./h2hR2 ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
./h2hR2 ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
./h2hR2 ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
./h2hR2 loading secrets from "../samples/jj.secrets"
./h2hR2 loaded private key for keyid: PPK_RSA:AQOg5H7A4
| processing whack message of size: A
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| Added new connection mytunnel with policy RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
| counting wild cards for 192.168.1.1 is 0
| counting wild cards for 132.213.238.7 is 0
| orient mytunnel checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient mytunnel finished with: 1 [132.213.238.7]
| find_host_pair: looking for me=132.213.238.7:500 %address him=192.168.1.1:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 132.213.238.7:500 %address 192.168.1.1:500 -> hp:none
| find_ID_host_pair: looking for me=132.213.238.7 him=192.168.1.1 (exact)
|   concluded with <none>
./h2hR2 adding connection: "mytunnel"
| 132.213.238.7...192.168.1.1
| ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1; policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|   orient mytunnel finished with: 1 [132.213.238.7]
RC=0 "mytunnel": 132.213.238.7...192.168.1.1; unrouted; eroute owner: #0
RC=0 "mytunnel":     myip=unset; hisip=unset;
RC=0 "mytunnel":   ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1
RC=0 "mytunnel":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK; prio: 32,32; interface: eth0; kind=CK_PERMANENT
0: input from ../lp37-h2hR1/h2hI1.pcap
| *received 836 bytes from 192.168.1.1:500 on eth0 (port=500)
|   80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 03 44  22 00 01 fc
|   02 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  02 00 00 2c
|   02 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 28  03 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 02  00 00 00 08  04 00 00 0e
|   02 00 00 28  04 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 0e  02 00 00 2c  05 01 00 04
|   03 00 00 0c  01 00 00 0c  80 0e 00 80  03 00 00 08
|   03 00 00 02  03 00 00 08  02 00 00 02  00 00 00 08
|   04 00 00 05  02 00 00 2c  06 01 00 04  03 00 00 0c
|   01 00 00 0c  80 0e 00 80  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  07 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  08 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  09 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  02 00 00 28  0a 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 01
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   02 00 00 2c  0b 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 02  00 00 00 2c
|   0c 01 00 04  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 01  03 00 00 08  02 00 00 01
|   00 00 00 08  04 00 00 02  28 00 01 08  00 0e 00 00
|   3d a6 6a 81  e2 92 09 be  18 4f a0 1e  5c ed ea 7c
|   7d 7b 3a 21  3e 15 0d 53  5d 17 6a be  1b c5 70 ab
|   34 47 bc 09  14 7c aa 91  9c 8f 81 dc  1e f9 87 cd
|   6a ec fa f3  a5 9e 37 bc  ac 3d fd e1  32 8e e8 b3
|   fe d3 8b f4  7b 50 34 13  33 7a 93 ea  e9 3c 0e 8b
|   bd 48 18 9c  9e 03 70 f2  55 ce 45 22  9f c7 c9 48
|   43 a3 e2 64  b5 5d 43 38  c8 fe f1 d3  06 43 f0 0a
|   e8 6d 61 8c  60 78 d9 98  d3 1b 3b 5e  f5 a6 e8 2f
|   ef 56 ac b4  33 bd 1e 62  b2 3e 0b 17  af 6c b8 31
|   08 d7 19 5a  7b c4 54 c2  13 47 98 c2  cc d2 16 29
|   75 6c 03 fb  1e 9c 9d 21  0c a1 e6 c2  f3 f2 49 2c
|   f6 06 73 c1  96 1e ce 58  81 01 1c cb  16 dc f9 fc
|   c7 93 08 75  58 16 57 71  69 96 66 b7  a9 81 7f f7
|   37 4d 7c 41  38 62 a6 39  00 81 ca 3d  1d fc f7 b5
|   08 38 d4 34  70 22 6c 21  d2 5b 20 a1  d2 ba 2a d1
|   89 f3 20 79  ce ac 1e c2  ec 7d ae 76  94 40 39 a0
|   2b 00 00 14  20 98 9d 37  a8 14 a6 4d  8f f0 7c 08
|   d3 20 e9 e3  00 00 00 10  4f 45 70 6c  75 74 6f 75
|   6e 69 74 30
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34), msgid: 00000000
| I am IKE SA Responder
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| considering state entry: 0
