SPI size: 0
|    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP
| processing payload: ISAKMP_NEXT_v2N (len=28)
| ***parse IKEv2 Vendor ID Payload:
|    critical bit: none
|    length: 16
| processing payload: ISAKMP_NEXT_v2V (len=16)
| considering state entry: 0
| now proceed with state specific processing using state #0 initiator-V2_init
| nat chunk  80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   84 d5 ee 07  01 f4
| processing v2N_NAT_DETECTION_SOURCE_IP
| received nat-t hash  1d 77 eb e3  db b6 db 7c  4b b5 ef 4b  57 c6 f1 b8
|   ec 7e 9b fe
| calculated nat-t  h  1d 77 eb e3  db b6 db 7c  4b b5 ef 4b  57 c6 f1 b8
|   ec 7e 9b fe
| nat-t payloads for v2N_NAT_DETECTION_SOURCE_IP match: no NAT
| nat chunk  80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   c0 a8 01 01  01 f4
| processing v2N_NAT_DETECTION_DESTINATION_IP
| received nat-t hash  81 b5 74 15  c4 1e 64 b8  4c 1a 4e 9c  14 92 f7 ab
|   25 31 bf 62
| calculated nat-t  h  81 b5 74 15  c4 1e 64 b8  4c 1a 4e 9c  14 92 f7 ab
|   25 31 bf 62
| nat-t payloads for v2N_NAT_DETECTION_DESTINATION_IP match: no NAT
| ikev2 parent inR1: calculating g^{xy} in order to send I2
| DH public value received:
|   25 9a 4e 99  8d ac d9 7b  7d ad 9b 2a  bd 38 04 00
|   f7 71 32 4c  b0 95 5e 5c  c1 0b e2 92  80 c3 9f b5
|   30 9b f3 89  51 96 5b 75  c6 5b 85 1a  8f f3 2d 6a
|   b1 b9 66 fe  c5 2e a9 f4  9e e2 34 c3  d9 dd 47 17
|   18 90 fd ce  66 bd 6c e4  43 8a 74 49  1c 72 97 9f
|   d7 74 86 b1  82 7e 9f 17  82 5e 06 ba  d2 fd 71 7e
|   73 10 4b 8b  52 14 00 26  48 d2 59 2e  1c 89 3c bb
|   e7 e0 12 4a  cb 9b b4 06  45 ca df 18  ca 11 f3 28
|   68 35 09 9f  16 e5 14 33  ff a8 5c 28  ab 17 4b 29
|   3b 56 32 c7  53 ad 99 61  9c 56 f8 50  25 21 34 ab
|   2d b8 f0 ec  f9 23 ae 8c  b5 24 4d e0  e6 3e 29 d4
|   2e da b1 9c  6c 3b 1f 0b  bf ae be 6d  0f 58 c3 7a
|   95 be 9b 9f  8a e7 07 38  a6 54 e9 32  80 63 8c 60
|   b3 ed 8b 59  27 d3 03 7d  46 04 05 4c  6d d1 26 3c
|   4e 09 ea 63  e0 7a 6a 7a  a6 3d ed ac  39 8c bf 1f
|   de 9c d9 09  d2 a1 63 e1  28 12 5a 18  31 fb 82 ee
| ****parse IKEv2 Proposal Substructure Payload:
|    length: 40
|    prop #: 1
|    proto ID: 1
|    spi size: 0
|    # transforms: 4
| *****parse IKEv2 Transform Substructure Payload:
|    length: 8
|    transform type: 1
|    transform ID: 3
| *****parse IKEv2 Transform Substructure Payload:
|    length: 8
|    transform type: 3
|    transform ID: 1
| *****parse IKEv2 Transform Substructure Payload:
|    length: 8
|    transform type: 2
|    transform ID: 1
| *****parse IKEv2 Transform Substructure Payload:
|    length: 8
|    transform type: 4
|    transform ID: 14
| proposal 1 failed encr= (policy:aes-cbc vs offered:3des)
|             failed integ=(policy:auth-hmac-sha1-96 vs offered:auth-hmac-md5-96)
|             failed prf=  (policy:prf-hmac-sha1 vs offered:prf-hmac-md5)
|             succeeded dh=   (policy:OAKLEY_GROUP_MODP2048 vs offered:OAKLEY_GROUP_MODP2048)
| proposal 1 failed encr= (policy:aes-cbc vs offered:3des)
|             succeeded integ=(policy:auth-hmac-md5-96 vs offered:auth-hmac-md5-96)
|             succeeded prf=  (policy:prf-hmac-md5 vs offered:prf-hmac-md5)
|             succeeded dh=   (policy:OAKLEY_GROUP_MODP2048 vs offered:OAKLEY_GROUP_MODP2048)
| proposal 1 succeeded encr= (policy:3des vs offered:3des)
|             failed integ=(policy:auth-hmac-sha1-96 vs offered:auth-hmac-md5-96)
|             failed prf=  (policy:prf-hmac-sha1 vs offered:prf-hmac-md5)
|             succeeded dh=   (policy:OAKLEY_GROUP_MODP2048 vs offered:OAKLEY_GROUP_MODP2048)
| processor 'initiator-V2_init' returned STF_SUSPEND (2)
| #1 complete v2 state transition with STF_SUSPEND
| ikev2 parent inR1outI2: calculating g^{xy}, sending I2
| ikev2 parent SA details
| ikev2 I 0x8001020304050607 0xdebc583a8f40d0cf md5:0xf4c101c72118cf31d4682f68b9a29c07 3des192:0x0d085cb0db3e856c4d4745cc1ff5c9274f580827f03c1aad
| ikev2 R 0x8001020304050607 0xdebc583a8f40d0cf md5:0xe7354351e9a081c365b2761ac5f815ea 3des192:0x8f01464a6b1a7aaf8b8a969c88f3cc8ef82a96cd7218fc11
| duplicating state object #1
| creating state object #2 at Z
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| inserting state object #2 bucket: 28
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_AUTH
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 01
| ***emit IKEv2 Encryption Payload:
|    critical bit: none
| emitting 8 zero bytes of iv into IKEv2 Encryption Payload
|    next-payload: ISAKMP_NEXT_v2IDi [@-12=0x23]
| *****emit IKEv2 Identification Payload:
|    critical bit: none
|    id_type: ID_IPV4_ADDR
| emitting 4 raw bytes of my identity into IKEv2 Identification Payload
| my identity  c0 a8 01 01
| idhash calc pi  d8 53 01 ed  30 8e 94 de  83 d2 32 45  9b 66 1c 96
| idhash calc I2  01 00 00 00  c0 a8 01 01
| emitting length of IKEv2 Identification Payload: 12
| IKEv2 thinking whether to send my certificate:
|  my policy has  RSASIG, the policy is : RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|  sendcert: CERT_SENDIFASKED and I did not get a certificate request
|  so do not send cert.
