./h2hR1-deny-ikev1 ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
./h2hR1-deny-ikev1 ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
./h2hR1-deny-ikev1 ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
./h2hR1-deny-ikev1 loading secrets from "../samples/jj.secrets"
./h2hR1-deny-ikev1 loaded private key for keyid: PPK_RSA:AQOg5H7A4
| processing whack message of size: A
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| processing whack message of size: A
processing whack msg time: X size: Y
| Added new connection mytunnel-no-ikev1 with policy RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
| counting wild cards for 192.168.1.1 is 0
| counting wild cards for 132.213.238.7 is 0
| orient mytunnel-no-ikev1 checking against if: eth0 (AF_INET:132.213.238.7:500)
|     orient matched on IP
|   orient mytunnel-no-ikev1 finished with: 1 [132.213.238.7]
| find_host_pair: looking for me=132.213.238.7:500 %address him=192.168.1.1:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 132.213.238.7:500 %address 192.168.1.1:500 -> hp:none
| find_ID_host_pair: looking for me=132.213.238.7 him=192.168.1.1 (exact)
|   concluded with <none>
./h2hR1-deny-ikev1 adding connection: "mytunnel-no-ikev1"
| 132.213.238.7...192.168.1.1
| ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1; policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK
|   orient mytunnel-no-ikev1 finished with: 1 [132.213.238.7]
RC=0 "mytunnel-no-ikev1": 132.213.238.7...192.168.1.1; unrouted; eroute owner: #0
RC=0 "mytunnel-no-ikev1":     myip=unset; hisip=unset;
RC=0 "mytunnel-no-ikev1":   ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1
RC=0 "mytunnel-no-ikev1":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK; prio: 32,32; interface: eth0; kind=CK_PERMANENT
| *received 492 bytes from 192.168.1.1:500 on eth0 (port=500)
|   80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   01 10 02 00  00 00 00 00  00 00 01 ec  0d 00 01 ac
|   00 00 00 01  00 00 00 01  00 00 01 a0  00 01 00 0c
|   03 00 00 24  00 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 02  80 03 00 03  80 04 00 0e
|   80 0e 00 80  03 00 00 24  01 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 01  80 03 00 03
|   80 04 00 0e  80 0e 00 80  03 00 00 20  02 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 05  80 02 00 02
|   80 03 00 03  80 04 00 0e  03 00 00 20  03 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 05  80 02 00 01
|   80 03 00 03  80 04 00 0e  03 00 00 24  04 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 02
|   80 03 00 03  80 04 00 05  80 0e 00 80  03 00 00 24
|   05 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 01  80 03 00 03  80 04 00 05  80 0e 00 80
|   03 00 00 20  06 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 02  80 03 00 03  80 04 00 05
|   03 00 00 20  07 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 01  80 03 00 03  80 04 00 05
|   03 00 00 20  08 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 02  80 03 00 03  80 04 00 02
|   03 00 00 20  09 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 01  80 03 00 03  80 04 00 02
|   03 00 00 24  0a 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 02  80 03 00 03  80 04 00 02
|   80 0e 00 80  00 00 00 24  0b 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 01  80 03 00 03
|   80 04 00 02  80 0e 00 80  0d 00 00 10  4f 45 70 6c
|   75 74 6f 75  6e 69 74 30  00 00 00 14  af ca d7 13
|   68 a1 f1 c9  6b 86 96 fc  77 57 01 00
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
./h2hR1-deny-ikev1 ignoring unknown Vendor ID payload [4f45706c75746f756e697430]
./h2hR1-deny-ikev1 received Vendor ID payload [Dead Peer Detection]
| find_host_connection2 called from main_inI1_outR1, me=132.213.238.7:500 him=192.168.1.1:500 policy=/!IKEv1
| find_host_pair: looking for me=132.213.238.7:500 %address him=192.168.1.1:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %address him=192.168.1.1:500
| find_host_pair: concluded with mytunnel-no-ikev1
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %address/192.168.1.1:500 -> hp:mytunnel-no-ikev1
| searching for connection with policy = /!IKEv1
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK (mytunnel-no-ikev1)
