./respondselfR2 ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
./respondselfR2 ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
./respondselfR2 ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
./respondselfR2 loading secrets from "../samples/jj.secrets"
./respondselfR2 loaded private key for keyid: PPK_RSA:AQOg5H7A4
| processing whack message of size: A
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| find_host_pair: looking for me=<none>:500 %any him=<none>:500 any-match
| find_host_pair: concluded with <none>
| found_host_pair_conn (check_connection_end): %any:500 %any/%any:500 -> hp:none
| Added new connection gateway--any with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
| counting wild cards for @jamesjohnson.emmjay.credil.org is 0
| counting wild cards for @example.com is 0
| orient gateway--any checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient gateway--any finished with: 1 [132.213.238.7]
| find_host_pair: looking for me=132.213.238.7:500 %any him=0.0.0.0:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 132.213.238.7:500 %any 0.0.0.0:500 -> hp:none
| find_ID_host_pair: looking for me=@jamesjohnson.emmjay.credil.org him=@example.com (exact)
|   concluded with <none>
./respondselfR2 adding connection: "gateway--any"
| 10.2.0.0/16===132.213.238.7[@jamesjohnson.emmjay.credil.org]...%any[@example.com]
| ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|   orient gateway--any finished with: 1 [132.213.238.7]
RC=0 "gateway--any": 10.2.0.0/16===132.213.238.7[@jamesjohnson.emmjay.credil.org]...%any[@example.com]; unrouted; eroute owner: #0
RC=0 "gateway--any":     myip=unset; hisip=unset;
RC=0 "gateway--any":   ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1
RC=0 "gateway--any":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK; prio: 16,32; interface: eth0; kind=CK_PERMANENT
0: input from parentI1.pcap
| *received 836 bytes from 93.184.216.34:500 on eth0 (port=500)
|   80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 03 44  22 00 01 fc
|   02 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  02 00 00 2c
|   02 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 28  03 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 02  00 00 00 08  04 00 00 0e
|   02 00 00 28  04 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 2c  05 01 00 04
|   03 00 00 0c  01 00 00 0c  80 0e 00 80  03 00 00 08
|   03 00 00 02  03 00 00 08  02 00 00 02  00 00 00 08
|   04 00 00 05  02 00 00 2c  06 01 00 04  03 00 00 0c
|   01 00 00 0c  80 0e 00 80  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  07 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  08 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  09 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  02 00 00 28  0a 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   02 00 00 2c  0b 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 02  00 00 00 2c
|   0c 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 02  28 00 01 08  00 0e 00 00
|   3d a6 6a 81  e2 92 09 be  18 4f a0 1e  5c ed ea 7c
|   7d 7b 3a 21  3e 15 0d 53  5d 17 6a be  1b c5 70 ab
|   34 47 bc 09  14 7c aa 91  9c 8f 81 dc  1e f9 87 cd
|   6a ec fa f3  a5 9e 37 bc  ac 3d fd e1  32 8e e8 b3
|   fe d3 8b f4  7b 50 34 13  33 7a 93 ea  e9 3c 0e 8b
|   bd 48 18 9c  9e 03 70 f2  55 ce 45 22  9f c7 c9 48
|   43 a3 e2 64  b5 5d 43 38  c8 fe f1 d3  06 43 f0 0a
|   e8 6d 61 8c  60 78 d9 98  d3 1b 3b 5e  f5 a6 e8 2f
|   ef 56 ac b4  33 bd 1e 62  b2 3e 0b 17  af 6c b8 31
|   08 d7 19 5a  7b c4 54 c2  13 47 98 c2  cc d2 16 29
|   75 6c 03 fb  1e 9c 9d 21  0c a1 e6 c2  f3 f2 49 2c
|   f6 06 73 c1  96 1e ce 58  81 01 1c cb  16 dc f9 fc
|   c7 93 08 75  58 16 57 71  69 96 66 b7  a9 81 7f f7
|   37 4d 7c 41  38 62 a6 39  00 81 ca 3d  1d fc f7 b5
|   08 38 d4 34  70 22 6c 21  d2 5b 20 a1  d2 ba 2a d1
|   89 f3 20 79  ce ac 1e c2  ec 7d ae 76  94 40 39 a0
|   2b 00 00 14  20 98 9d 37  a8 14 a6 4d  8f f0 7c 08
|   d3 20 e9 e3  00 00 00 10  4f 45 70 6c  75 74 6f 75
|   6e 69 74 30
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34), msgid: 00000000
| I am IKE SA Responder
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| considering state entry: 0