| I did not send a certificate because I do not have one.
|  payload after AUTH will be ISAKMP_NEXT_v2SA
|    next-payload: ISAKMP_NEXT_v2AUTH [@0=0x27]
| *****emit IKEv2 Authentication Payload:
|    critical bit: none
|    auth method: v2_AUTH_RSA
| emitting 192 zero bytes of fake rsa sig into IKEv2 Authentication Payload
| emitting length of IKEv2 Authentication Payload: 200
| empty esp_info, returning defaults
|    next-payload: ISAKMP_NEXT_v2SA [@12=0x21]
| *****emit IKEv2 Security Association Payload:
|    critical bit: none
| ******emit IKEv2 Proposal Substructure Payload:
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 1
|    transform ID: 12
| ********emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 40
| ******emit IKEv2 Proposal Substructure Payload:
|    prop #: 2
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 1
|    transform ID: 12
| ********emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 3
|    transform ID: 1
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 40
| ******emit IKEv2 Proposal Substructure Payload:
|    prop #: 3
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 1
|    transform ID: 3
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| ******emit IKEv2 Proposal Substructure Payload:
|    prop #: 4
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 1
|    transform ID: 3
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 3
|    transform ID: 1
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| emitting length of IKEv2 Security Association Payload: 156
|    next-payload: ISAKMP_NEXT_v2TSi [@212=0x2c]
| *****emit IKEv2 Traffic Selector Payload:
|    critical bit: none
|    number of TS: 1
| ******emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector
| ipv4 low  c0 a8 01 01
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector
| ipv4 high  c0 a8 01 01
| emitting length of IKEv2 Traffic Selector: 16
| emitting length of IKEv2 Traffic Selector Payload: 24
|    next-payload: ISAKMP_NEXT_v2TSr [@368=0x2d]
| *****emit IKEv2 Traffic Selector Payload:
|    critical bit: none
|    number of TS: 1
| ******emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector
| ipv4 low  84 d5 ee 07
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector
| ipv4 high  84 d5 ee 07
| emitting length of IKEv2 Traffic Selector: 16
| emitting length of IKEv2 Traffic Selector Payload: 24
| emitting 8 raw bytes of padding and length into cleartext
| padding and length  00 01 02 03  04 05 06 07
| emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 448
| emitting length of ISAKMP Message: 476
| encrypting as INITIATOR, parent SA #1
| data before encryption:
|   27 00 00 0c  01 00 00 00  c0 a8 01 01  21 00 00 c8
|   01 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  2c 00 00 9c  02 00 00 28  01 03 04 03
|   12 34 56 78  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 02  00 00 00 08  05 00 00 00
|   02 00 00 28  02 03 04 03  12 34 56 78  03 00 00 0c
|   01 00 00 0c  80 0e 00 80  03 00 00 08  03 00 00 01
|   00 00 00 08  05 00 00 00  02 00 00 24  03 03 04 03
|   12 34 56 78  03 00 00 08  01 00 00 03  03 00 00 08
|   03 00 00 02  00 00 00 08  05 00 00 00  00 00 00 24
|   04 03 04 03  12 34 56 78  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  00 00 00 08  05 00 00 00
|   2d 00 00 18  01 00 00 00  07 00 00 10  00 00 ff ff
|   c0 a8 01 01  c0 a8 01 01  00 00 00 18  01 00 00 00
|   07 00 00 10  00 00 ff ff  84 d5 ee 07  84 d5 ee 07
|   00 01 02 03  04 05 06 07
| data after encryption:
|   04 b3 31 de  23 1d 20 a9  b4 25 4d 02  53 f0 a7 98
|   4a 8f 24 99  39 61 ee 81  ec 26 10 59  d9 e5 72 bb
|   39 11 ab 59  c3 a6 b5 3f  be 0d df e0  5b 10 b0 e0
|   f8 5e 07 56  1a 0e bd 9c  e0 76 8d 1d  5c 7e 0d a1
