./h2hR1 ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
./h2hR1 ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
./h2hR1 ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
./h2hR1 loading secrets from "../samples/jj.secrets"
./h2hR1 loaded private key for keyid: PPK_RSA:AQOg5H7A4
| processing whack message of size: A
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| Added new connection mytunnel with policy RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
| counting wild cards for 192.168.1.1 is 0
| counting wild cards for 132.213.238.7 is 0
| orient mytunnel checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient mytunnel finished with: 1 [132.213.238.7]
| find_host_pair: looking for me=132.213.238.7:500 %address him=192.168.1.1:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 132.213.238.7:500 %address 192.168.1.1:500 -> hp:none
| find_ID_host_pair: looking for me=132.213.238.7 him=192.168.1.1 (exact)
|   concluded with <none>
./h2hR1 adding connection: "mytunnel"
| 132.213.238.7...192.168.1.1
| ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1; policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|   orient mytunnel finished with: 1 [132.213.238.7]
RC=0 "mytunnel": 132.213.238.7...192.168.1.1; unrouted; eroute owner: #0
RC=0 "mytunnel":     myip=unset; hisip=unset;
RC=0 "mytunnel":   ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1
RC=0 "mytunnel":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK; prio: 32,32; interface: eth0; kind=CK_PERMANENT
| *received 836 bytes from 192.168.1.1:500 on eth0 (port=500)
|   80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 03 44  22 00 01 fc
|   02 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  02 00 00 2c
|   02 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 28  03 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 02  00 00 00 08  04 00 00 0e
|   02 00 00 28  04 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 2c  05 01 00 04
|   03 00 00 0c  01 00 00 0c  80 0e 00 80  03 00 00 08
|   03 00 00 02  03 00 00 08  02 00 00 02  00 00 00 08
|   04 00 00 05  02 00 00 2c  06 01 00 04  03 00 00 0c
|   01 00 00 0c  80 0e 00 80  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  07 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  08 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  09 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  02 00 00 28  0a 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   02 00 00 2c  0b 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 02  00 00 00 2c
|   0c 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 02  28 00 01 08  00 0e 00 00
|   3d a6 6a 81  e2 92 09 be  18 4f a0 1e  5c ed ea 7c
|   7d 7b 3a 21  3e 15 0d 53  5d 17 6a be  1b c5 70 ab
|   34 47 bc 09  14 7c aa 91  9c 8f 81 dc  1e f9 87 cd
|   6a ec fa f3  a5 9e 37 bc  ac 3d fd e1  32 8e e8 b3
|   fe d3 8b f4  7b 50 34 13  33 7a 93 ea  e9 3c 0e 8b
|   bd 48 18 9c  9e 03 70 f2  55 ce 45 22  9f c7 c9 48
|   43 a3 e2 64  b5 5d 43 38  c8 fe f1 d3  06 43 f0 0a
|   e8 6d 61 8c  60 78 d9 98  d3 1b 3b 5e  f5 a6 e8 2f
|   ef 56 ac b4  33 bd 1e 62  b2 3e 0b 17  af 6c b8 31
|   08 d7 19 5a  7b c4 54 c2  13 47 98 c2  cc d2 16 29
|   75 6c 03 fb  1e 9c 9d 21  0c a1 e6 c2  f3 f2 49 2c
|   f6 06 73 c1  96 1e ce 58  81 01 1c cb  16 dc f9 fc
|   c7 93 08 75  58 16 57 71  69 96 66 b7  a9 81 7f f7
|   37 4d 7c 41  38 62 a6 39  00 81 ca 3d  1d fc f7 b5
|   08 38 d4 34  70 22 6c 21  d2 5b 20 a1  d2 ba 2a d1
|   89 f3 20 79  ce ac 1e c2  ec 7d ae 76  94 40 39 a0
|   2b 00 00 14  20 98 9d 37  a8 14 a6 4d  8f f0 7c 08
|   d3 20 e9 e3  00 00 00 10  4f 45 70 6c  75 74 6f 75
|   6e 69 74 30
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34), msgid: 00000000
| I am IKE SA Responder
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| considering state entry: 0
|   reject:state needed and state unavailable
| considering state entry: 1
|   reject:state needed and state unavailable
| considering state entry: 2
|   reject:state needed and state unavailable
| considering state entry: 3
| Now lets proceed with state specific processing
| find_host_connection2 called from ikev2parent_inI1outR1, me=132.213.238.7:500 him=192.168.1.1:500 policy=IKEv2ALLOW/-
| find_host_pair: looking for me=132.213.238.7:500 %address him=192.168.1.1:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %address him=192.168.1.1:500
| find_host_pair: concluded with mytunnel
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %address/192.168.1.1:500 -> hp:mytunnel
| searching for connection with policy = IKEv2ALLOW/-
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK (mytunnel)
| find_host_connection2 returns mytunnel (ike=none/none)
./h2hR1 tentatively considering connection: mytunnel
| creating state object #1 at Z
| orient mytunnel checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient mytunnel finished with: 1 [132.213.238.7]