|   reject:state needed and state unavailable
| considering state entry: 1
|   reject:state needed and state unavailable
| considering state entry: 2
|   reject:state needed and state unavailable
| considering state entry: 3
| Now lets proceed with state specific processing
| find_host_connection2 called from ikev2parent_inI1outR1, me=132.213.238.7:500 him=192.168.1.1:500 policy=IKEv2ALLOW/-
| find_host_pair: looking for me=132.213.238.7:500 %address him=192.168.1.1:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %address him=192.168.1.1:500
| find_host_pair: concluded with mytunnel
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %address/192.168.1.1:500 -> hp:mytunnel
| searching for connection with policy = IKEv2ALLOW/-
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK (mytunnel)
| find_host_connection2 returns mytunnel (ike=none/none)
./h2hR2 tentatively considering connection: mytunnel
| creating state object #1 at Z
| orient mytunnel checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient mytunnel finished with: 1 [132.213.238.7]
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| inserting state object #1 bucket: 28
| will not send/process a dcookie
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
| ***emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: none
| ****emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 1
|    proto ID: 1
|    spi size: 0
|    # transforms: 4
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| ******emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 2
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 4
|    transform ID: 14
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 44
| emitting length of IKEv2 Security Association Payload: 48
| ***emit IKEv2 Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_v2Ni
|    critical bit: none
|    transform type: 14
| emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
| ikev2 g^x  a5 9a 13 6c  b8 87 48 57  e1 22 6e a0  b8 55 c2 00
|   31 15 65 84  8b f9 dc a4  5f 49 d4 c5  f0 98 8e 9b
|   31 85 6e 27  5a c2 75 09  07 37 05 b5  b1 53 18 07
|   81 e8 1d 07  c6 19 1c de  dc 1f 2c 26  d2 0b 59 f9
|   67 6a ee 3c  e5 fa 72 3f  54 96 1e 7d  8e d0 30 08
|   0b ed 95 b0  65 2f 5c a6  36 7e 92 2d  da cb 88 54
|   e3 97 fa 16  6f 9e 7c a6  0c 43 2f 29  be 2c a4 55
|   68 01 45 bc  56 a9 84 b9  2b 1b bf 9a  fc 84 67 5f
|   d3 04 79 90  b7 fa 89 5b  04 06 d5 9a  50 92 16 4b
|   d6 33 40 be  2a 44 94 74  33 a7 a5 c1  1f 88 5b eb
|   4e d2 bb 94  b9 22 db e3  b6 5a 8c f9  d6 43 5d 5e
|   5d c9 19 b8  c8 81 53 01  95 09 02 7b  c0 2a b0 c8
|   5d 2c 69 78  6c e8 f6 5d  e4 90 43 83  fd f7 98 5e
|   cc 92 5c 79  7b 62 ae 98  db 4f 7f e0  68 7c cd 29
|   69 0a ad a3  e8 37 d7 41  b4 79 b3 a5  38 a2 8d a0
|   69 ff bd aa  ba d5 54 70  40 ab b5 fc  26 6d ae ce
| emitting length of IKEv2 Key Exchange Payload: 264
| ***emit IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2V
|    critical bit: none
| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
| IKEv2 nonce  c6 ba 31 9f  88 5b e7 b7  a2 93 85 dc  bb c6 15 84
| emitting length of IKEv2 Nonce Payload: 20
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID  4f 45 70 6c  75 74 6f 75  6e 69 74 30
| emitting length of ISAKMP Vendor ID Payload: 16
| emitting length of ISAKMP Message: 376
| complete v2 state transition with STF_OK
./h2hR2 transition from state STATE_IKEv2_START to state STATE_PARENT_R1
./h2hR2 STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=oakley_sha group=modp2048} (msgid: 00000000)
| sending reply packet to 192.168.1.1:500 (from port 500)
sending 376 bytes for STATE_IKEv2_START through eth0:500 to 192.168.1.1:500 (using #1)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   21 20 22 20  00 00 00 00  00 00 01 78  22 00 00 30
|   00 00 00 2c  01 01 00 04  03 00 00 0c  01 00 00 0c
|   80 0e 00 80  03 00 00 08  03 00 00 02  03 00 00 08
|   02 00 00 02  00 00 00 08  04 00 00 0e  28 00 01 08
|   00 0e 00 00  a5 9a 13 6c  b8 87 48 57  e1 22 6e a0
|   b8 55 c2 00  31 15 65 84  8b f9 dc a4  5f 49 d4 c5