|   50 f7 e0 82  39 e9 23 02  27 89 60 17  ba 6c 6f 24
|   42 1f 3a 40  ba c3 9f 33  cd c4 b2 14  38 53 a4 61
|   00 79 4a 7d  b9 65 0c d5  51 be 28 40  bb 25 eb 4b
|   0c a2 51 66  f1 be 04 16  8b 6a bf ea  7e 74 4c 31
|   af 6a 0f f6  2a 68 e5 cf  05 61 43 3b  11 ae 63 9c
|   76 10 21 88  9c b7 bd 7f  68 c9 b5 b0  fe da 1e 08
|   4f a9 21 35  0e 7b e6 92  18 8e f3 f8  62 26 b3 89
|   4a 55 c7 1c  ad f6 cc 31  2a 69 3a 64  5d 81 0d 22
|   37 bf 0f 0c  d9 0f da 63  e7 16 b3 3e  46 2f af 3a
|   4f 41 fe c0  01 4b 2e 30  6f fd 49 a2  b3 a1 de 36
|   11 1a 34 84  65 fc 49 b4  98 a9 e2 b0  55 46 ce f3
|   d2 85 7c 09  db 53 ce 4e  8e bc 1d af  18 2b d3 5c
|   03 dc 85 de  bf 5d 43 aa  ab 0b 6b 93  99 db 03 c2
|   fd 1f 48 44  3d e8 e4 8b  4d f6 a9 b2  e5 39 d4 f2
|   df c5 de 53  42 94 fc 33  67 b9 04 c5  3c 9a e0 33
|   43 76 46 c4  0d da 70 8e  c0 a4 a6 1a  51 1e 7b a9
|   f5 51 c4 3a  7b 42 3f 15  b9 af e9 c9  2b 2b 9e 0a
|   d0 71 b5 ec  30 de 7f 09  df 41 63 87  53 87 4a 4f
|   f0 a6 f4 12  ea fd de 67  9b eb cf 81  99 f4 2b 06
|   fc 16 96 48  11 a8 c8 d8  ad 34 f1 9c  00 e0 9f fe
|   3c 34 bf da  b5 01 21 3d  34 94 aa 3a  e8 d3 3f dd
|   4a e5 7a 66  4b d4 22 6d  d5 6b c3 42  c0 d5 fb 20
|   34 0d 94 88  76 a7 7f 39
| data being hmac:  80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 23 08  00 00 00 01  00 00 01 dc  23 00 01 c0
|   80 01 02 03  04 05 06 07  04 b3 31 de  23 1d 20 a9
|   b4 25 4d 02  53 f0 a7 98  4a 8f 24 99  39 61 ee 81
|   ec 26 10 59  d9 e5 72 bb  39 11 ab 59  c3 a6 b5 3f
|   be 0d df e0  5b 10 b0 e0  f8 5e 07 56  1a 0e bd 9c
|   e0 76 8d 1d  5c 7e 0d a1  50 f7 e0 82  39 e9 23 02
|   27 89 60 17  ba 6c 6f 24  42 1f 3a 40  ba c3 9f 33
|   cd c4 b2 14  38 53 a4 61  00 79 4a 7d  b9 65 0c d5
|   51 be 28 40  bb 25 eb 4b  0c a2 51 66  f1 be 04 16
|   8b 6a bf ea  7e 74 4c 31  af 6a 0f f6  2a 68 e5 cf
|   05 61 43 3b  11 ae 63 9c  76 10 21 88  9c b7 bd 7f
|   68 c9 b5 b0  fe da 1e 08  4f a9 21 35  0e 7b e6 92
|   18 8e f3 f8  62 26 b3 89  4a 55 c7 1c  ad f6 cc 31
|   2a 69 3a 64  5d 81 0d 22  37 bf 0f 0c  d9 0f da 63
|   e7 16 b3 3e  46 2f af 3a  4f 41 fe c0  01 4b 2e 30
|   6f fd 49 a2  b3 a1 de 36  11 1a 34 84  65 fc 49 b4
|   98 a9 e2 b0  55 46 ce f3  d2 85 7c 09  db 53 ce 4e
|   8e bc 1d af  18 2b d3 5c  03 dc 85 de  bf 5d 43 aa
|   ab 0b 6b 93  99 db 03 c2  fd 1f 48 44  3d e8 e4 8b
|   4d f6 a9 b2  e5 39 d4 f2  df c5 de 53  42 94 fc 33
|   67 b9 04 c5  3c 9a e0 33  43 76 46 c4  0d da 70 8e
|   c0 a4 a6 1a  51 1e 7b a9  f5 51 c4 3a  7b 42 3f 15
|   b9 af e9 c9  2b 2b 9e 0a  d0 71 b5 ec  30 de 7f 09
|   df 41 63 87  53 87 4a 4f  f0 a6 f4 12  ea fd de 67
|   9b eb cf 81  99 f4 2b 06  fc 16 96 48  11 a8 c8 d8
|   ad 34 f1 9c  00 e0 9f fe  3c 34 bf da  b5 01 21 3d
|   34 94 aa 3a  e8 d3 3f dd  4a e5 7a 66  4b d4 22 6d
|   d5 6b c3 42  c0 d5 fb 20  34 0d 94 88  76 a7 7f 39
| out calculated auth:
|   0c 75 bb 6f  cd f4 6d 38  e6 c1 4d 56
| #2 complete v2 state transition with STF_OK
./h2hI3 transition from state STATE_PARENT_I1 to state STATE_PARENT_I2
| v2_state_transition: st is #2; pst is #1; transition_st is #1
./h2hI3 STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 oursig=fakesig1 theirsig= cipher=oakley_3des_cbc_192 integ=md5_96 prf=oakley_md5 group=modp2048} (msgid: 00000000/4294967295)
| sending reply packet to 132.213.238.7:500 (from port 500)
sending 476 bytes for STATE_PARENT_I1 through eth0:500 [192.168.1.1:500] to 132.213.238.7:500 (using #2)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 23 08  00 00 00 01  00 00 01 dc  23 00 01 c0
|   80 01 02 03  04 05 06 07  04 b3 31 de  23 1d 20 a9
|   b4 25 4d 02  53 f0 a7 98  4a 8f 24 99  39 61 ee 81
|   ec 26 10 59  d9 e5 72 bb  39 11 ab 59  c3 a6 b5 3f
|   be 0d df e0  5b 10 b0 e0  f8 5e 07 56  1a 0e bd 9c
|   e0 76 8d 1d  5c 7e 0d a1  50 f7 e0 82  39 e9 23 02
