
  Electric Fence 2.1 Copyright (C) 1987-1998 Bruce Perens.
../parentI2duplicate ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
../parentI2duplicate ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
../parentI2duplicate ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
../parentI2duplicate ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
../parentI2duplicate ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
../parentI2duplicate ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
../parentI2duplicate ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Started ../parentI2duplicate
Pre-amble: #!-pluto-whack-file- recorded on west on 2007-10-07 01:40:12
../parentI2duplicate listening for IKE messages
| interface "eth0" matched left side
../parentI2duplicate added connection description "westnet--eastnet-ikev2"
| base debugging = crypt+parsing+control+controlmore
../parentI2duplicate listening for IKE messages
RC=0 "westnet--eastnet-ikev2": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24; unrouted; eroute owner: #0
RC=0 "westnet--eastnet-ikev2":     myip=unset; hisip=unset;
RC=0 "westnet--eastnet-ikev2":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
RC=0 "westnet--eastnet-ikev2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init; prio: 24,24; interface: eth0; 
RC=0 "westnet--eastnet-ikev2":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
| creating state object #1 at ADDR
| interface "eth0" matched left side
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| inserting state object #1 on chain 4
../parentI2duplicate initiating v2 parent SA
RC=133 STATE_PARENT_I1: initiate
| no IKE algorithms for this connection 
sending 508 bytes for ikev2_parent_outI1_tail through eth0:500 to 192.1.2.23:500 (using #1)
|   00 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 01 fc  22 80 00 f4
|   02 00 00 28  01 01 00 04  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  02 01 00 04
|   03 00 00 08  01 00 00 0c  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  03 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  04 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  05 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  00 00 00 28  06 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   28 00 00 c8  00 05 00 00  ff bc 6a 92  a6 b9 55 9b
|   05 fa 96 a7  a4 35 07 b4  c1 e1 c0 86  1a 58 71 d9
|   ba 73 a1 63  11 37 88 c0  de bb 39 79  e7 ff 0c 52
|   b4 ce 60 50  eb 05 36 9e  a4 30 0d 2b  ff 3b 1b 29
|   9f 3b 80 2c  cb 13 31 8c  2a b9 e3 b5  62 7c b4 b3
|   5e b9 39 98  20 76 b5 7c  05 0d 7b 35  c3 c5 c7 cc
|   8c 0f ea b7  b6 4a 7d 7b  6b 8f 6b 4d  ab f4 ac 40
|   6d d2 01 26  b9 0a 98 ac  76 6e fa 37  a7 89 0c 43
|   94 ff 9a 77  61 5b 58 f5  2d 65 1b bf  a5 8d 2a 54
|   9a f8 b0 1a  a4 bc a3 d7  62 42 66 63  b1 55 d4 eb
|   da 9f 60 a6  a1 35 73 e6  a8 88 13 5c  dc 67 3d d4
|   83 02 99 03  f3 a9 0e ca  23 e1 ec 1e  27 03 31 b2
|   d0 50 f4 f7  58 f4 99 27  2b 80 00 14  b5 ce 84 19
|   09 5c 6e 2b  6b 62 d3 05  53 05 b3 c4  00 00 00 10
|   4f 45 VENDOR
| complete v2 state transition with STF_OK
../parentI2duplicate transition from state STATE_IKEv2_START to state STATE_PARENT_I1
../parentI2duplicate STATE_PARENT_I1: sent v2I1, expected v2R1
| *received 308 bytes from 192.1.2.23:500 on eth0 (port=500)
|   00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   21 20 22 20  00 00 00 00  00 00 01 34  22 80 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  28 00 00 c8  00 05 00 00
|   cd 30 df 6e  c0 85 44 12  53 01 80 d8  7e 1a fb b3
|   26 79 3e 99  56 c8 6a 96  25 53 c2 77  ad 5b ab 50
|   f8 32 5a d8  64 0b 0e fe  a5 1d 6c 83  1f a1 7c fb
|   0f 2e 1a f4  b1 66 a0 fe  30 75 12 ad  0f 81 ab b8
|   aa fb 68 48  ec 10 a4 97  6c 3d b1 17  ec e1 e6 61
|   db bf 48 0c  28 2e 3f 11  07 c1 86 42  80 1e e8 3f
|   9e 4a b9 ab  63 6f 23 7d  aa f6 a7 aa  d8 22 99 3e
|   a4 1e a3 31  ee 27 82 0b  93 f5 0b 8f  3f 71 05 61
|   c9 25 70 26  97 ba 6b 1e  95 3c 21 fb  c9 a7 7d 2b
|   5f 87 3c fc  50 99 e7 7d  48 4c dd 52  66 4b cf 0d