|   f0 98 8e 9b  31 85 6e 27  5a c2 75 09  07 37 05 b5
|   b1 53 18 07  81 e8 1d 07  c6 19 1c de  dc 1f 2c 26
|   d2 0b 59 f9  67 6a ee 3c  e5 fa 72 3f  54 96 1e 7d
|   8e d0 30 08  0b ed 95 b0  65 2f 5c a6  36 7e 92 2d
|   da cb 88 54  e3 97 fa 16  6f 9e 7c a6  0c 43 2f 29
|   be 2c a4 55  68 01 45 bc  56 a9 84 b9  2b 1b bf 9a
|   fc 84 67 5f  d3 04 79 90  b7 fa 89 5b  04 06 d5 9a
|   50 92 16 4b  d6 33 40 be  2a 44 94 74  33 a7 a5 c1
|   1f 88 5b eb  4e d2 bb 94  b9 22 db e3  b6 5a 8c f9
|   d6 43 5d 5e  5d c9 19 b8  c8 81 53 01  95 09 02 7b
|   c0 2a b0 c8  5d 2c 69 78  6c e8 f6 5d  e4 90 43 83
|   fd f7 98 5e  cc 92 5c 79  7b 62 ae 98  db 4f 7f e0
|   68 7c cd 29  69 0a ad a3  e8 37 d7 41  b4 79 b3 a5
|   38 a2 8d a0  69 ff bd aa  ba d5 54 70  40 ab b5 fc
|   26 6d ae ce  2b 00 00 14  c6 ba 31 9f  88 5b e7 b7
|   a2 93 85 dc  bb c6 15 84  00 00 00 10  4f 45 70 6c
|   75 74 6f 75  6e 69 74 30
1: output to OUTPUT/h2hR2.pcap
1: input from h2hI2.pcap
| *received 492 bytes from 192.168.1.1:500 on eth0 (port=500)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 23 08  00 00 00 01  00 00 01 ec  23 00 01 d0
|   80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   6b e2 00 86  09 ec 0b ba  00 ba c2 b7  f7 aa 78 69
|   7f a8 88 e2  14 58 fe d8  6b 17 ac 39  c4 ac 7e 56
|   0b 74 51 11  34 52 17 f8  f6 f9 7c c5  f2 b9 8c cf
|   53 28 5a ec  77 fa 30 6d  40 47 1d 09  3b 36 43 6c
|   f5 ee 7c ec  8c 01 b4 97  8c 49 53 97  dc 0c f3 cd
|   bd d4 f9 43  40 9a a8 4c  c7 97 a9 6e  5f 6f 8a a4
|   89 61 ac 9c  d8 cc 53 53  2b ef 0d 34  ed e5 74 49
|   42 6c 97 e6  f4 83 ea 61  58 17 b0 1c  8f 42 b0 7a
|   b3 96 fe cf  34 b1 b6 d8  c8 a5 b2 b7  b9 75 a4 f3
|   a2 35 8e 95  8c 79 70 d5  0f bd ce 54  28 58 1c 42
|   ad ad db 7a  3d c8 93 e1  0b 33 33 f4  f0 65 eb 82
|   e2 a7 04 cd  aa ab ca 52  b6 f6 6d 98  02 4c ef bf
|   65 9b d1 15  bf d2 b2 43  69 43 5a 34  bc de 6a 7a
|   ad 12 14 52  d4 62 1d e3  49 dd 49 29  97 e8 db d3
|   3c b7 66 ff  10 0f 8f 65  8f 87 21 78  dd 7a 44 4f
|   4a ee ac ff  6a 4f 77 29  c2 80 5a 31  66 34 4f d4
|   a9 b7 b3 72  a6 1a e6 2e  83 77 54 ac  76 fd bc 3e
|   e9 e9 f5 9c  81 00 33 05  28 54 16 f6  0d 92 15 73
|   37 5b c8 b0  6a 54 f1 8a  0a 2f e7 cf  76 05 f9 c5
|   82 f0 8f b8  5c 59 bd 69  5b ad b7 83  82 18 e7 ac
|   af 99 86 2a  b5 ee f8 24  52 72 2b 3c  1f d6 7b 3d
|   35 eb 21 f8  a7 83 fb b5  5f 70 96 ce  1d a2 57 02
|   37 7a ce 1b  0c 50 38 33  c1 44 e8 30  0b 45 07 fc
|   d0 2f 57 be  7b 96 85 3a  8a 2f 3b 98  78 87 ff 65
|   ca 9a c7 2b  63 b8 f1 ae  a0 68 19 1d  39 63 93 b4
|   ea 4a dd 57  c9 1f 43 b3  24 df f6 b8  83 51 a2 e0
|   92 96 2b 67  a0 12 18 74  d6 37 c8 c3  e7 e7 3b 91
|   b0 4d 89 28  42 c0 39 9a  61 6a f1 8e
|  processing version=2.0 packet with exchange type=ISAKMP_v2_AUTH (35), msgid: 00000001
| I am IKE SA Responder
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| v2 state object not found
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| v2 peer and cookies match on #1
| v2 state object #1 (mytunnel) found, in STATE_PARENT_R1
| state found and its state is:STATE_PARENT_R1 msgid: 00001
| considering state entry: 0
|   reject: in state: STATE_PARENT_R1, needs STATE_PARENT_I1
| considering state entry: 1
|   reject: in state: STATE_PARENT_R1, needs STATE_PARENT_I1
| considering state entry: 2
|   reject: in state: STATE_PARENT_R1, needs STATE_PARENT_I2
| considering state entry: 3
|   reject:state unneeded and state available
| considering state entry: 4
| Now lets proceed with state specific processing
| ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
| ikev2 parent SA details
| ikev2 I 0x8001020304050607 0xdebc583a8f40d0cf sha1:0x4ea8e662b07cdd430f6944c6723e4b82d5722418 aes128:0x3f44bf47cafd8150591deb088199fcbf
| ikev2 R 0x8001020304050607 0xdebc583a8f40d0cf sha1:0x515b0bd22e6d76b34fdb760aa7bfad80b109b75d aes128:0xbedb67ec7dc3d00cccac42e70cd63bde
| data being hmac:  80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 23 08  00 00 00 01  00 00 01 ec  23 00 01 d0