|   27 89 60 17  ba 6c 6f 24  42 1f 3a 40  ba c3 9f 33
|   cd c4 b2 14  38 53 a4 61  00 79 4a 7d  b9 65 0c d5
|   51 be 28 40  bb 25 eb 4b  0c a2 51 66  f1 be 04 16
|   8b 6a bf ea  7e 74 4c 31  af 6a 0f f6  2a 68 e5 cf
|   05 61 43 3b  11 ae 63 9c  76 10 21 88  9c b7 bd 7f
|   68 c9 b5 b0  fe da 1e 08  4f a9 21 35  0e 7b e6 92
|   18 8e f3 f8  62 26 b3 89  4a 55 c7 1c  ad f6 cc 31
|   2a 69 3a 64  5d 81 0d 22  37 bf 0f 0c  d9 0f da 63
|   e7 16 b3 3e  46 2f af 3a  4f 41 fe c0  01 4b 2e 30
|   6f fd 49 a2  b3 a1 de 36  11 1a 34 84  65 fc 49 b4
|   98 a9 e2 b0  55 46 ce f3  d2 85 7c 09  db 53 ce 4e
|   8e bc 1d af  18 2b d3 5c  03 dc 85 de  bf 5d 43 aa
|   ab 0b 6b 93  99 db 03 c2  fd 1f 48 44  3d e8 e4 8b
|   4d f6 a9 b2  e5 39 d4 f2  df c5 de 53  42 94 fc 33
|   67 b9 04 c5  3c 9a e0 33  43 76 46 c4  0d da 70 8e
|   c0 a4 a6 1a  51 1e 7b a9  f5 51 c4 3a  7b 42 3f 15
|   b9 af e9 c9  2b 2b 9e 0a  d0 71 b5 ec  30 de 7f 09
|   df 41 63 87  53 87 4a 4f  f0 a6 f4 12  ea fd de 67
|   9b eb cf 81  99 f4 2b 06  fc 16 96 48  11 a8 c8 d8
|   ad 34 f1 9c  00 e0 9f fe  3c 34 bf da  b5 01 21 3d
|   34 94 aa 3a  e8 d3 3f dd  4a e5 7a 66  4b d4 22 6d
|   d5 6b c3 42  c0 d5 fb 20  34 0d 94 88  76 a7 7f 39
|   0c 75 bb 6f  cd f4 6d 38  e6 c1 4d 56
1: output to OUTPUT/h2hI3.pcap
1: input from h2hR2.pcap
|   =========== input from pcap file h2hR2.pcap ========
| *received 364 bytes from 132.213.238.7:500 on eth0 (port=500)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 23 20  00 00 00 01  00 00 01 6c  24 00 01 50
|   80 01 02 03  04 05 06 07  54 ac fa 02  06 1d a0 14
|   e5 8b 7c f3  cd f2 72 fe  9d 51 48 99  f9 2c a9 dd
|   e6 3b cd 4b  cd 41 29 83  6c 71 62 7f  ae c8 f9 6d
|   bd ff 80 70  a6 31 8e 70  8d 93 6a 7b  44 13 61 66
|   ee ac c1 ab  25 55 29 07  a3 8b 98 f6  30 f6 32 df
|   c7 cd bc 0d  c0 81 c3 b9  bb d9 1e 06  df cb ee a8
|   77 72 21 85  9c 8f ea fd  6f 8d 6c d2  e2 ce ed 11
|   c3 ab 22 72  67 fa 14 0b  5d 3c bf 85  59 82 0e e8
|   88 18 c4 77  cb 0e d6 3e  da 4b a5 1d  84 8d 00 3d
|   b7 09 96 e1  a7 7f d6 da  ef bd fe f3  de dc 05 b2
|   18 1b d3 a6  5c 74 97 0e  08 12 4c 12  a0 6e 08 02
|   ab 2f e7 0c  98 07 99 93  8b eb 43 55  96 a3 00 f7
|   43 a0 c5 7a  0b a1 a1 7b  05 82 7d 27  8e 0a 58 3a
|   db d8 bd 72  b0 66 54 c2  8a 32 fe 6f  05 fa bc 3b
|   34 14 bc 46  a7 f9 22 f2  f8 4b b3 e1  c5 58 9c 50
|   28 6d 01 33  8b a3 2e 2d  20 83 56 2c  b1 22 53 c6
|   ea 44 2f f2  41 b0 5e 0d  f2 3d a7 88  60 66 95 43
|   74 7a 52 97  e5 c3 dc 49  a4 8d a8 0c  ae 02 09 1f
|   01 d0 c6 2e  5c 1b 1c 7e  e8 83 47 84  14 99 20 a7
|   58 a9 ae c2  2e c1 91 53  6f 59 fa 73  3e 0b a9 99
|   d9 8c e8 6e  3e 8c a6 c1  50 10 e2 15
| **parse ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_AUTH
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 01
|    length: 364
|  processing version=2.0 packet with exchange type=ISAKMP_v2_AUTH (35), msgid: 00000001
| I am IKE SA Initiator
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| v2 peer, cookies and msgid match on #2
| v2 state object #2 found, in STATE_CHILD_C0_KEYING
| state found and its state is:STATE_CHILD_C0_KEYING msgid: 00001
| ***parse IKEv2 Encryption Payload:
|    critical bit: none
|    length: 336
| processing payload: ISAKMP_NEXT_v2E (len=336)
| considering state entry: 0
|   reject: in state: STATE_CHILD_C0_KEYING, needs STATE_PARENT_I1
| considering state entry: 1
|   reject: in state: STATE_CHILD_C0_KEYING, needs STATE_PARENT_I1
| considering state entry: 2
| now proceed with state specific processing using state #2 initiator-auth-process
| ikev2 parent inR2: calculating g^{xy} in order to decrypt I2
| decrypting as INITIATOR, using RESPONDER keys
| data being hmac:  80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 23 20  00 00 00 01  00 00 01 6c  24 00 01 50