|   bf 00 ca fd  ae 6d e7 14  6d 11 35 f6  5d 93 5f 60
|   b9 73 0f e0  49 2c 2a f8  c9 04 f6 4c  59 16 90 9d
|   2b 80 00 14  47 e9 f9 25  8c a2 38 58  f6 75 b1 66
|   b0 2c c2 92  00 00 00 10  4f 45 73 40  40 7a 4a 56
|   57 5b 6a 5d
| **parse ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   c0 2e 7a 30  31 a0 31 88
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
|    length: 308
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34)
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  c0 2e 7a 30  31 a0 31 88
| state hash entry 30
| v2 state object not found
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 peer and cookies match on #1
| v2 state object #1 found, in STATE_PARENT_I1
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  c0 2e 7a 30  31 a0 31 88
| state hash entry 30
| inserting state object #1 on chain 30
| ***parse IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: Payload-Critical
|    length: 44
| processing payload: ISAKMP_NEXT_v2SA (len=44) 
| ***parse IKEv2 Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_v2Ni
|    length: 200
|    transform type: 5
| processing payload: ISAKMP_NEXT_v2KE (len=200) 
| ***parse IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2V
|    critical bit: Payload-Critical
|    length: 20
| processing payload: ISAKMP_NEXT_v2Ni (len=20) 
| ***parse IKEv2 Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: Payload-Non-Critical
|    length: 16
| processing payload: ISAKMP_NEXT_v2V (len=16) 
| ikev2 parent inR1: calculating g^{xy} in order to send I2
| DH public value received:
|   cd 30 df 6e  c0 85 44 12  53 01 80 d8  7e 1a fb b3
|   26 79 3e 99  56 c8 6a 96  25 53 c2 77  ad 5b ab 50
|   f8 32 5a d8  64 0b 0e fe  a5 1d 6c 83  1f a1 7c fb
|   0f 2e 1a f4  b1 66 a0 fe  30 75 12 ad  0f 81 ab b8
|   aa fb 68 48  ec 10 a4 97  6c 3d b1 17  ec e1 e6 61
|   db bf 48 0c  28 2e 3f 11  07 c1 86 42  80 1e e8 3f
|   9e 4a b9 ab  63 6f 23 7d  aa f6 a7 aa  d8 22 99 3e
|   a4 1e a3 31  ee 27 82 0b  93 f5 0b 8f  3f 71 05 61
|   c9 25 70 26  97 ba 6b 1e  95 3c 21 fb  c9 a7 7d 2b
|   5f 87 3c fc  50 99 e7 7d  48 4c dd 52  66 4b cf 0d
|   bf 00 ca fd  ae 6d e7 14  6d 11 35 f6  5d 93 5f 60
|   b9 73 0f e0  49 2c 2a f8  c9 04 f6 4c  59 16 90 9d
| ****parse IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 40
|    prop #: 1
|    proto ID: 1
|    spi size: 0
|    # transforms: 4
| *****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 8
|    transform type: 1
|    transform ID: 12
| *****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 8
|    transform type: 3
|    transform ID: 2
| *****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 8
|    transform type: 2
|    transform ID: 2
| *****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 8
|    transform type: 4
|    transform ID: 5
| complete v2 state transition with STF_SUSPEND
| ikev2 parent inR1outI1: calculating g^{xy}, sending I2
| ikev2 I 0x0001020304050607 0xc02e7a3031a03188 sha1:0x4ea8e662b07cdd430f6944c6723e4b82d5722418 aes128:0x3f44bf47cafd8150591deb088199fcbf
| ikev2 R 0x0001020304050607 0xc02e7a3031a03188 sha1:0x515b0bd22e6d76b34fdb760aa7bfad80b109b75d aes128:0xbedb67ec7dc3d00cccac42e70cd63bde
| duplicating state object #1
| creating state object #2 at ADDR
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  c0 2e 7a 30  31 a0 31 88
| state hash entry 30
| inserting state object #2 on chain 30
| **emit ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   c0 2e 7a 30  31 a0 31 88
|    next payload type: ISAKMP_NEXT_v2E
|    ISAKMP version: IKEv2 version 2.0 (rfc4306)
|    exchange type: ISAKMP_v2_AUTH
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 01
| ***emit IKEv2 Encryption Payload:
|    next payload type: ISAKMP_NEXT_v2IDi
|    critical bit: Payload-Critical
| emitting 16 zero bytes of iv into IKEv2 Encryption Payload
| IKEv2 thinking whether to send my certificate:
|  my policy has  RSASIG, the policy is : RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init
|  sendcert: CERT_SENDIFASKED and I did not get a certificate request 
|  so do not send cert.
