./parentR1 ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
./parentR1 ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
./parentR1 ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
./parentR1 loading secrets from "../samples/jj.secrets"
./parentR1 loaded private key for keyid: PPK_RSA:AQOg5H7A4
| processing whack message of size: A
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| find_host_pair: looking for me=<none>:500 %any him=<none>:500 any-match
| find_host_pair: concluded with <none>
| found_host_pair_conn (check_connection_end): %any:500 %any/%any:500 -> hp:none
| Added new connection any1--jj2 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
| counting wild cards for @jamesjohnson.emmjay.credil.org is 0
| counting wild cards for @parker01.emmjay.credil.org is 0
| orient any1--jj2 checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient any1--jj2 finished with: 1 [132.213.238.7]
| find_host_pair: looking for me=132.213.238.7:500 %any him=0.0.0.0:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 132.213.238.7:500 %any 0.0.0.0:500 -> hp:none
| find_ID_host_pair: looking for me=@jamesjohnson.emmjay.credil.org him=@parker01.emmjay.credil.org (exact)
|   concluded with <none>
./parentR1 adding connection: "any1--jj2"
| fd68:c9f9:4157::/64===132.213.238.7[@jamesjohnson.emmjay.credil.org]...%any[@parker01.emmjay.credil.org]===fd68:c9f9:4157:2:0:1::/96
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|   orient any1--jj2 finished with: 1 [132.213.238.7]
RC=0 "any1--jj2": fd68:c9f9:4157::/64===132.213.238.7[@jamesjohnson.emmjay.credil.org]...%any[@parker01.emmjay.credil.org]===fd68:c9f9:4157:2:0:1::/96; unrouted; eroute owner: #0
RC=0 "any1--jj2":     myip=unset; hisip=unset;
RC=0 "any1--jj2":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
RC=0 "any1--jj2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK; prio: 64,96; interface: eth0; kind=CK_PERMANENT
| *received 836 bytes from 10.10.5.4:500 on eth0 (port=500)
|   56 11 47 13  4b 1d 6d 52  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 03 44  22 00 01 fc
|   02 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  02 00 00 2c
|   02 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 28  03 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 02  00 00 00 08  04 00 00 0e
|   02 00 00 28  04 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 2c  05 01 00 04
|   03 00 00 0c  01 00 00 0c  80 0e 00 80  03 00 00 08
|   03 00 00 02  03 00 00 08  02 00 00 02  00 00 00 08
|   04 00 00 05  02 00 00 2c  06 01 00 04  03 00 00 0c
|   01 00 00 0c  80 0e 00 80  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  07 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  08 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  09 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  02 00 00 28  0a 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   02 00 00 2c  0b 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 02  00 00 00 2c
|   0c 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 02  28 00 01 08  00 0e 00 00
|   cd 28 ed 56  01 b3 cf 68  8c db a8 f1  2a 85 29 02
|   5c c8 0b c0  16 67 1c 66  25 f0 66 1d  0c 70 84 0d
|   7c b1 47 31  4d 5c f6 44  a2 0c 6a 4c  21 58 01 ed
|   f2 aa 91 21  ae b0 d1 d8  3d bc a0 46  d5 05 12 5e
|   8e da 81 8d  d1 05 27 da  18 57 ed 32  a3 ea de 8e
|   13 fb 77 ec  db 59 58 aa  16 15 2e 7a  0d 5e 65 db
|   0f c7 35 ce  a2 f9 c1 bf  63 9b ff 5e  14 97 a9 ba
|   bd 69 93 3c  2e 9f 76 b6  b6 fe 4c ac  a3 54 60 48