|   80 01 02 03  04 05 06 07  54 ac fa 02  06 1d a0 14
|   e5 8b 7c f3  cd f2 72 fe  9d 51 48 99  f9 2c a9 dd
|   e6 3b cd 4b  cd 41 29 83  6c 71 62 7f  ae c8 f9 6d
|   bd ff 80 70  a6 31 8e 70  8d 93 6a 7b  44 13 61 66
|   ee ac c1 ab  25 55 29 07  a3 8b 98 f6  30 f6 32 df
|   c7 cd bc 0d  c0 81 c3 b9  bb d9 1e 06  df cb ee a8
|   77 72 21 85  9c 8f ea fd  6f 8d 6c d2  e2 ce ed 11
|   c3 ab 22 72  67 fa 14 0b  5d 3c bf 85  59 82 0e e8
|   88 18 c4 77  cb 0e d6 3e  da 4b a5 1d  84 8d 00 3d
|   b7 09 96 e1  a7 7f d6 da  ef bd fe f3  de dc 05 b2
|   18 1b d3 a6  5c 74 97 0e  08 12 4c 12  a0 6e 08 02
|   ab 2f e7 0c  98 07 99 93  8b eb 43 55  96 a3 00 f7
|   43 a0 c5 7a  0b a1 a1 7b  05 82 7d 27  8e 0a 58 3a
|   db d8 bd 72  b0 66 54 c2  8a 32 fe 6f  05 fa bc 3b
|   34 14 bc 46  a7 f9 22 f2  f8 4b b3 e1  c5 58 9c 50
|   28 6d 01 33  8b a3 2e 2d  20 83 56 2c  b1 22 53 c6
|   ea 44 2f f2  41 b0 5e 0d  f2 3d a7 88  60 66 95 43
|   74 7a 52 97  e5 c3 dc 49  a4 8d a8 0c  ae 02 09 1f
|   01 d0 c6 2e  5c 1b 1c 7e  e8 83 47 84  14 99 20 a7
|   58 a9 ae c2  2e c1 91 53  6f 59 fa 73  3e 0b a9 99
| R2 calculated auth:  d9 8c e8 6e  3e 8c a6 c1  50 10 e2 15
| R2  provided  auth:  d9 8c e8 6e  3e 8c a6 c1  50 10 e2 15
| authenticator matched, np=36
| data before decryption:
|   54 ac fa 02  06 1d a0 14  e5 8b 7c f3  cd f2 72 fe
|   9d 51 48 99  f9 2c a9 dd  e6 3b cd 4b  cd 41 29 83
|   6c 71 62 7f  ae c8 f9 6d  bd ff 80 70  a6 31 8e 70
|   8d 93 6a 7b  44 13 61 66  ee ac c1 ab  25 55 29 07
|   a3 8b 98 f6  30 f6 32 df  c7 cd bc 0d  c0 81 c3 b9
|   bb d9 1e 06  df cb ee a8  77 72 21 85  9c 8f ea fd
|   6f 8d 6c d2  e2 ce ed 11  c3 ab 22 72  67 fa 14 0b
|   5d 3c bf 85  59 82 0e e8  88 18 c4 77  cb 0e d6 3e
|   da 4b a5 1d  84 8d 00 3d  b7 09 96 e1  a7 7f d6 da
|   ef bd fe f3  de dc 05 b2  18 1b d3 a6  5c 74 97 0e
|   08 12 4c 12  a0 6e 08 02  ab 2f e7 0c  98 07 99 93
|   8b eb 43 55  96 a3 00 f7  43 a0 c5 7a  0b a1 a1 7b
|   05 82 7d 27  8e 0a 58 3a  db d8 bd 72  b0 66 54 c2
|   8a 32 fe 6f  05 fa bc 3b  34 14 bc 46  a7 f9 22 f2
|   f8 4b b3 e1  c5 58 9c 50  28 6d 01 33  8b a3 2e 2d
|   20 83 56 2c  b1 22 53 c6  ea 44 2f f2  41 b0 5e 0d
|   f2 3d a7 88  60 66 95 43  74 7a 52 97  e5 c3 dc 49
|   a4 8d a8 0c  ae 02 09 1f  01 d0 c6 2e  5c 1b 1c 7e
|   e8 83 47 84  14 99 20 a7  58 a9 ae c2  2e c1 91 53
|   6f 59 fa 73  3e 0b a9 99
| decrypted payload:  27 00 00 0c  01 00 00 00  84 d5 ee 07  21 00 00 c8
|   01 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  2c 00 00 2c  00 00 00 28  01 03 04 03
|   12 34 56 78  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 02  00 00 00 08  05 00 00 00
|   2d 00 00 18  01 00 00 00  07 00 00 10  00 00 ff ff
|   c0 a8 01 01  c0 a8 01 01  00 00 00 18  01 00 00 00
|   07 00 00 10  00 00 ff ff  84 d5 ee 07  84 d5 ee 07
|   00 01 02 03  04 05 06 07
| striping 8 bytes as pad
| **parse IKEv2 Identification Payload:
|    critical bit: none
|    length: 12
|    id_type: ID_IPV4_ADDR
| processing payload: ISAKMP_NEXT_v2IDr (len=12)
| **parse IKEv2 Authentication Payload:
|    critical bit: none
|    length: 200
|    auth method: v2_AUTH_RSA
| processing payload: ISAKMP_NEXT_v2AUTH (len=200)
| **parse IKEv2 Security Association Payload:
|    critical bit: none
|    length: 44
| processing payload: ISAKMP_NEXT_v2SA (len=44)
| **parse IKEv2 Traffic Selector Payload:
|    critical bit: none
|    length: 24
|    number of TS: 1
| processing payload: ISAKMP_NEXT_v2TSi (len=24)
| **parse IKEv2 Traffic Selector Payload:
|    critical bit: none
|    length: 24
|    number of TS: 1
| processing payload: ISAKMP_NEXT_v2TSr (len=24)
./h2hI3 IKEv2 mode peer ID is ID_IPV4_ADDR: '132.213.238.7'
| idhash verify pr  96 40 1b 7f  2a 94 02 fc  64 b0 be fc  de d6 d6 8e