|   reject:state needed and state unavailable
| considering state entry: 1
|   reject:state needed and state unavailable
| considering state entry: 2
|   reject:state needed and state unavailable
| considering state entry: 3
| Now lets proceed with state specific processing
| find_host_connection2 called from ikev2parent_inI1outR1, me=132.213.238.7:500 him=93.184.216.34:500 policy=IKEv2ALLOW/-
| find_host_pair: looking for me=132.213.238.7:500 %address him=93.184.216.34:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %any him=0.0.0.0:500
| find_host_pair: concluded with gateway--any
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %address/93.184.216.34:500 -> hp:gateway--any
| searching for connection with policy = IKEv2ALLOW/-
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK (gateway--any)
| find_host_connection2 returns gateway--any (ike=none/none)
./respondselfR2 tentatively considering connection: gateway--any
| creating state object #1 at Z
| orient gateway--any checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient gateway--any finished with: 1 [132.213.238.7]
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  64 0a 06 43  5c 7c 4b 31
| state hash entry 5
| inserting state object #1 bucket: 5
| will not send/process a dcookie
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   64 0a 06 43  5c 7c 4b 31
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
| ***emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: none
| ****emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 1
|    proto ID: 1
|    spi size: 0
|    # transforms: 4
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| ******emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 2
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 4
|    transform ID: 14
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 44
| emitting length of IKEv2 Security Association Payload: 48
| ***emit IKEv2 Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_v2Ni
|    critical bit: none
|    transform type: 14
| emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
| ikev2 g^x  a5 9a 13 6c  b8 87 48 57  e1 22 6e a0  b8 55 c2 00
|   31 15 65 84  8b f9 dc a4  5f 49 d4 c5  f0 98 8e 9b
|   31 85 6e 27  5a c2 75 09  07 37 05 b5  b1 53 18 07
|   81 e8 1d 07  c6 19 1c de  dc 1f 2c 26  d2 0b 59 f9
|   67 6a ee 3c  e5 fa 72 3f  54 96 1e 7d  8e d0 30 08
|   0b ed 95 b0  65 2f 5c a6  36 7e 92 2d  da cb 88 54
|   e3 97 fa 16  6f 9e 7c a6  0c 43 2f 29  be 2c a4 55
|   68 01 45 bc  56 a9 84 b9  2b 1b bf 9a  fc 84 67 5f
|   d3 04 79 90  b7 fa 89 5b  04 06 d5 9a  50 92 16 4b
|   d6 33 40 be  2a 44 94 74  33 a7 a5 c1  1f 88 5b eb
|   4e d2 bb 94  b9 22 db e3  b6 5a 8c f9  d6 43 5d 5e
|   5d c9 19 b8  c8 81 53 01  95 09 02 7b  c0 2a b0 c8
|   5d 2c 69 78  6c e8 f6 5d  e4 90 43 83  fd f7 98 5e
|   cc 92 5c 79  7b 62 ae 98  db 4f 7f e0  68 7c cd 29
|   69 0a ad a3  e8 37 d7 41  b4 79 b3 a5  38 a2 8d a0
|   69 ff bd aa  ba d5 54 70  40 ab b5 fc  26 6d ae ce
| emitting length of IKEv2 Key Exchange Payload: 264
| ***emit IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2V
|    critical bit: none
| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
| IKEv2 nonce  c6 ba 31 9f  88 5b e7 b7  a2 93 85 dc  bb c6 15 84
| emitting length of IKEv2 Nonce Payload: 20
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID  4f 45 70 6c  75 74 6f 75  6e 69 74 30
| emitting length of ISAKMP Vendor ID Payload: 16
| emitting length of ISAKMP Message: 376
| complete v2 state transition with STF_OK
./respondselfR2 transition from state STATE_IKEv2_START to state STATE_PARENT_R1
./respondselfR2 STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=oakley_sha group=modp2048} (msgid: 00000000)
| sending reply packet to 93.184.216.34:500 (from port 500)
sending 376 bytes for STATE_IKEv2_START through eth0:500 to 93.184.216.34:500 (using #1)
|   80 01 02 03  04 05 06 07  64 0a 06 43  5c 7c 4b 31
|   21 20 22 20  00 00 00 00  00 00 01 78  22 00 00 30
|   00 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  28 00 01 08
|   00 0e 00 00  a5 9a 13 6c  b8 87 48 57  e1 22 6e a0
|   b8 55 c2 00  31 15 65 84  8b f9 dc a4  5f 49 d4 c5
|   f0 98 8e 9b  31 85 6e 27  5a c2 75 09  07 37 05 b5