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| inserting state object #1 bucket: 28
| will not send/process a dcookie
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
| ***emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: none
| ****emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 1
|    proto ID: 1
|    spi size: 0
|    # transforms: 4
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| ******emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 2
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 4
|    transform ID: 14
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 44
| emitting length of IKEv2 Security Association Payload: 48
| ***emit IKEv2 Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_v2Ni
|    critical bit: none
|    transform type: 14
| emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
| ikev2 g^x  a5 9a 13 6c  b8 87 48 57  e1 22 6e a0  b8 55 c2 00
|   31 15 65 84  8b f9 dc a4  5f 49 d4 c5  f0 98 8e 9b
|   31 85 6e 27  5a c2 75 09  07 37 05 b5  b1 53 18 07
|   81 e8 1d 07  c6 19 1c de  dc 1f 2c 26  d2 0b 59 f9
|   67 6a ee 3c  e5 fa 72 3f  54 96 1e 7d  8e d0 30 08
|   0b ed 95 b0  65 2f 5c a6  36 7e 92 2d  da cb 88 54
|   e3 97 fa 16  6f 9e 7c a6  0c 43 2f 29  be 2c a4 55
|   68 01 45 bc  56 a9 84 b9  2b 1b bf 9a  fc 84 67 5f
|   d3 04 79 90  b7 fa 89 5b  04 06 d5 9a  50 92 16 4b
|   d6 33 40 be  2a 44 94 74  33 a7 a5 c1  1f 88 5b eb
|   4e d2 bb 94  b9 22 db e3  b6 5a 8c f9  d6 43 5d 5e
|   5d c9 19 b8  c8 81 53 01  95 09 02 7b  c0 2a b0 c8
|   5d 2c 69 78  6c e8 f6 5d  e4 90 43 83  fd f7 98 5e
|   cc 92 5c 79  7b 62 ae 98  db 4f 7f e0  68 7c cd 29
|   69 0a ad a3  e8 37 d7 41  b4 79 b3 a5  38 a2 8d a0
|   69 ff bd aa  ba d5 54 70  40 ab b5 fc  26 6d ae ce
| emitting length of IKEv2 Key Exchange Payload: 264
| ***emit IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2V
|    critical bit: none
| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
| IKEv2 nonce  c6 ba 31 9f  88 5b e7 b7  a2 93 85 dc  bb c6 15 84
| emitting length of IKEv2 Nonce Payload: 20
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID  4f 45 70 6c  75 74 6f 75  6e 69 74 30
| emitting length of ISAKMP Vendor ID Payload: 16
| emitting length of ISAKMP Message: 376
| complete v2 state transition with STF_OK
./h2hR1 transition from state STATE_IKEv2_START to state STATE_PARENT_R1
./h2hR1 STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=oakley_sha group=modp2048} (msgid: 00000000)
| sending reply packet to 192.168.1.1:500 (from port 500)
sending 376 bytes for STATE_IKEv2_START through eth0:500 to 192.168.1.1:500 (using #1)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   21 20 22 20  00 00 00 00  00 00 01 78  22 00 00 30
|   00 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  28 00 01 08
|   00 0e 00 00  a5 9a 13 6c  b8 87 48 57  e1 22 6e a0
|   b8 55 c2 00  31 15 65 84  8b f9 dc a4  5f 49 d4 c5
|   f0 98 8e 9b  31 85 6e 27  5a c2 75 09  07 37 05 b5
|   b1 53 18 07  81 e8 1d 07  c6 19 1c de  dc 1f 2c 26
|   d2 0b 59 f9  67 6a ee 3c  e5 fa 72 3f  54 96 1e 7d
|   8e d0 30 08  0b ed 95 b0  65 2f 5c a6  36 7e 92 2d
|   da cb 88 54  e3 97 fa 16  6f 9e 7c a6  0c 43 2f 29
|   be 2c a4 55  68 01 45 bc  56 a9 84 b9  2b 1b bf 9a
|   fc 84 67 5f  d3 04 79 90  b7 fa 89 5b  04 06 d5 9a
|   50 92 16 4b  d6 33 40 be  2a 44 94 74  33 a7 a5 c1
|   1f 88 5b eb  4e d2 bb 94  b9 22 db e3  b6 5a 8c f9
|   d6 43 5d 5e  5d c9 19 b8  c8 81 53 01  95 09 02 7b
|   c0 2a b0 c8  5d 2c 69 78  6c e8 f6 5d  e4 90 43 83
|   fd f7 98 5e  cc 92 5c 79  7b 62 ae 98  db 4f 7f e0
|   68 7c cd 29  69 0a ad a3  e8 37 d7 41  b4 79 b3 a5
|   38 a2 8d a0  69 ff bd aa  ba d5 54 70  40 ab b5 fc
|   26 6d ae ce  2b 00 00 14  c6 ba 31 9f  88 5b e7 b7
|   a2 93 85 dc  bb c6 15 84  00 00 00 10  4f 45 70 6c
|   75 74 6f 75  6e 69 74 30
./h2hR1 deleting state #1 (STATE_PARENT_R1)
./h2hR1 deleting connection
| pass 0: considering CHILD SAs to delete
| pass 1: considering PARENT SAs to delete
./h2hR1 leak: ikev2_inI1outR1 KE, item size: X
./h2hR1 leak: msg_digest, item size: X
./h2hR1 leak: policies path, item size: X
./h2hR1 leak: ocspcerts path, item size: X
./h2hR1 leak: aacerts path, item size: X
./h2hR1 leak: certs path, item size: X
./h2hR1 leak: private path, item size: X
./h2hR1 leak: crls path, item size: X
./h2hR1 leak: cacert path, item size: X
./h2hR1 leak: acert path, item size: X
./h2hR1 leak: default conf var_dir, item size: X
./h2hR1 leak: default conf conffile, item size: X
./h2hR1 leak: default conf ipsecd_dir, item size: X
./h2hR1 leak: default conf ipsec_conf_dir, item size: X
./h2hR1 leak: 2 * id list, item size: X
./h2hR1 leak: secret, item size: X
./h2hR1 leak: 2 * hasher name, item size: X
./h2hR1 leak detective found Z leaks, total size X
Pre-amble (offset: X): #!-pluto-whack-file- recorded on FOO
