
  Electric Fence 2.1 Copyright (C) 1987-1998 Bruce Perens.
../parentR2psk ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
../parentR2psk ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
../parentR2psk ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
../parentR2psk ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
../parentR2psk ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
../parentR2psk ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
../parentR2psk ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
| interface "eth0" matched right side
../parentR2psk added connection description "westnet--eastnet-ikev2"
Started ../parentR2psk
Pre-amble: #!-pluto-whack-file- recorded on east on 2008-01-17 15:33:58
../parentR2psk listening for IKE messages
RC=0 "westnet--eastnet-ikev2": 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east,S=C]...192.1.2.45<192.1.2.45>[@west,S=C]===192.0.1.0/24; unrouted; eroute owner: #0
RC=0 "westnet--eastnet-ikev2":     myip=unset; hisip=unset;
RC=0 "westnet--eastnet-ikev2":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
RC=0 "westnet--eastnet-ikev2":   policy: PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init; prio: 24,24; interface: eth0; 
RC=0 "westnet--eastnet-ikev2":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
| *received 508 bytes from 192.1.2.45:500 on eth0 (port=500)
|   00 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 01 fc  22 80 00 f4
|   02 00 00 28  01 01 00 04  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  02 01 00 04
|   03 00 00 08  01 00 00 0c  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  03 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  04 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  05 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  00 00 00 28  06 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   28 00 00 c8  00 05 00 00  ff bc 6a 92  a6 b9 55 9b
|   05 fa 96 a7  a4 35 07 b4  c1 e1 c0 86  1a 58 71 d9
|   ba 73 a1 63  11 37 88 c0  de bb 39 79  e7 ff 0c 52
|   b4 ce 60 50  eb 05 36 9e  a4 30 0d 2b  ff 3b 1b 29
|   9f 3b 80 2c  cb 13 31 8c  2a b9 e3 b5  62 7c b4 b3
|   5e b9 39 98  20 76 b5 7c  05 0d 7b 35  c3 c5 c7 cc
|   8c 0f ea b7  b6 4a 7d 7b  6b 8f 6b 4d  ab f4 ac 40
|   6d d2 01 26  b9 0a 98 ac  76 6e fa 37  a7 89 0c 43
|   94 ff 9a 77  61 5b 58 f5  2d 65 1b bf  a5 8d 2a 54
|   9a f8 b0 1a  a4 bc a3 d7  62 42 66 63  b1 55 d4 eb
|   da 9f 60 a6  a1 35 73 e6  a8 88 13 5c  dc 67 3d d4
|   83 02 99 03  f3 a9 0e ca  23 e1 ec 1e  27 03 31 b2
|   d0 50 f4 f7  58 f4 99 27  2b 80 00 14  b5 ce 84 19
|   09 5c 6e 2b  6b 62 d3 05  53 05 b3 c4  00 00 00 10
|   4f 45 VENDOR
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34)
| find_host_connection called from ikev2parent_inI1outR1, me=192.1.2.23:500 him=192.1.2.45:500 policy=IKEv2ALLOW
| find_host_pair: comparing to 192.1.2.23:500 192.1.2.45:500 