|   80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   6b e2 00 86  09 ec 0b ba  00 ba c2 b7  f7 aa 78 69
|   7f a8 88 e2  14 58 fe d8  6b 17 ac 39  c4 ac 7e 56
|   0b 74 51 11  34 52 17 f8  f6 f9 7c c5  f2 b9 8c cf
|   53 28 5a ec  77 fa 30 6d  40 47 1d 09  3b 36 43 6c
|   f5 ee 7c ec  8c 01 b4 97  8c 49 53 97  dc 0c f3 cd
|   bd d4 f9 43  40 9a a8 4c  c7 97 a9 6e  5f 6f 8a a4
|   89 61 ac 9c  d8 cc 53 53  2b ef 0d 34  ed e5 74 49
|   42 6c 97 e6  f4 83 ea 61  58 17 b0 1c  8f 42 b0 7a
|   b3 96 fe cf  34 b1 b6 d8  c8 a5 b2 b7  b9 75 a4 f3
|   a2 35 8e 95  8c 79 70 d5  0f bd ce 54  28 58 1c 42
|   ad ad db 7a  3d c8 93 e1  0b 33 33 f4  f0 65 eb 82
|   e2 a7 04 cd  aa ab ca 52  b6 f6 6d 98  02 4c ef bf
|   65 9b d1 15  bf d2 b2 43  69 43 5a 34  bc de 6a 7a
|   ad 12 14 52  d4 62 1d e3  49 dd 49 29  97 e8 db d3
|   3c b7 66 ff  10 0f 8f 65  8f 87 21 78  dd 7a 44 4f
|   4a ee ac ff  6a 4f 77 29  c2 80 5a 31  66 34 4f d4
|   a9 b7 b3 72  a6 1a e6 2e  83 77 54 ac  76 fd bc 3e
|   e9 e9 f5 9c  81 00 33 05  28 54 16 f6  0d 92 15 73
|   37 5b c8 b0  6a 54 f1 8a  0a 2f e7 cf  76 05 f9 c5
|   82 f0 8f b8  5c 59 bd 69  5b ad b7 83  82 18 e7 ac
|   af 99 86 2a  b5 ee f8 24  52 72 2b 3c  1f d6 7b 3d
|   35 eb 21 f8  a7 83 fb b5  5f 70 96 ce  1d a2 57 02
|   37 7a ce 1b  0c 50 38 33  c1 44 e8 30  0b 45 07 fc
|   d0 2f 57 be  7b 96 85 3a  8a 2f 3b 98  78 87 ff 65
|   ca 9a c7 2b  63 b8 f1 ae  a0 68 19 1d  39 63 93 b4
|   ea 4a dd 57  c9 1f 43 b3  24 df f6 b8  83 51 a2 e0
|   92 96 2b 67  a0 12 18 74  d6 37 c8 c3  e7 e7 3b 91
| R2 calculated auth:  b0 4d 89 28  42 c0 39 9a  61 6a f1 8e
| R2  provided  auth:  b0 4d 89 28  42 c0 39 9a  61 6a f1 8e
| authenticator matched, np=35
| data before decryption:
|   6b e2 00 86  09 ec 0b ba  00 ba c2 b7  f7 aa 78 69
|   7f a8 88 e2  14 58 fe d8  6b 17 ac 39  c4 ac 7e 56
|   0b 74 51 11  34 52 17 f8  f6 f9 7c c5  f2 b9 8c cf
|   53 28 5a ec  77 fa 30 6d  40 47 1d 09  3b 36 43 6c
|   f5 ee 7c ec  8c 01 b4 97  8c 49 53 97  dc 0c f3 cd
|   bd d4 f9 43  40 9a a8 4c  c7 97 a9 6e  5f 6f 8a a4
|   89 61 ac 9c  d8 cc 53 53  2b ef 0d 34  ed e5 74 49
|   42 6c 97 e6  f4 83 ea 61  58 17 b0 1c  8f 42 b0 7a
|   b3 96 fe cf  34 b1 b6 d8  c8 a5 b2 b7  b9 75 a4 f3
|   a2 35 8e 95  8c 79 70 d5  0f bd ce 54  28 58 1c 42
|   ad ad db 7a  3d c8 93 e1  0b 33 33 f4  f0 65 eb 82
|   e2 a7 04 cd  aa ab ca 52  b6 f6 6d 98  02 4c ef bf
|   65 9b d1 15  bf d2 b2 43  69 43 5a 34  bc de 6a 7a
|   ad 12 14 52  d4 62 1d e3  49 dd 49 29  97 e8 db d3
|   3c b7 66 ff  10 0f 8f 65  8f 87 21 78  dd 7a 44 4f
|   4a ee ac ff  6a 4f 77 29  c2 80 5a 31  66 34 4f d4
|   a9 b7 b3 72  a6 1a e6 2e  83 77 54 ac  76 fd bc 3e
|   e9 e9 f5 9c  81 00 33 05  28 54 16 f6  0d 92 15 73
|   37 5b c8 b0  6a 54 f1 8a  0a 2f e7 cf  76 05 f9 c5
|   82 f0 8f b8  5c 59 bd 69  5b ad b7 83  82 18 e7 ac
|   af 99 86 2a  b5 ee f8 24  52 72 2b 3c  1f d6 7b 3d
|   35 eb 21 f8  a7 83 fb b5  5f 70 96 ce  1d a2 57 02
|   37 7a ce 1b  0c 50 38 33  c1 44 e8 30  0b 45 07 fc
|   d0 2f 57 be  7b 96 85 3a  8a 2f 3b 98  78 87 ff 65
|   ca 9a c7 2b  63 b8 f1 ae  a0 68 19 1d  39 63 93 b4
|   ea 4a dd 57  c9 1f 43 b3  24 df f6 b8  83 51 a2 e0
|   92 96 2b 67  a0 12 18 74  d6 37 c8 c3  e7 e7 3b 91
| decrypted payload:  27 00 00 0c  01 00 00 00  c0 a8 01 01  21 00 00 c8
|   01 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  2c 00 00 9c  02 00 00 28  01 03 04 03
|   12 34 56 78  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 02  00 00 00 08  05 00 00 00
|   02 00 00 28  02 03 04 03  12 34 56 78  03 00 00 0c
|   01 00 00 0c  80 0e 00 80  03 00 00 08  03 00 00 01
|   00 00 00 08  05 00 00 00  02 00 00 24  03 03 04 03
|   12 34 56 78  03 00 00 08  01 00 00 03  03 00 00 08
|   03 00 00 02  00 00 00 08  05 00 00 00  00 00 00 24
|   04 03 04 03  12 34 56 78  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 01  00 00 00 08  05 00 00 00
|   2d 00 00 18  01 00 00 00  07 00 00 10  00 00 ff ff
|   c0 a8 01 01  c0 a8 01 01  00 00 00 18  01 00 00 00
|   07 00 00 10  00 00 ff ff  84 d5 ee 07  84 d5 ee 07