| I did not send a certificate because I do not have one.
| *****emit IKEv2 Identification Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH
|    id_type: ID_FQDN
| emitting 4 raw bytes of my identity into IKEv2 Identification Payload
| my identity  77 65 73 74
| emitting length of IKEv2 Identification Payload: 12
| idhash calc pi  cc 07 97 44  b4 a3 4e 8a  0d 2f 27 8b  ee 06 6d 07
|   a5 a5 75 2e
| idhash calc I2  02 00 00 00  77 65 73 74
| *****emit IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA
|    auth method: v2_AUTH_RSA
| emitting 192 zero bytes of fake rsa sig into IKEv2 Authentication Payload
| emitting length of IKEv2 Authentication Payload: 200
| empty esp_info, returning defaults
| *****emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi
|    critical bit: Payload-Critical
| ******emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| ******emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    prop #: 2
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| ******emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    prop #: 3
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 3
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| ******emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 4
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 3
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| emitting length of IKEv2 Security Association Payload: 148
| *****emit IKEv2 Traffic Selectors:
|    next payload type: ISAKMP_NEXT_v2TSr
|    number of TS: 1
| ******emit IKEv2 Traffic Selectors:
|    TS type: ID_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selectors
| ipv4 low  c0 00 01 00
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selectors
| ipv4 high  c0 00 01 ff
| emitting length of IKEv2 Traffic Selectors: 16
| emitting length of IKEv2 Traffic Selectors: 24
| *****emit IKEv2 Traffic Selectors:
|    next payload type: ISAKMP_NEXT_NONE
|    number of TS: 1
| ******emit IKEv2 Traffic Selectors:
|    TS type: ID_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selectors
| ipv4 low  c0 00 02 00
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selectors
| ipv4 high  c0 00 02 ff
| emitting length of IKEv2 Traffic Selectors: 16
| emitting length of IKEv2 Traffic Selectors: 24
| emitting 8 raw bytes of padding and length into cleartext
| padding and length  00 01 02 03  04 05 06 07
| emitting 12 zero bytes of 96-bits of truncated HMAC into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 448
| emitting length of ISAKMP Message: 476
| data before encryption:
|   27 00 00 0c  02 00 00 00  77 65 73 74  21 00 00 c8
|   01 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  2c 80 00 94  02 00 00 24  01 03 04 03
|   12 34 56 78  03 00 00 08  01 00 00 0c  03 00 00 08
|   03 00 00 02  00 00 00 08  05 00 00 00  02 00 00 24
|   02 03 04 03  12 34 56 78  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  00 00 00 08  05 00 00 00