|   b1 53 18 07  81 e8 1d 07  c6 19 1c de  dc 1f 2c 26
|   d2 0b 59 f9  67 6a ee 3c  e5 fa 72 3f  54 96 1e 7d
|   8e d0 30 08  0b ed 95 b0  65 2f 5c a6  36 7e 92 2d
|   da cb 88 54  e3 97 fa 16  6f 9e 7c a6  0c 43 2f 29
|   be 2c a4 55  68 01 45 bc  56 a9 84 b9  2b 1b bf 9a
|   fc 84 67 5f  d3 04 79 90  b7 fa 89 5b  04 06 d5 9a
|   50 92 16 4b  d6 33 40 be  2a 44 94 74  33 a7 a5 c1
|   1f 88 5b eb  4e d2 bb 94  b9 22 db e3  b6 5a 8c f9
|   d6 43 5d 5e  5d c9 19 b8  c8 81 53 01  95 09 02 7b
|   c0 2a b0 c8  5d 2c 69 78  6c e8 f6 5d  e4 90 43 83
|   fd f7 98 5e  cc 92 5c 79  7b 62 ae 98  db 4f 7f e0
|   68 7c cd 29  69 0a ad a3  e8 37 d7 41  b4 79 b3 a5
|   38 a2 8d a0  69 ff bd aa  ba d5 54 70  40 ab b5 fc
|   26 6d ae ce  2b 00 00 14  c6 ba 31 9f  88 5b e7 b7
|   a2 93 85 dc  bb c6 15 84  00 00 00 10  4f 45 70 6c
|   75 74 6f 75  6e 69 74 30
1: output to OUTPUT/parentR2.pcap
1: input from parentI2.pcap
| *received 492 bytes from 93.184.216.34:500 on eth0 (port=500)
|   80 01 02 03  04 05 06 07  64 0a 06 43  5c 7c 4b 31
|   2e 20 23 08  00 00 00 01  00 00 01 ec  23 00 01 d0
|   80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   e2 e7 56 4f  b8 f9 1e 31  2d 67 40 ce  dc 28 3e f6
|   fe 6f 4b 2e  73 7c 09 db  6b 44 35 b6  9d 13 04 de
|   e6 46 3e f6  fa f6 46 ad  6b 6d 2b f0  45 73 73 89
|   d3 6e 0a 55  01 61 c6 42  42 c7 2e e7  46 eb a3 3d
|   d0 5d 01 a5  ed 23 d2 79  d0 e8 ae ad  b6 52 73 f7
|   04 83 ca 09  9d 72 3e 45  40 26 df 71  ea 40 58 26
|   66 e6 c3 fc  19 03 ce ed  35 33 66 7a  87 2d 38 db
|   38 bc e1 25  cf 18 9e da  59 82 f6 ac  36 6b 74 e0
|   e0 5e 9e 2a  e9 8d b6 f9  3d 4e 81 57  1b 38 da 59
|   95 42 a9 05  97 ab 8b 34  24 29 ed 80  fb 6a 0e a2
|   aa 88 de fa  c3 4e fc 5c  d6 19 53 ea  cc f8 62 17
|   1e 40 9e 06  16 43 fb e9  8f 00 de e2  29 0e 34 55
|   33 33 87 27  88 ec 2b 36  90 7a b5 6c  dd 1d c1 5b
|   3a 9b aa 82  6b 45 63 1b  d7 9e 56 dd  4d 5d 27 3d
|   81 68 71 bc  15 74 16 2c  c6 8f c5 e2  f1 a8 90 c9
|   2f 36 7f ef  71 e2 d8 c3  60 6a 76 be  9c 45 d5 4f
|   ff b8 6e ed  93 1b cb 58  9a 3d a5 c0  93 40 bd da
|   b3 e4 32 1b  9d 2f ca ce  24 a9 ea 8e  65 6e 9a 2f
|   d1 db 0e b5  34 85 05 24  04 c2 75 b0  5f 9e a7 8d
|   09 47 96 86  80 f5 66 2f  df c0 c3 e0  cf 3d 6d 21
|   5a 73 6c a0  df 9e 25 2a  ac bd a4 18  05 25 45 87
|   a7 a2 5d 0c  03 50 ee 2a  fd b0 5e 19  e1 b0 5c 64
|   f0 6b 78 e8  bf b9 91 dd  ca f8 0c 2f  78 64 a3 d3
|   da c6 5d 42  c4 1c 63 4f  1c bd 40 bf  fa 75 6a dd
|   e2 11 5e 08  5a 9b d9 b1  a2 cb a2 ed  de 17 f3 9f
|   f9 40 80 dc  a0 ae 25 cf  3c 52 87 ad  92 09 ed 85
|   fe 4e 77 f4  b8 30 4c 86  2e f5 48 7d  4e 99 77 c2
|   34 b1 4b 3d  17 54 f9 5f  fa 8c 22 6b
|  processing version=2.0 packet with exchange type=ISAKMP_v2_AUTH (35), msgid: 00000001
| I am IKE SA Responder
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  64 0a 06 43  5c 7c 4b 31
| state hash entry 5
| v2 state object not found
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  64 0a 06 43  5c 7c 4b 31
| state hash entry 5
| v2 peer and cookies match on #1
| v2 state object #1 (gateway--any) found, in STATE_PARENT_R1
| state found and its state is:STATE_PARENT_R1 msgid: 00001
| considering state entry: 0
|   reject: in state: STATE_PARENT_R1, needs STATE_PARENT_I1
| considering state entry: 1
|   reject: in state: STATE_PARENT_R1, needs STATE_PARENT_I1
| considering state entry: 2
|   reject: in state: STATE_PARENT_R1, needs STATE_PARENT_I2
| considering state entry: 3
|   reject:state unneeded and state available
| considering state entry: 4
| Now lets proceed with state specific processing
| ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
| ikev2 parent SA details
| ikev2 I 0x8001020304050607 0x640a06435c7c4b31 sha1:0x4ea8e662b07cdd430f6944c6723e4b82d5722418 aes128:0x3f44bf47cafd8150591deb088199fcbf
| ikev2 R 0x8001020304050607 0x640a06435c7c4b31 sha1:0x515b0bd22e6d76b34fdb760aa7bfad80b109b75d aes128:0xbedb67ec7dc3d00cccac42e70cd63bde
| data being hmac:  80 01 02 03  04 05 06 07  64 0a 06 43  5c 7c 4b 31
|   2e 20 23 08  00 00 00 01  00 00 01 ec  23 00 01 d0
|   80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   e2 e7 56 4f  b8 f9 1e 31  2d 67 40 ce  dc 28 3e f6