|   00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
| striping 16 bytes as pad
| **parse IKEv2 Identification Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH
|    critical bit: none
|    length: 12
|    id_type: ID_IPV4_ADDR
| processing payload: ISAKMP_NEXT_v2IDi (len=12)
| **parse IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA
|    critical bit: none
|    length: 200
|    auth method: v2_AUTH_RSA
| processing payload: ISAKMP_NEXT_v2AUTH (len=200)
| **parse IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi
|    critical bit: none
|    length: 156
| processing payload: ISAKMP_NEXT_v2SA (len=156)
| **parse IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_v2TSr
|    critical bit: none
|    length: 24
|    number of TS: 1
| processing payload: ISAKMP_NEXT_v2TSi (len=24)
| **parse IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: none
|    length: 24
|    number of TS: 1
| processing payload: ISAKMP_NEXT_v2TSr (len=24)
./h2hR2 IKEv2 mode peer ID is ID_IPV4_ADDR: '192.168.1.1'
| find_ID_host_pair: looking for me=(none) him=192.168.1.1 (wildcard)
|                   comparing to me=132.213.238.7 him=192.168.1.1 (mytunnel)
|   concluded with mytunnel
| idhash verify pi  cc 07 97 44  b4 a3 4e 8a  0d 2f 27 8b  ee 06 6d 07
|   a5 a5 75 2e
| idhash verify I2  01 00 00 00  c0 a8 01 01
| ikev2 verify required CA is '%any'
| checking alg=1 == 1, keyid=132.213.238.7 same_id=0
| checking alg=1 == 1, keyid=192.168.1.1 same_id=1
|   trusted_ca called with a=(empty) b=(empty)
| key issuer CA is '%any'
| PARENT SA now authenticated, building child and reply
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   de bc 58 3a  8f 40 d0 cf
|    next payload type: ISAKMP_NEXT_v2E
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_AUTH
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 01
| ***emit IKEv2 Encryption Payload:
|    next payload type: ISAKMP_NEXT_v2IDr
|    critical bit: none
| emitting 16 zero bytes of iv into IKEv2 Encryption Payload
| IKEv2 thinking whether to send my certificate:
|  my policy has  RSASIG, the policy is : RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|  sendcert: CERT_ALWAYSSEND and I did not get a certificate request
|  so do not send cert.
| I did not send a certificate because I do not have one.
| *****emit IKEv2 Identification Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH
|    critical bit: none
|    id_type: ID_IPV4_ADDR
| emitting 4 raw bytes of my identity into IKEv2 Identification Payload
| my identity  84 d5 ee 07
| emitting length of IKEv2 Identification Payload: 12
| idhash calc pr  e9 00 11 7e  41 d4 31 62  40 b8 63 22  bf 06 9f bc
|   eb 81 58 e7
| idhash calc R2  01 00 00 00  84 d5 ee 07
| assembled IDr payload -- CERT next
| CHILD SA proposals received
| going to assemble AUTH payload
| *****emit IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA
|    critical bit: none
|    auth method: v2_AUTH_RSA
| emitting 192 zero bytes of fake rsa sig into IKEv2 Authentication Payload
| emitting length of IKEv2 Authentication Payload: 200
| ***parse IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    length: 16
|    start port: 0
|    end port: 65535
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  c0 a8 01 01
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  c0 a8 01 01
| ***parse IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    length: 16
|    start port: 0
|    end port: 65535
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  84 d5 ee 07
| parsing 4 raw bytes of IKEv2 Traffic Selector into ipv4 ts
| ipv4 ts  84 d5 ee 07
| ikev2_evaluate_connection_fit, evaluating base fit for mytunnel
|   ikev2_evaluate_connection_fit evaluating our I=mytunnel:<noclient>:0/0 R=<noclient:0/0  to their:
|     tsi[0]=192.168.1.1/192.168.1.1 proto=0 portrange 0-65535, tsr[0]=132.213.238.7/132.213.238.7 proto=0 portrange 0-65535
| ei->port 0  tsi[tsi_ni].startport 0  tsi[tsi_ni].endport 65535
|       has ts_range1=0 maskbits1=32 ts_range2=0 maskbits2=32 fitbits=8224 <> -1