|   02 00 00 24  03 03 04 03  12 34 56 78  03 00 00 08
|   01 00 00 03  03 00 00 08  03 00 00 02  00 00 00 08
|   05 00 00 00  00 00 00 24  04 03 04 03  12 34 56 78
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   00 00 00 08  05 00 00 00  2d 00 00 18  01 00 00 00
|   07 00 00 10  00 00 ff ff  c0 00 01 00  c0 00 01 ff
|   00 00 00 18  01 00 00 00  07 00 00 10  00 00 ff ff
|   c0 00 02 00  c0 00 02 ff  00 01 02 03  04 05 06 07
| data after encryption:
|   19 15 f1 05  5d 13 fc 7c  f5 6b 16 12  a6 e9 10 34
|   b0 78 7d a5  df 6a d3 76  27 49 3e d4  ae ca bf 5f
|   fd 1b b0 55  64 fa 3d a7  32 85 61 85  95 6b 81 d9
|   b7 e1 85 00  40 87 dd cd  35 84 f9 a9  0f ea 78 b2
|   79 53 10 cf  54 d3 03 e6  23 75 81 8d  53 dd 1d 30
|   38 d5 6e 20  5b a1 08 63  1f 5a 7b 8d  c7 6f 5c a9
|   b4 69 72 43  f4 09 a0 6e  08 6e 36 00  69 10 a0 a5
|   31 49 5a 59  66 46 94 a0  ab 6f 8c f6  25 7e 02 8a
|   d4 69 66 4a  eb 5f 42 d5  76 7f 68 db  1f df a5 b3
|   c3 fe d6 5a  3d 92 5b 51  21 08 c8 7d  47 e8 74 e7
|   db 91 23 b8  7f 1c 14 d2  f7 f8 46 c0  7e 89 9f ea
|   75 37 06 75  1b 74 a9 2a  3e 6f 94 cb  7b af 56 8f
|   cd 70 58 b4  ec 6d b6 ef  07 02 40 11  f0 65 80 1d
|   f9 7d 5b bd  57 61 a4 8c  f6 3e 87 41  49 a8 79 c5
|   ba 7e cb 85  70 2a a8 17  20 48 ca c2  1e 8c 95 9f
|   c6 41 2f c2  4d 20 00 13  b9 10 1c 82  bc 70 04 3a
|   07 52 7e 8a  4d 3f 76 0e  68 59 9c 1b  a3 32 fa 04
|   49 05 4d fa  b7 1b 53 f1  5b 3f 73 20  15 02 83 e4
|   ef 80 c6 c7  a1 89 d6 ce  42 3c 3e 05  0e 57 f2 ef
|   e8 d8 4b 0b  69 87 fb 29  ee f7 43 52  33 1b 60 11
|   91 44 13 9f  5d 8b a1 f8  7a de 4c f6  be de de b0
|   44 59 e3 ef  e8 a0 26 03  24 6a 3c 6b  68 c9 f9 83
|   ff 5f 70 6b  2e 90 f5 f7  58 82 3e 20  cf eb 4d 33
|   dd 83 a6 7a  18 72 4c 25  72 2a b6 46  13 10 19 1d
|   52 bf d7 83  e3 a2 1b 38  f0 5e b0 33  87 95 bc ff
|   95 d6 fd 53  b0 0a 3e 72  9a b2 fd c9  33 38 62 ec
| data being hmac:  00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   2e 20 23 08  00 00 00 01  00 00 01 dc  23 80 01 c0
|   00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   19 15 f1 05  5d 13 fc 7c  f5 6b 16 12  a6 e9 10 34
|   b0 78 7d a5  df 6a d3 76  27 49 3e d4  ae ca bf 5f
|   fd 1b b0 55  64 fa 3d a7  32 85 61 85  95 6b 81 d9
|   b7 e1 85 00  40 87 dd cd  35 84 f9 a9  0f ea 78 b2
|   79 53 10 cf  54 d3 03 e6  23 75 81 8d  53 dd 1d 30
|   38 d5 6e 20  5b a1 08 63  1f 5a 7b 8d  c7 6f 5c a9
|   b4 69 72 43  f4 09 a0 6e  08 6e 36 00  69 10 a0 a5
|   31 49 5a 59  66 46 94 a0  ab 6f 8c f6  25 7e 02 8a
|   d4 69 66 4a  eb 5f 42 d5  76 7f 68 db  1f df a5 b3
|   c3 fe d6 5a  3d 92 5b 51  21 08 c8 7d  47 e8 74 e7
|   db 91 23 b8  7f 1c 14 d2  f7 f8 46 c0  7e 89 9f ea
|   75 37 06 75  1b 74 a9 2a  3e 6f 94 cb  7b af 56 8f
|   cd 70 58 b4  ec 6d b6 ef  07 02 40 11  f0 65 80 1d
|   f9 7d 5b bd  57 61 a4 8c  f6 3e 87 41  49 a8 79 c5
|   ba 7e cb 85  70 2a a8 17  20 48 ca c2  1e 8c 95 9f
|   c6 41 2f c2  4d 20 00 13  b9 10 1c 82  bc 70 04 3a