|   fe 6f 4b 2e  73 7c 09 db  6b 44 35 b6  9d 13 04 de
|   e6 46 3e f6  fa f6 46 ad  6b 6d 2b f0  45 73 73 89
|   d3 6e 0a 55  01 61 c6 42  42 c7 2e e7  46 eb a3 3d
|   d0 5d 01 a5  ed 23 d2 79  d0 e8 ae ad  b6 52 73 f7
|   04 83 ca 09  9d 72 3e 45  40 26 df 71  ea 40 58 26
|   66 e6 c3 fc  19 03 ce ed  35 33 66 7a  87 2d 38 db
|   38 bc e1 25  cf 18 9e da  59 82 f6 ac  36 6b 74 e0
|   e0 5e 9e 2a  e9 8d b6 f9  3d 4e 81 57  1b 38 da 59
|   95 42 a9 05  97 ab 8b 34  24 29 ed 80  fb 6a 0e a2
|   aa 88 de fa  c3 4e fc 5c  d6 19 53 ea  cc f8 62 17
|   1e 40 9e 06  16 43 fb e9  8f 00 de e2  29 0e 34 55
|   33 33 87 27  88 ec 2b 36  90 7a b5 6c  dd 1d c1 5b
|   3a 9b aa 82  6b 45 63 1b  d7 9e 56 dd  4d 5d 27 3d
|   81 68 71 bc  15 74 16 2c  c6 8f c5 e2  f1 a8 90 c9
|   2f 36 7f ef  71 e2 d8 c3  60 6a 76 be  9c 45 d5 4f
|   ff b8 6e ed  93 1b cb 58  9a 3d a5 c0  93 40 bd da
|   b3 e4 32 1b  9d 2f ca ce  24 a9 ea 8e  65 6e 9a 2f
|   d1 db 0e b5  34 85 05 24  04 c2 75 b0  5f 9e a7 8d
|   09 47 96 86  80 f5 66 2f  df c0 c3 e0  cf 3d 6d 21
|   5a 73 6c a0  df 9e 25 2a  ac bd a4 18  05 25 45 87
|   a7 a2 5d 0c  03 50 ee 2a  fd b0 5e 19  e1 b0 5c 64
|   f0 6b 78 e8  bf b9 91 dd  ca f8 0c 2f  78 64 a3 d3
|   da c6 5d 42  c4 1c 63 4f  1c bd 40 bf  fa 75 6a dd
|   e2 11 5e 08  5a 9b d9 b1  a2 cb a2 ed  de 17 f3 9f
|   f9 40 80 dc  a0 ae 25 cf  3c 52 87 ad  92 09 ed 85
|   fe 4e 77 f4  b8 30 4c 86  2e f5 48 7d  4e 99 77 c2
| R2 calculated auth:  34 b1 4b 3d  17 54 f9 5f  fa 8c 22 6b
| R2  provided  auth:  34 b1 4b 3d  17 54 f9 5f  fa 8c 22 6b
| authenticator matched, np=35
| data before decryption:
|   e2 e7 56 4f  b8 f9 1e 31  2d 67 40 ce  dc 28 3e f6
|   fe 6f 4b 2e  73 7c 09 db  6b 44 35 b6  9d 13 04 de
|   e6 46 3e f6  fa f6 46 ad  6b 6d 2b f0  45 73 73 89
|   d3 6e 0a 55  01 61 c6 42  42 c7 2e e7  46 eb a3 3d
|   d0 5d 01 a5  ed 23 d2 79  d0 e8 ae ad  b6 52 73 f7
|   04 83 ca 09  9d 72 3e 45  40 26 df 71  ea 40 58 26
|   66 e6 c3 fc  19 03 ce ed  35 33 66 7a  87 2d 38 db
|   38 bc e1 25  cf 18 9e da  59 82 f6 ac  36 6b 74 e0
|   e0 5e 9e 2a  e9 8d b6 f9  3d 4e 81 57  1b 38 da 59
|   95 42 a9 05  97 ab 8b 34  24 29 ed 80  fb 6a 0e a2
|   aa 88 de fa  c3 4e fc 5c  d6 19 53 ea  cc f8 62 17
|   1e 40 9e 06  16 43 fb e9  8f 00 de e2  29 0e 34 55
|   33 33 87 27  88 ec 2b 36  90 7a b5 6c  dd 1d c1 5b
|   3a 9b aa 82  6b 45 63 1b  d7 9e 56 dd  4d 5d 27 3d
|   81 68 71 bc  15 74 16 2c  c6 8f c5 e2  f1 a8 90 c9
|   2f 36 7f ef  71 e2 d8 c3  60 6a 76 be  9c 45 d5 4f
|   ff b8 6e ed  93 1b cb 58  9a 3d a5 c0  93 40 bd da
|   b3 e4 32 1b  9d 2f ca ce  24 a9 ea 8e  65 6e 9a 2f
|   d1 db 0e b5  34 85 05 24  04 c2 75 b0  5f 9e a7 8d
|   09 47 96 86  80 f5 66 2f  df c0 c3 e0  cf 3d 6d 21
|   5a 73 6c a0  df 9e 25 2a  ac bd a4 18  05 25 45 87
|   a7 a2 5d 0c  03 50 ee 2a  fd b0 5e 19  e1 b0 5c 64
|   f0 6b 78 e8  bf b9 91 dd  ca f8 0c 2f  78 64 a3 d3
|   da c6 5d 42  c4 1c 63 4f  1c bd 40 bf  fa 75 6a dd
|   e2 11 5e 08  5a 9b d9 b1  a2 cb a2 ed  de 17 f3 9f
|   f9 40 80 dc  a0 ae 25 cf  3c 52 87 ad  92 09 ed 85
|   fe 4e 77 f4  b8 30 4c 86  2e f5 48 7d  4e 99 77 c2
| decrypted payload:  27 00 00 13  02 00 00 00  65 78 61 6d  70 6c 65 2e
|   63 6f 6d 21  00 00 c8 01  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 2c  00 00 9c 02
|   00 00 28 01  03 04 03 12  34 56 78 03  00 00 0c 01
|   00 00 0c 80  0e 00 80 03  00 00 08 03  00 00 02 00
|   00 00 08 05  00 00 00 02  00 00 28 02  03 04 03 12
|   34 56 78 03  00 00 0c 01  00 00 0c 80  0e 00 80 03
|   00 00 08 03  00 00 01 00  00 00 08 05  00 00 00 02
|   00 00 24 03  03 04 03 12  34 56 78 03  00 00 08 01
|   00 00 03 03  00 00 08 03  00 00 02 00  00 00 08 05
|   00 00 00 00  00 00 24 04  03 04 03 12  34 56 78 03
|   00 00 08 01  00 00 03 03  00 00 08 03  00 00 01 00
|   00 00 08 05  00 00 00 2d  00 00 18 01  00 00 00 07
|   00 00 10 00  00 ff ff 5d  b8 d8 22 5d  b8 d8 22 00
|   00 00 18 01  00 00 00 07  00 00 10 00  00 ff ff 0a
|   02 00 00 0a  02 ff ff 00  01 02 03 04  05 06 07 08
| striping 9 bytes as pad
| **parse IKEv2 Identification Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH
|    critical bit: none
|    length: 19
|    id_type: ID_FQDN
| processing payload: ISAKMP_NEXT_v2IDi (len=19)