| bfit_n=ikev2_evaluate_connection_fit found better fit c mytunnel
|     evaluate_connection_port_fit tsi_n[1], best=-1
|    tsi[0] 0-65535: exact port match with 0.  fitness 65536
|       evaluating_connection_port_fit tsi_n[0], range_i=65536 best=-1
|    tsr[0] 0-65535: exact port match with 0.  fitness 65536
|       evaluating_connection_port_fit tsi_n[0] tsr_n[0], range=65536/65536 best=-1
|     best ports fit so far: tsi[0] fitrange_i 65536, tsr[0] fitrange_r 65536, matchiness 131072
|     port_fitness 131072
| ikev2_evaluate_connection_port_fit found better fit c mytunnel, tsi[0],tsr[0]
| find_ID_host_pair: looking for me=132.213.238.7 him=192.168.1.1 (wildcard)
|                   comparing to me=132.213.238.7 him=192.168.1.1 (mytunnel)
|   concluded with mytunnel
|   checking hostpair 132.213.238.7/32 -> 192.168.1.1/32 is found
| ikev2_evaluate_connection_fit, concluded with mytunnel
| duplicating state object #1
| creating state object #2 at Z
| ICOOKIE:  80 01 02 03  04 05 06 07
| RCOOKIE:  de bc 58 3a  8f 40 d0 cf
| state hash entry 28
| inserting state object #2 bucket: 28
| printing contents struct traffic_selector
|   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
|   ipprotoid: 0
|   startport: 0
|   endport: 65535
|   ip low: 132.213.238.7
|   ip high: 132.213.238.7
| printing contents struct traffic_selector
|   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
|   ipprotoid: 0
|   startport: 0
|   endport: 65535
|   ip low: 192.168.1.1
|   ip high: 192.168.1.1
| *****emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi
|    critical bit: none
| empty esp_info, returning defaults
| ***parse IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    length: 40
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into CHILD SA SPI
| CHILD SA SPI  12 34 56 78
| SPI received: 12345678
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 12
|    transform type: 1
|    transform ID: 12
| *****parse IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 8
|    transform type: 3
|    transform ID: 2
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 8
|    transform type: 5
|    transform ID: 0
| ***parse IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    length: 40
|    prop #: 2
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into CHILD SA SPI
| CHILD SA SPI  12 34 56 78
| SPI received: 12345678
| ******emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| ********emit IKEv2 Attribute Substructure Payload:
|    af+type: KEY_LENGTH
|    length/value: 128
|     [128 is 128??]
| emitting length of IKEv2 Transform Substructure Payload: 12
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 40
| emitting length of IKEv2 Security Association Payload: 44
| *****emit IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_v2TSr
|    critical bit: none
|    number of TS: 1
| ******emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector
| ipv4 low  c0 a8 01 01
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector
| ipv4 high  c0 a8 01 01
| emitting length of IKEv2 Traffic Selector: 16
| emitting length of IKEv2 Traffic Selector Payload: 24
| *****emit IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: none
|    number of TS: 1
| ******emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector
| ipv4 low  84 d5 ee 07
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector
| ipv4 high  84 d5 ee 07
| emitting length of IKEv2 Traffic Selector: 16
| emitting length of IKEv2 Traffic Selector Payload: 24
| prf+[1]:  f1 a3 5e 87  c7 70 88 01  b6 81 3d 59  56 99 8e be
|   1a 76 a5 e4
| prf+[2]:  c3 2c d0 f3  83 3d 8f 24  1e 8f 86 2a  2a 58 ce d8
|   0f 77 b6 4a
| prf+[3]:  6f 3d 81 fb  39 51 57 a1  df 92 21 c8  77 8f 8f 07
|   5c ee d5 26
| prf+[4]:  1e 9f 3d b0  17 f3 f7 fc  e8 5e 55 44  63 f0 30 94
|   2f 4e 11 2a
| our  keymat  f1 a3 5e 87  c7 70 88 01  b6 81 3d 59  56 99 8e be
|   1a 76 a5 e4  c3 2c d0 f3  83 3d 8f 24  1e 8f 86 2a
|   2a 58 ce d8
| peer keymat  0f 77 b6 4a  6f 3d 81 fb  39 51 57 a1  df 92 21 c8