|   07 52 7e 8a  4d 3f 76 0e  68 59 9c 1b  a3 32 fa 04
|   49 05 4d fa  b7 1b 53 f1  5b 3f 73 20  15 02 83 e4
|   ef 80 c6 c7  a1 89 d6 ce  42 3c 3e 05  0e 57 f2 ef
|   e8 d8 4b 0b  69 87 fb 29  ee f7 43 52  33 1b 60 11
|   91 44 13 9f  5d 8b a1 f8  7a de 4c f6  be de de b0
|   44 59 e3 ef  e8 a0 26 03  24 6a 3c 6b  68 c9 f9 83
|   ff 5f 70 6b  2e 90 f5 f7  58 82 3e 20  cf eb 4d 33
|   dd 83 a6 7a  18 72 4c 25  72 2a b6 46  13 10 19 1d
|   52 bf d7 83  e3 a2 1b 38  f0 5e b0 33  87 95 bc ff
|   95 d6 fd 53  b0 0a 3e 72  9a b2 fd c9  33 38 62 ec
| out calculated auth:
|   ab ae c0 9d  32 ff e4 cb  ff 74 5b 1a
| complete v2 state transition with STF_OK
../parentI2duplicate transition from state STATE_PARENT_I1 to state STATE_PARENT_I2
../parentI2duplicate STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_128 integ=sha1 prf=oakley_sha group=modp1536}
| sending reply packet to 192.1.2.23:500 (from port 500)
sending 476 bytes for STATE_PARENT_I1 through eth0:500 to 192.1.2.23:500 (using #2)
|   00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   2e 20 23 08  00 00 00 01  00 00 01 dc  23 80 01 c0
|   00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   19 15 f1 05  5d 13 fc 7c  f5 6b 16 12  a6 e9 10 34
|   b0 78 7d a5  df 6a d3 76  27 49 3e d4  ae ca bf 5f
|   fd 1b b0 55  64 fa 3d a7  32 85 61 85  95 6b 81 d9
|   b7 e1 85 00  40 87 dd cd  35 84 f9 a9  0f ea 78 b2
|   79 53 10 cf  54 d3 03 e6  23 75 81 8d  53 dd 1d 30
|   38 d5 6e 20  5b a1 08 63  1f 5a 7b 8d  c7 6f 5c a9
|   b4 69 72 43  f4 09 a0 6e  08 6e 36 00  69 10 a0 a5
|   31 49 5a 59  66 46 94 a0  ab 6f 8c f6  25 7e 02 8a
|   d4 69 66 4a  eb 5f 42 d5  76 7f 68 db  1f df a5 b3
|   c3 fe d6 5a  3d 92 5b 51  21 08 c8 7d  47 e8 74 e7
|   db 91 23 b8  7f 1c 14 d2  f7 f8 46 c0  7e 89 9f ea
|   75 37 06 75  1b 74 a9 2a  3e 6f 94 cb  7b af 56 8f
|   cd 70 58 b4  ec 6d b6 ef  07 02 40 11  f0 65 80 1d
|   f9 7d 5b bd  57 61 a4 8c  f6 3e 87 41  49 a8 79 c5
|   ba 7e cb 85  70 2a a8 17  20 48 ca c2  1e 8c 95 9f
|   c6 41 2f c2  4d 20 00 13  b9 10 1c 82  bc 70 04 3a
|   07 52 7e 8a  4d 3f 76 0e  68 59 9c 1b  a3 32 fa 04
|   49 05 4d fa  b7 1b 53 f1  5b 3f 73 20  15 02 83 e4
|   ef 80 c6 c7  a1 89 d6 ce  42 3c 3e 05  0e 57 f2 ef
|   e8 d8 4b 0b  69 87 fb 29  ee f7 43 52  33 1b 60 11
|   91 44 13 9f  5d 8b a1 f8  7a de 4c f6  be de de b0
|   44 59 e3 ef  e8 a0 26 03  24 6a 3c 6b  68 c9 f9 83
|   ff 5f 70 6b  2e 90 f5 f7  58 82 3e 20  cf eb 4d 33
|   dd 83 a6 7a  18 72 4c 25  72 2a b6 46  13 10 19 1d
|   52 bf d7 83  e3 a2 1b 38  f0 5e b0 33  87 95 bc ff
|   95 d6 fd 53  b0 0a 3e 72  9a b2 fd c9  33 38 62 ec
|   ab ae c0 9d  32 ff e4 cb  ff 74 5b 1a
| *received 308 bytes from 192.1.2.23:500 on eth0 (port=500)
|   00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   21 20 22 20  00 00 00 00  00 00 01 34  22 80 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  28 00 00 c8  00 05 00 00
|   cd 30 df 6e  c0 85 44 12  53 01 80 d8  7e 1a fb b3