| **parse IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA
|    critical bit: none
|    length: 200
|    auth method: v2_AUTH_RSA
| processing payload: ISAKMP_NEXT_v2AUTH (len=200)
| **parse IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi
|    critical bit: none
|    length: 156
| processing payload: ISAKMP_NEXT_v2SA (len=156)
| **parse IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_v2TSr
|    critical bit: none
|    length: 24
|    number of TS: 1
| processing payload: ISAKMP_NEXT_v2TSi (len=24)
| **parse IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: none
|    length: 24
|    number of TS: 1
| processing payload: ISAKMP_NEXT_v2TSr (len=24)
./respondselfR2 IKEv2 mode peer ID is ID_FQDN: '@example.com'
| find_ID_host_pair: looking for me=(none) him=@example.com (wildcard)
|                   comparing to me=@jamesjohnson.emmjay.credil.org him=@example.com (gateway--any)
|   concluded with gateway--any
| idhash verify pi  cc 07 97 44  b4 a3 4e 8a  0d 2f 27 8b  ee 06 6d 07
|   a5 a5 75 2e
| idhash verify I2  02 00 00 00  65 78 61 6d  70 6c 65 2e  63 6f 6d
| ikev2 verify required CA is '%any'
| checking alg=1 == 1, keyid=@example.com same_id=1
|   trusted_ca called with a=(empty) b=(empty)
| key issuer CA is '%any'
| PARENT SA now authenticated, building child and reply
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   64 0a 06 43  5c 7c 4b 31
|    next payload type: ISAKMP_NEXT_v2E
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_AUTH
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 01
| ***emit IKEv2 Encryption Payload:
|    next payload type: ISAKMP_NEXT_v2IDr
|    critical bit: none
| emitting 16 zero bytes of iv into IKEv2 Encryption Payload
| IKEv2 thinking whether to send my certificate:
|  my policy has  RSASIG, the policy is : RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|  sendcert: CERT_ALWAYSSEND and I did not get a certificate request
|  so do not send cert.
| I did not send a certificate because I do not have one.
| *****emit IKEv2 Identification Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH
|    critical bit: none
|    id_type: ID_FQDN
| emitting 30 raw bytes of my identity into IKEv2 Identification Payload
| my identity  6a 61 6d 65  73 6a 6f 68  6e 73 6f 6e  2e 65 6d 6d
|   6a 61 79 2e  63 72 65 64  69 6c 2e 6f  72 67
| emitting length of IKEv2 Identification Payload: 38
| idhash calc pr  e9 00 11 7e  41 d4 31 62  40 b8 63 22  bf 06 9f bc
|   eb 81 58 e7
| idhash calc R2  02 00 00 00  6a 61 6d 65  73 6a 6f 68  6e 73 6f 6e
|   2e 65 6d 6d  6a 61 79 2e  63 72 65 64  69 6c 2e 6f
|   72 67
| assembled IDr payload -- CERT next
| CHILD SA proposals received
| going to assemble AUTH payload
| *****emit IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA
|    critical bit: none
|    auth method: v2_AUTH_RSA
| emitting 192 zero bytes of fake rsa sig into IKEv2 Authentication Payload
| emitting length of IKEv2 Authentication Payload: 200
| ***parse IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    length: 16
|    start port: 0
|    end port: 65535
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  5d b8 d8 22
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  5d b8 d8 22
| ***parse IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    length: 16
|    start port: 0
|    end port: 65535
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  0a 02 00 00
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  0a 02 ff ff
| ikev2_evaluate_connection_fit, evaluating base fit for gateway--any
|   ikev2_evaluate_connection_fit evaluating our I=gateway--any:<self>:0/0 R=10.2.0.0/16:0/0  to their:
|     tsi[0]=93.184.216.34/93.184.216.34 proto=0 portrange 0-65535, tsr[0]=10.2.0.0/10.2.255.255 proto=0 portrange 0-65535
| ei->port 0  tsi[tsi_ni].startport 0  tsi[tsi_ni].endport 65535
|       has ts_range1=0 maskbits1=32 ts_range2=16 maskbits2=16 fitbits=8224 <> -1
| bfit_n=ikev2_evaluate_connection_fit found better fit c gateway--any
|     evaluate_connection_port_fit tsi_n[1], best=-1
|    tsi[0] 0-65535: exact port match with 0.  fitness 65536
|       evaluating_connection_port_fit tsi_n[0], range_i=65536 best=-1