|   77 8f 8f 07  5c ee d5 26  1e 9f 3d b0  17 f3 f7 fc
|   e8 5e 55 44
| emitting 16 raw bytes of padding and length into cleartext
| padding and length  00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
| emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 352
| emitting length of ISAKMP Message: 380
| data before encryption:
|   27 00 00 0c  01 00 00 00  84 d5 ee 07  21 00 00 c8
|   01 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  2c 00 00 2c  00 00 00 28  01 03 04 03
|   12 34 56 78  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  03 00 00 02  00 00 00 08  05 00 00 00
|   2d 00 00 18  01 00 00 00  07 00 00 10  00 00 ff ff
|   c0 a8 01 01  c0 a8 01 01  00 00 00 18  01 00 00 00
|   07 00 00 10  00 00 ff ff  84 d5 ee 07  84 d5 ee 07
|   00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
| data after encryption:
|   9d e2 92 1a  3d ce c8 6c  f2 48 b8 d9  ad d0 9e 3f
|   9c e0 21 6b  9b f1 0c d9  91 41 7a 9e  06 ac 7f f2
|   32 5b 0a de  45 b4 fb 32  99 40 fa 9a  12 bf eb 17
|   62 d9 e9 29  50 3a d5 d0  c5 d8 c7 59  d5 c1 28 8e
|   46 a6 b8 83  7e 61 6f e1  45 2e 6f af  13 30 cd ff
|   da 72 68 13  ba e0 86 bd  fd b4 25 f0  ef 9b da 53
|   25 36 25 26  c8 f3 d9 35  21 14 e9 b8  4d bc d3 2d
|   66 75 39 0a  93 23 ed 95  4b e0 ff 9c  8b 44 a7 22
|   8a 10 71 38  0b 25 3b e1  02 86 de c2  76 05 5c 02
|   e1 41 2a 16  ff 08 d2 11  76 85 40 b1  11 9c dd 9f
|   84 db c6 87  01 da 3d e7  b7 3c 73 a2  7d 61 c0 74
|   50 f9 bc fc  6e 80 d1 ff  74 4a 26 63  5a f4 64 f3
|   6e 43 ec 42  52 de 98 31  7c 56 d1 e5  cc 3e 38 92
|   f6 61 10 03  b6 92 0a a7  25 4d f6 84  ac 78 d2 37
|   e0 cd 44 f0  96 f0 d7 80  aa fa 00 fc  70 36 2f 45
|   16 46 fa d0  03 1a 68 3f  a3 2f f0 49  f7 63 f9 b1
|   32 cb dc cf  b0 37 96 1d  6a bc 48 84  9b 6e ff 17
|   c6 93 5a 59  03 7a 61 23  ca 41 35 05  90 70 9c fa
|   86 89 97 11  73 44 f3 bd  f5 96 02 b0  4e f6 aa 63
|   99 ad d1 2f  fc 8e 5e 84  76 d0 40 cc  4e b7 74 25
| data being hmac:  80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 23 20  00 00 00 01  00 00 01 7c  24 00 01 60
|   80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   9d e2 92 1a  3d ce c8 6c  f2 48 b8 d9  ad d0 9e 3f
|   9c e0 21 6b  9b f1 0c d9  91 41 7a 9e  06 ac 7f f2
|   32 5b 0a de  45 b4 fb 32  99 40 fa 9a  12 bf eb 17
|   62 d9 e9 29  50 3a d5 d0  c5 d8 c7 59  d5 c1 28 8e
|   46 a6 b8 83  7e 61 6f e1  45 2e 6f af  13 30 cd ff
|   da 72 68 13  ba e0 86 bd  fd b4 25 f0  ef 9b da 53
|   25 36 25 26  c8 f3 d9 35  21 14 e9 b8  4d bc d3 2d
|   66 75 39 0a  93 23 ed 95  4b e0 ff 9c  8b 44 a7 22
|   8a 10 71 38  0b 25 3b e1  02 86 de c2  76 05 5c 02
|   e1 41 2a 16  ff 08 d2 11  76 85 40 b1  11 9c dd 9f
|   84 db c6 87  01 da 3d e7  b7 3c 73 a2  7d 61 c0 74
|   50 f9 bc fc  6e 80 d1 ff  74 4a 26 63  5a f4 64 f3
|   6e 43 ec 42  52 de 98 31  7c 56 d1 e5  cc 3e 38 92
|   f6 61 10 03  b6 92 0a a7  25 4d f6 84  ac 78 d2 37
|   e0 cd 44 f0  96 f0 d7 80  aa fa 00 fc  70 36 2f 45
|   16 46 fa d0  03 1a 68 3f  a3 2f f0 49  f7 63 f9 b1
|   32 cb dc cf  b0 37 96 1d  6a bc 48 84  9b 6e ff 17
|   c6 93 5a 59  03 7a 61 23  ca 41 35 05  90 70 9c fa
|   86 89 97 11  73 44 f3 bd  f5 96 02 b0  4e f6 aa 63
|   99 ad d1 2f  fc 8e 5e 84  76 d0 40 cc  4e b7 74 25
| out calculated auth:
|   3e 9a 34 b2  a4 8b bf e4  d5 2c 15 05
| complete v2 state transition with STF_OK
./h2hR2 transition from state STATE_PARENT_R1 to state STATE_CHILD_C1_KEYED
./h2hR2 negotiated tunnel [132.213.238.7,132.213.238.7 proto:0 port:0-65535] -> [192.168.1.1,192.168.1.1 proto:0 port:0-65535]
./h2hR2 STATE_CHILD_C1_KEYED: CHILD SA established tunnel mode {ESP=>0x12345678 <0x12345678 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none} (msgid: 00000000)
| sending reply packet to 192.168.1.1:500 (from port 500)
sending 380 bytes for STATE_PARENT_R1 through eth0:500 to 192.168.1.1:500 (using #2)
|   80 01 02 03  04 05 06 07  de bc 58 3a  8f 40 d0 cf
|   2e 20 23 20  00 00 00 01  00 00 01 7c  24 00 01 60