| connection mytunnel-no-ikev1 (policy=RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK) does not match desired policy  (~ !IKEv1) [withoutversion: mytunnel-no-ikev1]
| connection mytunnel-no-ikev1 (policy=RSASIG+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK) would have matched, but ike version policy was wrong
| find_host_pair: looking for me=132.213.238.7:500 %any him=<none>:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %address him=192.168.1.1:500
| find_host_pair: concluded with <none>
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %any/%any:500 -> hp:none
| searching for connection with policy = /!IKEv1
| find_host_connection2 returns empty (ike=mytunnel-no-ikev1/none)
| find_host_connection2 called from main_inI1_outR1, me=132.213.238.7:500 him=%any:500 policy=RSASIG/!IKEv1
| find_host_pair: looking for me=132.213.238.7:500 %any him=<none>:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %address him=192.168.1.1:500
| find_host_pair: concluded with <none>
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %any/%any:500 -> hp:none
| searching for connection with policy = RSASIG/!IKEv1
| find_host_pair: looking for me=132.213.238.7:500 %any him=<none>:500 any-match
| find_host_pair: comparing to me=132.213.238.7:500 %address him=192.168.1.1:500
| find_host_pair: concluded with <none>
| found_host_pair_conn (find_host_connection2): 132.213.238.7:500 %any/%any:500 -> hp:none
| searching for connection with policy = RSASIG/!IKEv1
| find_host_connection2 returns empty (ike=none/none)
./h2hR1-deny-ikev1 initial Main Mode message received on 132.213.238.7:62465 but no connection has been authorized with policy=RSASIG
| complete state transition with STF_FAIL
RC=205 STATE_MAIN_R0: INVALID_MAJOR_VERSION
./h2hR1-deny-ikev1 sending notification INVALID_MAJOR_VERSION to 192.168.1.1:500
| **emit ISAKMP Message:
|    initiator cookie:
|   80 01 02 03  04 05 06 07
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    next payload type: ISAKMP_NEXT_N
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
|    exchange type: ISAKMP_XCHG_INFO
|    flags: none
|    message ID:  00 00 00 00
| ***emit ISAKMP Notification Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    DOI: ISAKMP_DOI_IPSEC
|    protocol ID: 1
|    SPI size: 0
|    Notify Message Type: INVALID_MAJOR_VERSION
| emitting length of ISAKMP Notification Payload: 12
| emitting length of ISAKMP Message: 40
sending 40 bytes for notification packet through eth0:500 to 192.168.1.1:500 (using #0)
|   80 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   0b 10 05 00  00 00 00 00  00 00 00 28  00 00 00 0c
|   00 00 00 01  01 00 00 05
./h2hR1-deny-ikev1 deleting connection
./h2hR1-deny-ikev1 leak: 67 * VendorID MD5, item size: X
./h2hR1-deny-ikev1 leak: 3 * vid->data, item size: X
./h2hR1-deny-ikev1 leak: 15 * VendorID MD5, item size: X
./h2hR1-deny-ikev1 leak: self-vendor ID, item size: X
./h2hR1-deny-ikev1 leak: init_pluto_vendorid, item size: X
./h2hR1-deny-ikev1 leak: 4 * fswan VID, item size: X
./h2hR1-deny-ikev1 leak: vid->data, item size: X
./h2hR1-deny-ikev1 leak: 23 * VendorID MD5, item size: X
./h2hR1-deny-ikev1 leak: vid->data, item size: X
./h2hR1-deny-ikev1 leak: msg_digest, item size: X
./h2hR1-deny-ikev1 leak: policies path, item size: X
./h2hR1-deny-ikev1 leak: ocspcerts path, item size: X
./h2hR1-deny-ikev1 leak: aacerts path, item size: X
./h2hR1-deny-ikev1 leak: certs path, item size: X
./h2hR1-deny-ikev1 leak: private path, item size: X
./h2hR1-deny-ikev1 leak: crls path, item size: X
./h2hR1-deny-ikev1 leak: cacert path, item size: X
./h2hR1-deny-ikev1 leak: acert path, item size: X
./h2hR1-deny-ikev1 leak: default conf var_dir, item size: X
./h2hR1-deny-ikev1 leak: default conf conffile, item size: X
./h2hR1-deny-ikev1 leak: default conf ipsecd_dir, item size: X
./h2hR1-deny-ikev1 leak: default conf ipsec_conf_dir, item size: X
./h2hR1-deny-ikev1 leak: 2 * id list, item size: X
./h2hR1-deny-ikev1 leak: secret, item size: X
./h2hR1-deny-ikev1 leak: 2 * hasher name, item size: X
./h2hR1-deny-ikev1 leak detective found Z leaks, total size X
Pre-amble (offset: X): #!-pluto-whack-file- recorded on FOO