|    tsr[0] 0-65535: exact port match with 0.  fitness 65536
|       evaluating_connection_port_fit tsi_n[0] tsr_n[0], range=65536/65536 best=-1
|     best ports fit so far: tsi[0] fitrange_i 65536, tsr[0] fitrange_r 65536, matchiness 131072
|     port_fitness 131072
| ikev2_evaluate_connection_port_fit found better fit c gateway--any, tsi[0],tsr[0]
| find_ID_host_pair: looking for me=@jamesjohnson.emmjay.credil.org him=@example.com (wildcard)
|                   comparing to me=@jamesjohnson.emmjay.credil.org him=@example.com (gateway--any)
|   concluded with gateway--any
|   checking hostpair 10.2.0.0/16 -> 0.0.0.0/32 is found
| ikev2_evaluate_connection_fit, concluded with gateway--any
| duplicating state object #1
| creating state object #2 at Z
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  64 0a 06 43  5c 7c 4b 31
| state hash entry 5
| inserting state object #2 bucket: 5
| printing contents struct traffic_selector
|   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
|   ipprotoid: 0
|   startport: 0
|   endport: 65535
|   ip low: 10.2.0.0
|   ip high: 10.2.255.255
| printing contents struct traffic_selector
|   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
|   ipprotoid: 0
|   startport: 0
|   endport: 65535
|   ip low: 93.184.216.34
|   ip high: 93.184.216.34
| *****emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi
|    critical bit: none
| empty esp_info, returning defaults
| ***parse IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    length: 40
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into CHILD SA SPI
| CHILD SA SPI  12 34 56 78
| SPI received: 12345678
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 12
|    transform type: 1
|    transform ID: 12
| *****parse IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 8
|    transform type: 3
|    transform ID: 2
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 8
|    transform type: 5
|    transform ID: 0
| ***parse IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    length: 40
|    prop #: 2
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into CHILD SA SPI
| CHILD SA SPI  12 34 56 78
| SPI received: 12345678
| ******emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| ********emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 40
| emitting length of IKEv2 Security Association Payload: 44
| *****emit IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_v2TSr
|    critical bit: none
|    number of TS: 1
| ******emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector
| ipv4 low  5d b8 d8 22
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector
| ipv4 high  5d b8 d8 22
| emitting length of IKEv2 Traffic Selector: 16
| emitting length of IKEv2 Traffic Selector Payload: 24
| *****emit IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: none
|    number of TS: 1
| ******emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector
| ipv4 low  0a 02 00 00
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector
| ipv4 high  0a 02 ff ff
| emitting length of IKEv2 Traffic Selector: 16
| emitting length of IKEv2 Traffic Selector Payload: 24
| prf+[1]:  f1 a3 5e 87  c7 70 88 01  b6 81 3d 59  56 99 8e be
|   1a 76 a5 e4
| prf+[2]:  c3 2c d0 f3  83 3d 8f 24  1e 8f 86 2a  2a 58 ce d8
|   0f 77 b6 4a
| prf+[3]:  6f 3d 81 fb  39 51 57 a1  df 92 21 c8  77 8f 8f 07
|   5c ee d5 26
| prf+[4]:  1e 9f 3d b0  17 f3 f7 fc  e8 5e 55 44  63 f0 30 94
|   2f 4e 11 2a
| our  keymat  f1 a3 5e 87  c7 70 88 01  b6 81 3d 59  56 99 8e be
|   1a 76 a5 e4  c3 2c d0 f3  83 3d 8f 24  1e 8f 86 2a
|   2a 58 ce d8
| peer keymat  0f 77 b6 4a  6f 3d 81 fb  39 51 57 a1  df 92 21 c8
|   77 8f 8f 07  5c ee d5 26  1e 9f 3d b0  17 f3 f7 fc
|   e8 5e 55 44
| emitting 6 raw bytes of padding and length into cleartext
| padding and length  00 01 02 03  04 05
| emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 368
| emitting length of ISAKMP Message: 396
| data before encryption:
|   27 00 00 26  02 00 00 00  6a 61 6d 65  73 6a 6f 68
|   6e 73 6f 6e  2e 65 6d 6d  6a 61 79 2e  63 72 65 64
|   69 6c 2e 6f  72 67 21 00  00 c8 01 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 2c 00
|   00 2c 00 00  00 28 01 03  04 03 12 34  56 78 03 00