|   26 79 3e 99  56 c8 6a 96  25 53 c2 77  ad 5b ab 50
|   f8 32 5a d8  64 0b 0e fe  a5 1d 6c 83  1f a1 7c fb
|   0f 2e 1a f4  b1 66 a0 fe  30 75 12 ad  0f 81 ab b8
|   aa fb 68 48  ec 10 a4 97  6c 3d b1 17  ec e1 e6 61
|   db bf 48 0c  28 2e 3f 11  07 c1 86 42  80 1e e8 3f
|   9e 4a b9 ab  63 6f 23 7d  aa f6 a7 aa  d8 22 99 3e
|   a4 1e a3 31  ee 27 82 0b  93 f5 0b 8f  3f 71 05 61
|   c9 25 70 26  97 ba 6b 1e  95 3c 21 fb  c9 a7 7d 2b
|   5f 87 3c fc  50 99 e7 7d  48 4c dd 52  66 4b cf 0d
|   bf 00 ca fd  ae 6d e7 14  6d 11 35 f6  5d 93 5f 60
|   b9 73 0f e0  49 2c 2a f8  c9 04 f6 4c  59 16 90 9d
|   2b 80 00 14  47 e9 f9 25  8c a2 38 58  f6 75 b1 66
|   b0 2c c2 92  00 00 00 10  4f 45 73 40  40 7a 4a 56
|   57 5b 6a 5d
| **parse ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   c0 2e 7a 30  31 a0 31 88
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
|    length: 308
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34)
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  c0 2e 7a 30  31 a0 31 88
| state hash entry 30
| v2 peer and cookies match on #1
| v2 state object #1 found, in STATE_PARENT_I2
| responding peer retransmitted msgid 0
| deleting state #1
| deleting state #2
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  c0 2e 7a 30  31 a0 31 88
| state hash entry 30
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_prop
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: 4 * sa copy attrs array
../parentI2duplicate leak: sa copy trans array
../parentI2duplicate leak: sa copy prop array
../parentI2duplicate leak: sa copy prop conj array
../parentI2duplicate leak: sa copy prop_conj
../parentI2duplicate leak: ikev2_inR1outI2 KE
../parentI2duplicate leak: long term secret
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_prop
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: msg_digest
../parentI2duplicate leak: ikev2_outI1 KE
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_prop
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: db_v2_trans
../parentI2duplicate leak: db_v2_prop_conj
../parentI2duplicate leak: myid string
../parentI2duplicate leak: my FQDN
../parentI2duplicate leak: host_pair
../parentI2duplicate leak: host ip
../parentI2duplicate leak: keep id name
../parentI2duplicate leak: host ip
../parentI2duplicate leak: keep id name
../parentI2duplicate leak: connection name
../parentI2duplicate leak: struct connection
../parentI2duplicate leak: policies path
../parentI2duplicate leak: ocspcerts path
../parentI2duplicate leak: aacerts path
../parentI2duplicate leak: certs path
../parentI2duplicate leak: private path
../parentI2duplicate leak: crls path
../parentI2duplicate leak: cacert path
../parentI2duplicate leak: acert path
../parentI2duplicate leak: 7 * default conf
../parentI2duplicate leak: 2 * hasher name
TCPDUMP output
reading from file parentI2.pcap, link-type NULL (BSD loopback)
IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 536, bad cksum 0 (->f48e)!)