| idhash auth R2  01 00 00 00  84 d5 ee 07
| ikev2 verify required CA is '%any'
| checking alg=1 == 1, keyid=132.213.238.7 same_id=1
| key issuer CA is '%any'
|  checking narrowing - responding to R2
| ***parse IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    length: 16
|    start port: 0
|    end port: 65535
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  c0 a8 01 01
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  c0 a8 01 01
| ***parse IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    length: 16
|    start port: 0
|    end port: 65535
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  84 d5 ee 07
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  84 d5 ee 07
| checking TSi(1)/TSr(1) selectors, looking for exact match
|   ikev2_evaluate_connection_fit evaluating our I=alttunnel:<noclient>:0/0 R=<noclient:0/0  to their:
|     tsi[0]=192.168.1.1/192.168.1.1 proto=0 portrange 0-65535, tsr[0]=132.213.238.7/132.213.238.7 proto=0 portrange 0-65535
| ei->port 0  tsi[tsi_ni].startport 0  tsi[tsi_ni].endport 65535
|       has ts_range1=0 maskbits1=32 ts_range2=0 maskbits2=32 fitbits=8224 <> -1
|  prefix fitness found a better match c alttunnel
|     evaluate_connection_port_fit tsi_n[1], best=-1
|    tsi[0] 0-65535: exact port match with 0.  fitness 65536
|       evaluating_connection_port_fit tsi_n[0], range_i=65536 best=-1
|    tsr[0] 0-65535: exact port match with 0.  fitness 65536
|       evaluating_connection_port_fit tsi_n[0] tsr_n[0], range=65536/65536 best=-1
|     best ports fit so far: tsi[0] fitrange_i 65536, tsr[0] fitrange_r 65536, matchiness 131072
|     port_fitness 131072
|   port fitness found better match c alttunnel, tsi[0],tsr[0]
| protocol 0 and tsi[0].ipprotoid 0: exact match
| protocol 0 and tsr[0].ipprotoid 0: exact match
|     best protocol fit so far: tsi[0] fitrange_i 255, tsr[0] fitrange_r 255, matchiness 510
|     protocol_fitness 510
|    protocol fitness found better match c alttunnel, tsi[0],tsr[0]
| found an acceptable TSi/TSr Traffic Selector
| printing contents struct traffic_selector
|   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
|   ipprotoid: 0
|   startport: 0
|   endport: 65535
|   ip low: 192.168.1.1
|   ip high: 192.168.1.1
| printing contents struct traffic_selector
|   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
|   ipprotoid: 0
|   startport: 0
|   endport: 65535
|   ip low: 132.213.238.7
|   ip high: 132.213.238.7
| empty esp_info, returning defaults
| ***parse IKEv2 Proposal Substructure Payload:
|    length: 40
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into CHILD SA SPI
| CHILD SA SPI  12 34 56 78
| SPI received: 12345678
| ****parse IKEv2 Transform Substructure Payload:
|    length: 12
|    transform type: 1
|    transform ID: 12
| *****parse IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
| ****parse IKEv2 Transform Substructure Payload:
|    length: 8
|    transform type: 3
|    transform ID: 2
| ****parse IKEv2 Transform Substructure Payload:
|    length: 8
|    transform type: 5
|    transform ID: 0
| ikev2_derive_child_keys: using oakley_md5 for prf+ (SA #2 cloned from #1)
| childsacalc.ni  80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
| childsacalc.nr  00 84 b6 7e  d1 b6 d1 52  89 0e d7 1c  74 b9 26 e4
| ikev2_derive_child_keys: my role is INITIATOR
| prf+[1]:  e7 f1 0b d2  90 3e 19 f6  05 9e f3 4b  1a c1 b1 9e
| prf+[2]:  ce 95 14 31  c9 1f 19 97  c3 de 60 a3  17 f4 61 03
| prf+[3]:  81 f8 a7 93  e3 b3 fd c5  4f 58 b2 59  a9 40 03 79
| prf+[4]:  88 44 7d ea  eb 12 63 be  99 36 e3 91  6b bc 60 d8
| prf+[5]:  71 96 0b c8  a7 4f 14 3b  a8 4e ea c6  22 25 44 a4
| our  keymat  e3 b3 fd c5  4f 58 b2 59  a9 40 03 79  88 44 7d ea