|   00 0c 01 00  00 0c 80 0e  00 80 03 00  00 08 03 00
|   00 02 00 00  00 08 05 00  00 00 2d 00  00 18 01 00
|   00 00 07 00  00 10 00 00  ff ff 5d b8  d8 22 5d b8
|   d8 22 00 00  00 18 01 00  00 00 07 00  00 10 00 00
|   ff ff 0a 02  00 00 0a 02  ff ff 00 01  02 03 04 05
| data after encryption:
|   eb ff 97 78  70 72 7e b3  64 db c7 fe  e4 69 0f 92
|   2a dd bb d8  41 fc d0 3e  5c 5a 07 57  fd e7 7d 8a
|   c1 fc 19 db  f7 a0 0a 58  95 e0 43 74  1f 5e e0 33
|   f2 06 29 c9  8d 3e 52 00  37 22 20 6c  47 af 94 1c
|   6a 93 b3 97  1f ff 5c 1b  70 b3 48 6a  c7 5f 27 b3
|   e4 bf e1 17  0e 15 c1 47  77 7b 53 88  6c 4a cb 12
|   d0 82 94 13  cf 66 cc 4c  d8 b2 8e c1  39 07 b9 a5
|   12 f6 e0 69  cb ad 11 c1  e9 58 33 21  a8 bb a9 ec
|   40 9e ba 01  5c 8d e8 04  ac b9 22 b2  c6 ce c8 a9
|   79 a2 02 52  da d8 f7 41  ae 9c 82 85  5f f2 f5 a3
|   3f f7 09 de  d6 e7 31 43  51 69 8f 8d  fa 0b 41 e6
|   d8 07 00 68  9e b7 92 3d  47 93 37 e6  14 e0 48 0d
|   bb 1d 13 08  66 5d 87 c4  86 8a 38 f3  05 57 97 5c
|   e1 dc 5c ac  36 b4 e1 93  68 57 da 98  6c 69 99 c3
|   2a b8 60 09  8f 1f d2 d0  27 0b e5 b8  bf 6b e2 83
|   5d af f9 88  7c 09 47 32  c7 c7 72 61  b0 29 20 0b
|   a1 79 22 95  8b 5f 46 ab  30 48 6c 4f  21 93 99 84
|   e1 dc 76 77  c7 35 13 7d  55 ed df ce  33 4c 11 3d
|   ce 25 46 d0  16 7d 92 94  0d a3 57 22  d0 2b 7f a0
|   5d e3 c5 f8  55 3c 84 2d  0e 63 ce 8a  af 90 8a 6c
|   a2 7b 7e 12  16 2d e1 13  78 4b 27 d1  ea 7d 30 e7
| data being hmac:  80 01 02 03  04 05 06 07  64 0a 06 43  5c 7c 4b 31
|   2e 20 23 20  00 00 00 01  00 00 01 8c  24 00 01 70
|   80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   eb ff 97 78  70 72 7e b3  64 db c7 fe  e4 69 0f 92
|   2a dd bb d8  41 fc d0 3e  5c 5a 07 57  fd e7 7d 8a
|   c1 fc 19 db  f7 a0 0a 58  95 e0 43 74  1f 5e e0 33
|   f2 06 29 c9  8d 3e 52 00  37 22 20 6c  47 af 94 1c
|   6a 93 b3 97  1f ff 5c 1b  70 b3 48 6a  c7 5f 27 b3
|   e4 bf e1 17  0e 15 c1 47  77 7b 53 88  6c 4a cb 12
|   d0 82 94 13  cf 66 cc 4c  d8 b2 8e c1  39 07 b9 a5
|   12 f6 e0 69  cb ad 11 c1  e9 58 33 21  a8 bb a9 ec
|   40 9e ba 01  5c 8d e8 04  ac b9 22 b2  c6 ce c8 a9
|   79 a2 02 52  da d8 f7 41  ae 9c 82 85  5f f2 f5 a3
|   3f f7 09 de  d6 e7 31 43  51 69 8f 8d  fa 0b 41 e6
|   d8 07 00 68  9e b7 92 3d  47 93 37 e6  14 e0 48 0d
|   bb 1d 13 08  66 5d 87 c4  86 8a 38 f3  05 57 97 5c
|   e1 dc 5c ac  36 b4 e1 93  68 57 da 98  6c 69 99 c3
|   2a b8 60 09  8f 1f d2 d0  27 0b e5 b8  bf 6b e2 83
|   5d af f9 88  7c 09 47 32  c7 c7 72 61  b0 29 20 0b
|   a1 79 22 95  8b 5f 46 ab  30 48 6c 4f  21 93 99 84
|   e1 dc 76 77  c7 35 13 7d  55 ed df ce  33 4c 11 3d
|   ce 25 46 d0  16 7d 92 94  0d a3 57 22  d0 2b 7f a0
|   5d e3 c5 f8  55 3c 84 2d  0e 63 ce 8a  af 90 8a 6c
|   a2 7b 7e 12  16 2d e1 13  78 4b 27 d1  ea 7d 30 e7
| out calculated auth:
|   ba cb 97 b7  b4 b5 fc 70  7f a3 81 e4
| complete v2 state transition with STF_OK
./respondselfR2 transition from state STATE_PARENT_R1 to state STATE_CHILD_C1_KEYED
./respondselfR2 negotiated tunnel [10.2.0.0,10.2.255.255 proto:0 port:0-65535] -> [93.184.216.34,93.184.216.34 proto:0 port:0-65535]
./respondselfR2 STATE_CHILD_C1_KEYED: CHILD SA established tunnel mode {ESP=>0x12345678 <0x12345678 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none} (msgid: 00000000)
| sending reply packet to 93.184.216.34:500 (from port 500)
sending 396 bytes for STATE_PARENT_R1 through eth0:500 to 93.184.216.34:500 (using #2)
|   80 01 02 03  04 05 06 07  64 0a 06 43  5c 7c 4b 31
|   2e 20 23 20  00 00 00 01  00 00 01 8c  24 00 01 70
|   80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   eb ff 97 78  70 72 7e b3  64 db c7 fe  e4 69 0f 92
|   2a dd bb d8  41 fc d0 3e  5c 5a 07 57  fd e7 7d 8a
|   c1 fc 19 db  f7 a0 0a 58  95 e0 43 74  1f 5e e0 33
|   f2 06 29 c9  8d 3e 52 00  37 22 20 6c  47 af 94 1c
|   6a 93 b3 97  1f ff 5c 1b  70 b3 48 6a  c7 5f 27 b3
|   e4 bf e1 17  0e 15 c1 47  77 7b 53 88  6c 4a cb 12
|   d0 82 94 13  cf 66 cc 4c  d8 b2 8e c1  39 07 b9 a5
|   12 f6 e0 69  cb ad 11 c1  e9 58 33 21  a8 bb a9 ec
|   40 9e ba 01  5c 8d e8 04  ac b9 22 b2  c6 ce c8 a9
|   79 a2 02 52  da d8 f7 41  ae 9c 82 85  5f f2 f5 a3
|   3f f7 09 de  d6 e7 31 43  51 69 8f 8d  fa 0b 41 e6