|   80 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   9d e2 92 1a  3d ce c8 6c  f2 48 b8 d9  ad d0 9e 3f
|   9c e0 21 6b  9b f1 0c d9  91 41 7a 9e  06 ac 7f f2
|   32 5b 0a de  45 b4 fb 32  99 40 fa 9a  12 bf eb 17
|   62 d9 e9 29  50 3a d5 d0  c5 d8 c7 59  d5 c1 28 8e
|   46 a6 b8 83  7e 61 6f e1  45 2e 6f af  13 30 cd ff
|   da 72 68 13  ba e0 86 bd  fd b4 25 f0  ef 9b da 53
|   25 36 25 26  c8 f3 d9 35  21 14 e9 b8  4d bc d3 2d
|   66 75 39 0a  93 23 ed 95  4b e0 ff 9c  8b 44 a7 22
|   8a 10 71 38  0b 25 3b e1  02 86 de c2  76 05 5c 02
|   e1 41 2a 16  ff 08 d2 11  76 85 40 b1  11 9c dd 9f
|   84 db c6 87  01 da 3d e7  b7 3c 73 a2  7d 61 c0 74
|   50 f9 bc fc  6e 80 d1 ff  74 4a 26 63  5a f4 64 f3
|   6e 43 ec 42  52 de 98 31  7c 56 d1 e5  cc 3e 38 92
|   f6 61 10 03  b6 92 0a a7  25 4d f6 84  ac 78 d2 37
|   e0 cd 44 f0  96 f0 d7 80  aa fa 00 fc  70 36 2f 45
|   16 46 fa d0  03 1a 68 3f  a3 2f f0 49  f7 63 f9 b1
|   32 cb dc cf  b0 37 96 1d  6a bc 48 84  9b 6e ff 17
|   c6 93 5a 59  03 7a 61 23  ca 41 35 05  90 70 9c fa
|   86 89 97 11  73 44 f3 bd  f5 96 02 b0  4e f6 aa 63
|   99 ad d1 2f  fc 8e 5e 84  76 d0 40 cc  4e b7 74 25
|   3e 9a 34 b2  a4 8b bf e4  d5 2c 15 05
| releasing whack for #X (sock=Y)
| releasing whack for #X (sock=Y)
./h2hR2 leak: reply packet, item size: X
./h2hR2 leak: skeyseed_t1, item size: X
./h2hR2 leak: responder keys, item size: X
./h2hR2 leak: initiator keys, item size: X
./h2hR2 leak: db_v2_trans, item size: X
./h2hR2 leak: db_v2_prop_conj, item size: X
./h2hR2 leak: db_v2_prop, item size: X
./h2hR2 leak: db_v2_trans, item size: X
./h2hR2 leak: db_v2_prop_conj, item size: X
./h2hR2 leak: db_attrs, item size: X
./h2hR2 leak: db_v2_trans, item size: X
./h2hR2 leak: db_v2_prop_conj, item size: X
./h2hR2 leak: db_attrs, item size: X
./h2hR2 leak: db_v2_trans, item size: X
./h2hR2 leak: db_v2_prop_conj, item size: X
./h2hR2 leak: 4 * sa copy attrs array, item size: X
./h2hR2 leak: sa copy trans array, item size: X
./h2hR2 leak: sa copy prop array, item size: X
./h2hR2 leak: sa copy prop conj array, item size: X
./h2hR2 leak: sa copy prop_conj, item size: X
./h2hR2 leak: st_nr in duplicate_state, item size: X
./h2hR2 leak: st_ni in duplicate_state, item size: X
./h2hR2 leak: st_skey_pr in duplicate_state, item size: X
./h2hR2 leak: st_skey_pi in duplicate_state, item size: X
./h2hR2 leak: st_skey_er in duplicate_state, item size: X
./h2hR2 leak: st_skey_ei in duplicate_state, item size: X
./h2hR2 leak: st_skey_ar in duplicate_state, item size: X
./h2hR2 leak: st_skey_ai in duplicate_state, item size: X
./h2hR2 leak: st_skey_d in duplicate_state, item size: X
./h2hR2 leak: st_skeyseed in duplicate_state, item size: X
./h2hR2 leak: st_enc_key in duplicate_state, item size: X
./h2hR2 leak: struct state in new_state(), item size: X
./h2hR2 leak: ikev2_inI2outR2 KE, item size: X
./h2hR2 leak: ikev2_inI1outR1 KE, item size: X
./h2hR2 leak: msg_digest, item size: X
./h2hR2 leak: ID host_pair, item size: X
./h2hR2 leak: host_pair, item size: X
./h2hR2 leak: 2 * host ip, item size: X
./h2hR2 leak: connection name, item size: X
./h2hR2 leak: struct connection, item size: X
./h2hR2 leak: pubkey entry, item size: X
./h2hR2 leak: pubkey, item size: X
./h2hR2 leak: pubkey entry, item size: X
./h2hR2 leak: pubkey, item size: X
./h2hR2 leak: 2 * id list, item size: X
./h2hR2 leak: secret, item size: X
./h2hR2 leak: 2 * hasher name, item size: X
./h2hR2 leak: policies path, item size: X
./h2hR2 leak: ocspcerts path, item size: X
./h2hR2 leak: aacerts path, item size: X
./h2hR2 leak: certs path, item size: X
./h2hR2 leak: private path, item size: X
./h2hR2 leak: crls path, item size: X
./h2hR2 leak: cacert path, item size: X
./h2hR2 leak: acert path, item size: X
./h2hR2 leak: default conf var_dir, item size: X
./h2hR2 leak: default conf conffile, item size: X
./h2hR2 leak: default conf ipsecd_dir, item size: X
./h2hR2 leak: default conf ipsec_conf_dir, item size: X
./h2hR2 leak detective found Z leaks, total size X
Pre-amble (offset: X): #!-pluto-whack-file- recorded on FOO