|   eb 12 63 be  99 36 e3 91  6b bc 60 d8  71 96 0b c8
|   a7 4f 14 3b
| peer keymat  e7 f1 0b d2  90 3e 19 f6  05 9e f3 4b  1a c1 b1 9e
|   ce 95 14 31  c9 1f 19 97  c3 de 60 a3  17 f4 61 03
|   81 f8 a7 93
| processor 'initiator-auth-process' returned STF_OK (3)
| #2 complete v2 state transition with STF_OK
./h2hI3 transition from state STATE_CHILD_C0_KEYING to state STATE_CHILD_C1_KEYED
| v2_state_transition: st is #2; pst is #0; transition_st is #0
./h2hI3 STATE_CHILD_C1_KEYED: CHILD SA established (msgid: 00000001/4294967295)
./h2hI3 negotiated tunnel [192.168.1.1,192.168.1.1 proto:0 port:0-65535] -> [132.213.238.7,132.213.238.7 proto:0 port:0-65535]
./h2hI3 STATE_CHILD_C1_KEYED: CHILD SA established tunnel mode {ESP=>0x12345678 <0x12345678 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
| releasing whack for #X (sock=Y)
| releasing whack for #X (sock=Y)
RC=0 #2: "alttunnel":500 IKEv2.0 STATE_CHILD_C1_KEYED (CHILD SA established); none in -1s; newest IPSEC; nodpd; msgid=1; idle; import:admin initiate
RC=0 #1: "alttunnel":500 IKEv2.0 STATE_PARENT_I3 (PARENT SA established); none in -1s; newest ISAKMP; nodpd; retranscnt=0,outorder=0,last=1,next=2,recv=-1; msgid=0; idle; import:admin initiate
./h2hI3 deleting connection
| pass 0: considering CHILD SAs to delete
./h2hI3 deleting state #2 (STATE_CHILD_C1_KEYED)
| received request to delete child state
| sending Child SA delete request
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_INFORMATIONAL
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 02
| ***emit IKEv2 Encryption Payload:
|    critical bit: none
| emitting 8 zero bytes of iv into IKEv2 Encryption Payload
| *****emit IKEv2 Delete Payload:
|    critical bit: none
|    protocol ID: 3
|    SPI size: 4
|    number of SPIs: 1
| emitting 4 raw bytes of local spis into IKEv2 Delete Payload
| local spis  12 34 56 78
| emitting length of IKEv2 Delete Payload: 12
| emitting 4 raw bytes of padding and length into cleartext
| padding and length  00 01 02 03
| emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 40
| emitting length of ISAKMP Message: 68
| encrypting as INITIATOR, parent SA #1
| data before encryption:
|   00 00 00 0c  03 04 00 01  12 34 56 78  00 01 02 03
| data after encryption:
|   f0 31 38 8b  13 5f f2 29  93 e7 ae 7e  89 13 61 a2
| data being hmac:  80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 25 08  00 00 00 02  00 00 00 44  2a 00 00 28
|   80 01 02 03  04 05 06 07  f0 31 38 8b  13 5f f2 29
|   93 e7 ae 7e  89 13 61 a2
| out calculated auth:
|   50 7a 02 a7  72 a6 76 c9  84 d1 b1 7b
sending 68 bytes for ikev2_delete_out through eth0:500 [192.168.1.1:500] to 132.213.238.7:500 (using #1)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 25 08  00 00 00 02  00 00 00 44  2a 00 00 28
|   80 01 02 03  04 05 06 07  f0 31 38 8b  13 5f f2 29
|   93 e7 ae 7e  89 13 61 a2  50 7a 02 a7  72 a6 76 c9
|   84 d1 b1 7b
| pass 1: considering PARENT SAs to delete
./h2hI3 deleting state #1 (STATE_PARENT_I3)
| considering request to delete IKE parent state
| sending IKE SA delete request
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_INFORMATIONAL
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 03
| ***emit IKEv2 Encryption Payload:
|    critical bit: none
| emitting 8 zero bytes of iv into IKEv2 Encryption Payload
| *****emit IKEv2 Delete Payload:
|    critical bit: none
|    protocol ID: 1
|    SPI size: 0
|    number of SPIs: 0
| emitting length of IKEv2 Delete Payload: 8
| emitting 8 raw bytes of padding and length into cleartext
| padding and length  00 01 02 03  04 05 06 07
| emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 40
| emitting length of ISAKMP Message: 68
| encrypting as INITIATOR, parent SA #1
| data before encryption:
|   00 00 00 08  01 00 00 00  00 01 02 03  04 05 06 07