|   d8 07 00 68  9e b7 92 3d  47 93 37 e6  14 e0 48 0d
|   bb 1d 13 08  66 5d 87 c4  86 8a 38 f3  05 57 97 5c
|   e1 dc 5c ac  36 b4 e1 93  68 57 da 98  6c 69 99 c3
|   2a b8 60 09  8f 1f d2 d0  27 0b e5 b8  bf 6b e2 83
|   5d af f9 88  7c 09 47 32  c7 c7 72 61  b0 29 20 0b
|   a1 79 22 95  8b 5f 46 ab  30 48 6c 4f  21 93 99 84
|   e1 dc 76 77  c7 35 13 7d  55 ed df ce  33 4c 11 3d
|   ce 25 46 d0  16 7d 92 94  0d a3 57 22  d0 2b 7f a0
|   5d e3 c5 f8  55 3c 84 2d  0e 63 ce 8a  af 90 8a 6c
|   a2 7b 7e 12  16 2d e1 13  78 4b 27 d1  ea 7d 30 e7
|   ba cb 97 b7  b4 b5 fc 70  7f a3 81 e4
| releasing whack for #X (sock=Y)
| releasing whack for #X (sock=Y)
./respondselfR2 leak: reply packet, item size: X
./respondselfR2 leak: skeyseed_t1, item size: X
./respondselfR2 leak: responder keys, item size: X
./respondselfR2 leak: initiator keys, item size: X
./respondselfR2 leak: db_v2_trans, item size: X
./respondselfR2 leak: db_v2_prop_conj, item size: X
./respondselfR2 leak: db_v2_prop, item size: X
./respondselfR2 leak: db_v2_trans, item size: X
./respondselfR2 leak: db_v2_prop_conj, item size: X
./respondselfR2 leak: db_attrs, item size: X
./respondselfR2 leak: db_v2_trans, item size: X
./respondselfR2 leak: db_v2_prop_conj, item size: X
./respondselfR2 leak: db_attrs, item size: X
./respondselfR2 leak: db_v2_trans, item size: X
./respondselfR2 leak: db_v2_prop_conj, item size: X
./respondselfR2 leak: 4 * sa copy attrs array, item size: X
./respondselfR2 leak: sa copy trans array, item size: X
./respondselfR2 leak: sa copy prop array, item size: X
./respondselfR2 leak: sa copy prop conj array, item size: X
./respondselfR2 leak: sa copy prop_conj, item size: X
./respondselfR2 leak: st_nr in duplicate_state, item size: X
./respondselfR2 leak: st_ni in duplicate_state, item size: X
./respondselfR2 leak: st_skey_pr in duplicate_state, item size: X
./respondselfR2 leak: st_skey_pi in duplicate_state, item size: X
./respondselfR2 leak: st_skey_er in duplicate_state, item size: X
./respondselfR2 leak: st_skey_ei in duplicate_state, item size: X
./respondselfR2 leak: st_skey_ar in duplicate_state, item size: X
./respondselfR2 leak: st_skey_ai in duplicate_state, item size: X
./respondselfR2 leak: st_skey_d in duplicate_state, item size: X
./respondselfR2 leak: st_skeyseed in duplicate_state, item size: X
./respondselfR2 leak: st_enc_key in duplicate_state, item size: X
./respondselfR2 leak: struct state in new_state(), item size: X
./respondselfR2 leak: ikev2_inI2outR2 KE, item size: X
./respondselfR2 leak: ikev2_inI1outR1 KE, item size: X
./respondselfR2 leak: msg_digest, item size: X
./respondselfR2 leak: 2 * keep id name, item size: X
./respondselfR2 leak: ID host_pair, item size: X
./respondselfR2 leak: host_pair, item size: X
./respondselfR2 leak: keep id name, item size: X
./respondselfR2 leak: host ip, item size: X
./respondselfR2 leak: keep id name, item size: X
./respondselfR2 leak: connection name, item size: X
./respondselfR2 leak: struct connection, item size: X
./respondselfR2 leak: keep id name, item size: X
./respondselfR2 leak: pubkey entry, item size: X
./respondselfR2 leak: pubkey, item size: X
./respondselfR2 leak: keep id name, item size: X
./respondselfR2 leak: pubkey entry, item size: X
./respondselfR2 leak: pubkey, item size: X
./respondselfR2 leak: 2 * id list, item size: X
./respondselfR2 leak: secret, item size: X
./respondselfR2 leak: 2 * hasher name, item size: X
./respondselfR2 leak: policies path, item size: X
./respondselfR2 leak: ocspcerts path, item size: X
./respondselfR2 leak: aacerts path, item size: X
./respondselfR2 leak: certs path, item size: X
./respondselfR2 leak: private path, item size: X
./respondselfR2 leak: crls path, item size: X
./respondselfR2 leak: cacert path, item size: X
./respondselfR2 leak: acert path, item size: X
./respondselfR2 leak: default conf var_dir, item size: X
./respondselfR2 leak: default conf conffile, item size: X
./respondselfR2 leak: default conf ipsecd_dir, item size: X
./respondselfR2 leak: default conf ipsec_conf_dir, item size: X
./respondselfR2 leak detective found Z leaks, total size X
Pre-amble (offset: X): #!-pluto-whack-file- recorded on FOO