|   5d d0 61 18  26 ca 51 25  13 d1 55 8b  13 0d c8 ad
|   17 83 cb dc  b7 e3 ea 00  c9 e7 66 75  6b 9e 82 9b
|   b0 9d 15 ba  ff 37 2c ce  ba b1 8c 7d  8c 4d 63 c0
|   66 4b d6 33  49 fe 8d 36  2b ad 84 6b  7e 9e eb a1
|   af 8d 7b 53  65 58 46 ea  35 f8 51 04  52 f3 2f eb
|   33 9c cc f1  bf 9a 6d 54  7e 7d aa 9b  4e 06 3d 9d
|   d3 fb 25 df  37 9b 75 00  97 f0 f6 ba  ab b1 6c f1
|   23 c5 68 50  4c ab f0 9f  0f 81 f9 e0  d5 f7 4d 58
|   2b 00 00 14  1f c5 78 27  34 b4 87 be  5e 3a 7c 5a
|   16 48 e8 b6  00 00 00 10  4f 53 57 6b  53 4f 59 66
|   48 78 66 5d
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34), msgid: 00000000
| I am IKE SA Responder
| ICOOKIE:  56 11 47 13  4b 1d 6d 52
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 6
| v2 state object not found
| ICOOKIE:  56 11 47 13  4b 1d 6d 52
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 6
| v2 state object not found
| considering state entry: 0
|   reject:state needed and state unavailable
| considering state entry: 1
|   reject:state needed and state unavailable
| considering state entry: 2
|   reject:state needed and state unavailable
| considering state entry: 3
| Now lets proceed with state specific processing
| find_host_connection2 called from ikev2parent_inI1outR1, me=132.213.238.7:500 him=10.10.5.4:500 policy=IKEv2ALLOW/-
| find_host_pair: looking for me=132.213.238.7:500 %address him=10.10.5.4:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %any him=0.0.0.0:500
| find_host_pair: concluded with any1--jj2
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %address/10.10.5.4:500 -> hp:any1--jj2
| searching for connection with policy = IKEv2ALLOW/-
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK (any1--jj2)
| find_host_connection2 returns any1--jj2 (ike=none/none)
./parentR1 tentatively considering connection: any1--jj2
| creating state object #1 at Z
| orient any1--jj2 checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient any1--jj2 finished with: 1 [132.213.238.7]
| ICOOKIE:  56 11 47 13  4b 1d 6d 52
| RCOOKIE:  a9 e1 ff 4d  1c 8b b8 19
| state hash entry 12
| inserting state object #1 bucket: 12
| will not send/process a dcookie
| **emit ISAKMP Message:
|    initiator cookie:
|   56 11 47 13  4b 1d 6d 52
|    responder cookie:
|   a9 e1 ff 4d  1c 8b b8 19
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
| ***emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: none
| ****emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 1
|    proto ID: 1
|    spi size: 0
|    # transforms: 4
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| ******emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 2
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 4
|    transform ID: 14
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 44
| emitting length of IKEv2 Security Association Payload: 48
| ***emit IKEv2 Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_v2Ni
|    critical bit: none
|    transform type: 14
| emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
| ikev2 g^x  a5 9a 13 6c  b8 87 48 57  e1 22 6e a0  b8 55 c2 00
|   31 15 65 84  8b f9 dc a4  5f 49 d4 c5  f0 98 8e 9b
|   31 85 6e 27  5a c2 75 09  07 37 05 b5  b1 53 18 07
|   81 e8 1d 07  c6 19 1c de  dc 1f 2c 26  d2 0b 59 f9
|   67 6a ee 3c  e5 fa 72 3f  54 96 1e 7d  8e d0 30 08
|   0b ed 95 b0  65 2f 5c a6  36 7e 92 2d  da cb 88 54
|   e3 97 fa 16  6f 9e 7c a6  0c 43 2f 29  be 2c a4 55
|   68 01 45 bc  56 a9 84 b9  2b 1b bf 9a  fc 84 67 5f
|   d3 04 79 90  b7 fa 89 5b  04 06 d5 9a  50 92 16 4b