| data after encryption:
|   8c 9e ee 8f  94 12 5b 69  59 9f 93 86  d9 90 09 a0
| data being hmac:  80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 25 08  00 00 00 03  00 00 00 44  2a 00 00 28
|   80 01 02 03  04 05 06 07  8c 9e ee 8f  94 12 5b 69
|   59 9f 93 86  d9 90 09 a0
| out calculated auth:
|   b5 89 c7 bc  8f 24 d8 91  19 3c 79 c1
sending 68 bytes for ikev2_delete_out through eth0:500 [192.168.1.1:500] to 132.213.238.7:500 (using #1)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 25 08  00 00 00 03  00 00 00 44  2a 00 00 28
|   80 01 02 03  04 05 06 07  8c 9e ee 8f  94 12 5b 69
|   59 9f 93 86  d9 90 09 a0  b5 89 c7 bc  8f 24 d8 91
|   19 3c 79 c1
| freeing state object #1
./h2hI3 leak: skeyseed_t1, item size: X
./h2hI3 leak: responder keys, item size: X
./h2hI3 leak: initiator keys, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_prop, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: 4 * sa copy attrs array, item size: X
./h2hI3 leak: sa copy trans array, item size: X
./h2hI3 leak: sa copy prop array, item size: X
./h2hI3 leak: sa copy prop conj array, item size: X
./h2hI3 leak: sa copy prop_conj, item size: X
./h2hI3 leak: reply packet, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_prop, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: 4 * sa copy attrs array, item size: X
./h2hI3 leak: sa copy trans array, item size: X
./h2hI3 leak: sa copy prop array, item size: X
./h2hI3 leak: sa copy prop conj array, item size: X
./h2hI3 leak: sa copy prop_conj, item size: X
./h2hI3 leak: st_nr in duplicate_state, item size: X
./h2hI3 leak: st_ni in duplicate_state, item size: X
./h2hI3 leak: st_skey_pr in duplicate_state, item size: X
./h2hI3 leak: st_skey_pi in duplicate_state, item size: X
./h2hI3 leak: st_skey_er in duplicate_state, item size: X
./h2hI3 leak: st_skey_ei in duplicate_state, item size: X
./h2hI3 leak: st_skey_ar in duplicate_state, item size: X
./h2hI3 leak: st_skey_ai in duplicate_state, item size: X
./h2hI3 leak: st_skey_d in duplicate_state, item size: X
./h2hI3 leak: st_skeyseed in duplicate_state, item size: X
./h2hI3 leak: st_enc_key in duplicate_state, item size: X
./h2hI3 leak: struct state in new_state(), item size: X
./h2hI3 leak: ikev2_inR1outI2 KE, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_prop, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: msg_digest, item size: X
./h2hI3 leak: ikev2_outI1 KE, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_prop, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: db_attrs, item size: X
./h2hI3 leak: db_v2_trans, item size: X
./h2hI3 leak: db_v2_prop_conj, item size: X
./h2hI3 leak: alg_info_ike, item size: X
./h2hI3 leak: pubkey entry, item size: X
./h2hI3 leak: rfc3110 format of public key, item size: X
./h2hI3 leak: pubkey, item size: X
./h2hI3 leak: pubkey entry, item size: X
./h2hI3 leak: rfc3110 format of public key, item size: X
./h2hI3 leak: pubkey, item size: X
./h2hI3 leak: policies path, item size: X
./h2hI3 leak: ocspcerts path, item size: X
./h2hI3 leak: aacerts path, item size: X
./h2hI3 leak: certs path, item size: X
./h2hI3 leak: private path, item size: X
./h2hI3 leak: crls path, item size: X
./h2hI3 leak: cacert path, item size: X
./h2hI3 leak: acert path, item size: X
./h2hI3 leak: default conf var_dir, item size: X
./h2hI3 leak: default conf conffile, item size: X
./h2hI3 leak: default conf ipsecd_dir, item size: X
./h2hI3 leak: default conf ipsec_conf_dir, item size: X
./h2hI3 leak: 2 * id list, item size: X
./h2hI3 leak: rfc3110 format of public key [created], item size: X
./h2hI3 leak: pubkey, item size: X
./h2hI3 leak: secret, item size: X
./h2hI3 leak: 2 * hasher name, item size: X
./h2hI3 leak detective found Z leaks, total size X