    192.1.2.45.500 > 192.1.2.23.500: [no cksum] isakmp 2.0 msgid 00000000 cookie 0001020304050607->0000000000000000: parent_sa ikev2_init[I]:
    (sa[C]: len=240
        (p: #1 protoid=isakmp transform=4 len=40
            (t: #1 type=encr id=aes )
            (t: #2 type=integ id=hmac-sha )
            (t: #3 type=prf id=hmac-sha )
            (t: #4 type=dh id=modp1536 ))
        (p: #2 protoid=isakmp transform=4 len=40
            (t: #1 type=encr id=aes )
            (t: #2 type=integ id=hmac-sha )
            (t: #3 type=prf id=hmac-md5 )
            (t: #4 type=dh id=modp1536 ))
        (p: #3 protoid=isakmp transform=4 len=40
            (t: #1 type=encr id=3des )
            (t: #2 type=integ id=hmac-sha )
            (t: #3 type=prf id=hmac-sha )
            (t: #4 type=dh id=modp1536 ))
        (p: #4 protoid=isakmp transform=4 len=40
            (t: #1 type=encr id=3des )
            (t: #2 type=integ id=hmac-sha )
            (t: #3 type=prf id=hmac-md5 )
            (t: #4 type=dh id=modp1536 ))
        (p: #5 protoid=isakmp transform=4 len=40
            (t: #1 type=encr id=3des )
            (t: #2 type=integ id=hmac-sha )
            (t: #3 type=prf id=hmac-sha )
            (t: #4 type=dh id=modp1024 ))
        (p: #6 protoid=isakmp transform=4 len=40
            (t: #1 type=encr id=3des )
            (t: #2 type=integ id=hmac-sha )
            (t: #3 type=prf id=hmac-md5 )
            (t: #4 type=dh id=modp1024 )))
    (v2ke: len=192 group=modp1536)
    (nonce[C]: len=16 nonce=(b5ce8419095c6e2b6b62d3055305b3c4) )
    (v2vid: len=12 vid=OEababababab)
IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 504, bad cksum 0 (->f4ae)!)
    192.1.2.45.500 > 192.1.2.23.500: [no cksum] isakmp 2.0 msgid 00000001 cookie 0001020304050607->c02e7a3031a03188: child_sa  ikev2_auth[I]:
    (v2e[C]: len=444
            (v2IDi: len=8 fqdn:west)
            (v2auth: len=196 method=rsasig authdata=(000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) )
            (sa[C]: len=144
                (p: #1 protoid=ipsec-esp transform=3 len=36 spi=12345678
                    (t: #1 type=encr id=aes )
                    (t: #2 type=integ id=hmac-sha )
                    (t: #3 type=esn id=no-esn ))
                (p: #2 protoid=ipsec-esp transform=3 len=36 spi=12345678
                    (t: #1 type=encr id=aes )
                    (t: #2 type=integ id=hmac-sha )
                    (t: #3 type=esn id=no-esn ))
                (p: #3 protoid=ipsec-esp transform=3 len=36 spi=12345678
                    (t: #1 type=encr id=3des )
                    (t: #2 type=integ id=hmac-sha )
                    (t: #3 type=esn id=no-esn ))
                (p: #4 protoid=ipsec-esp transform=3 len=36 spi=12345678
                    (t: #1 type=encr id=3des )
                    (t: #2 type=integ id=hmac-sha )
                    (t: #3 type=esn id=no-esn )))
            (v2TSi: len=20)
            (v2TSr: len=20))