|   d6 33 40 be  2a 44 94 74  33 a7 a5 c1  1f 88 5b eb
|   4e d2 bb 94  b9 22 db e3  b6 5a 8c f9  d6 43 5d 5e
|   5d c9 19 b8  c8 81 53 01  95 09 02 7b  c0 2a b0 c8
|   5d 2c 69 78  6c e8 f6 5d  e4 90 43 83  fd f7 98 5e
|   cc 92 5c 79  7b 62 ae 98  db 4f 7f e0  68 7c cd 29
|   69 0a ad a3  e8 37 d7 41  b4 79 b3 a5  38 a2 8d a0
|   69 ff bd aa  ba d5 54 70  40 ab b5 fc  26 6d ae ce
| emitting length of IKEv2 Key Exchange Payload: 264
| ***emit IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2V
|    critical bit: none
| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
| IKEv2 nonce  c6 ba 31 9f  88 5b e7 b7  a2 93 85 dc  bb c6 15 84
| emitting length of IKEv2 Nonce Payload: 20
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID  4f 45 70 6c  75 74 6f 75  6e 69 74 30
| emitting length of ISAKMP Vendor ID Payload: 16
| emitting length of ISAKMP Message: 376
| complete v2 state transition with STF_OK
./parentR1 transition from state STATE_IKEv2_START to state STATE_PARENT_R1
./parentR1 STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=oakley_sha group=modp2048} (msgid: 00000000)
| sending reply packet to 10.10.5.4:500 (from port 500)
sending 376 bytes for STATE_IKEv2_START through eth0:500 to 10.10.5.4:500 (using #1)
|   56 11 47 13  4b 1d 6d 52  a9 e1 ff 4d  1c 8b b8 19
|   21 20 22 20  00 00 00 00  00 00 01 78  22 00 00 30
|   00 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  28 00 01 08
|   00 0e 00 00  a5 9a 13 6c  b8 87 48 57  e1 22 6e a0
|   b8 55 c2 00  31 15 65 84  8b f9 dc a4  5f 49 d4 c5
|   f0 98 8e 9b  31 85 6e 27  5a c2 75 09  07 37 05 b5
|   b1 53 18 07  81 e8 1d 07  c6 19 1c de  dc 1f 2c 26
|   d2 0b 59 f9  67 6a ee 3c  e5 fa 72 3f  54 96 1e 7d
|   8e d0 30 08  0b ed 95 b0  65 2f 5c a6  36 7e 92 2d
|   da cb 88 54  e3 97 fa 16  6f 9e 7c a6  0c 43 2f 29
|   be 2c a4 55  68 01 45 bc  56 a9 84 b9  2b 1b bf 9a
|   fc 84 67 5f  d3 04 79 90  b7 fa 89 5b  04 06 d5 9a
|   50 92 16 4b  d6 33 40 be  2a 44 94 74  33 a7 a5 c1
|   1f 88 5b eb  4e d2 bb 94  b9 22 db e3  b6 5a 8c f9
|   d6 43 5d 5e  5d c9 19 b8  c8 81 53 01  95 09 02 7b
|   c0 2a b0 c8  5d 2c 69 78  6c e8 f6 5d  e4 90 43 83
|   fd f7 98 5e  cc 92 5c 79  7b 62 ae 98  db 4f 7f e0
|   68 7c cd 29  69 0a ad a3  e8 37 d7 41  b4 79 b3 a5
|   38 a2 8d a0  69 ff bd aa  ba d5 54 70  40 ab b5 fc
|   26 6d ae ce  2b 00 00 14  c6 ba 31 9f  88 5b e7 b7
|   a2 93 85 dc  bb c6 15 84  00 00 00 10  4f 45 70 6c
|   75 74 6f 75  6e 69 74 30
./parentR1 deleting state #1 (STATE_PARENT_R1)
./parentR1 deleting connection
| pass 0: considering CHILD SAs to delete
| pass 1: considering PARENT SAs to delete
./parentR1 leak: ikev2_inI1outR1 KE, item size: X
./parentR1 leak: msg_digest, item size: X
./parentR1 leak: policies path, item size: X
./parentR1 leak: ocspcerts path, item size: X
./parentR1 leak: aacerts path, item size: X
./parentR1 leak: certs path, item size: X
./parentR1 leak: private path, item size: X
./parentR1 leak: crls path, item size: X
./parentR1 leak: cacert path, item size: X
./parentR1 leak: acert path, item size: X
./parentR1 leak: default conf var_dir, item size: X
./parentR1 leak: default conf conffile, item size: X
./parentR1 leak: default conf ipsecd_dir, item size: X
./parentR1 leak: default conf ipsec_conf_dir, item size: X
./parentR1 leak: 2 * id list, item size: X
./parentR1 leak: secret, item size: X
./parentR1 leak: 2 * hasher name, item size: X
./parentR1 leak detective found Z leaks, total size X
Pre-amble (offset: X): #!-pluto-whack-file- recorded on FOO