| find_host_pair_conn (find_host_connection2): 192.1.2.23:500 192.1.2.45:500 -> hp:westnet--eastnet-ikev2 
| searching for policy=IKEv2ALLOW, found=IKEv2ALLOW (westnet--eastnet-ikev2)
| find_host_connection returns westnet--eastnet-ikev2
| found connection: westnet--eastnet-ikev2 
| creating state object #1 at ADDR
| interface "eth0" matched right side
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
../parentR2psk transition from state STATE_IKEv2_START to state STATE_PARENT_R1
../parentR2psk STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1 prf=oakley_sha group=modp1536}
sending 308 bytes for STATE_IKEv2_START through eth0:500 to 192.1.2.45:500 (using #1)
|   00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   21 20 22 20  00 00 00 00  00 00 01 34  22 80 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  28 00 00 c8  00 05 00 00
|   cd 30 df 6e  c0 85 44 12  53 01 80 d8  7e 1a fb b3
|   26 79 3e 99  56 c8 6a 96  25 53 c2 77  ad 5b ab 50
|   f8 32 5a d8  64 0b 0e fe  a5 1d 6c 83  1f a1 7c fb
|   0f 2e 1a f4  b1 66 a0 fe  30 75 12 ad  0f 81 ab b8
|   aa fb 68 48  ec 10 a4 97  6c 3d b1 17  ec e1 e6 61
|   db bf 48 0c  28 2e 3f 11  07 c1 86 42  80 1e e8 3f
|   9e 4a b9 ab  63 6f 23 7d  aa f6 a7 aa  d8 22 99 3e
|   a4 1e a3 31  ee 27 82 0b  93 f5 0b 8f  3f 71 05 61
|   c9 25 70 26  97 ba 6b 1e  95 3c 21 fb  c9 a7 7d 2b
|   5f 87 3c fc  50 99 e7 7d  48 4c dd 52  66 4b cf 0d
|   bf 00 ca fd  ae 6d e7 14  6d 11 35 f6  5d 93 5f 60
|   b9 73 0f e0  49 2c 2a f8  c9 04 f6 4c  59 16 90 9d
|   2b 80 00 14  47 e9 f9 25  8c a2 38 58  f6 75 b1 66
|   b0 2c c2 92  00 00 00 10  4f 45 70 6c  75 74 6f 75
|   6e 69 74 30
| *received 476 bytes from 192.1.2.45:500 on eth0 (port=500)
|   00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   2e 20 23 08  00 00 00 01  00 00 01 dc  23 80 01 c0
|   00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   19 15 f1 05  5d 13 fc 7c  f5 6b 16 12  a6 e9 10 34
|   3c 2f 16 c2  28 a4 e5 ef  c1 05 41 7b  df 74 b5 b3
|   76 73 13 c2  78 f5 b2 d8  a6 00 06 45  4a 0c db 77
|   91 b4 a7 b6  1f ed 1e fa  a7 67 31 f8  c1 d5 b8 3d
|   ca 6b 22 c5  1f 79 61 56  ff 28 35 02  76 1c 83 7e
|   f1 57 c2 61  8c 62 ad 2f  62 ad db e6  75 7c f1 60
|   a5 a7 56 f9  98 f6 09 c8  19 c1 e1 a6  00 7b a1 ba
|   ab 23 40 ce  6c b4 0d 17  52 43 a6 ad  42 e6 f3 55
|   dd 8e f7 01  e8 d2 8b 81  e7 1a 0f c1  7e 57 76 0f
|   5e 3a 1e 03  e0 6d 6a 86  a0 a0 f7 44  ed 8e fb 4d
|   ea e8 c6 18  4c 51 6e 0f  c2 3c 6d d1  50 54 06 ee
|   8c 4e 98 0c  62 54 2d 09  b2 b7 a1 f4  b2 08 99 45
|   40 68 d2 cc  60 04 8d 6a  d2 4e d0 ae  10 b1 f6 c8
|   16 1b b4 14  d0 95 7d 67  9c 7e bc 46  d3 a3 8b b6
|   41 4d 2e c3  0b e7 e6 81  e7 e9 90 fd  53 dd e3 85
|   b3 9d 1f 9a  e0 34 77 74  76 e8 26 ff  8b 7c ad 94
|   9e 97 e9 b8  78 5d c3 fc  1f c1 a5 99  c7 75 0c 99
|   9f 88 3e 7f  0e 40 24 76  ad 99 84 66  c7 04 78 b1
|   18 09 98 43  99 40 00 a3  1d ee b5 82  48 19 3b b9
|   11 9e dd 1c  fe 80 83 f5  d1 c9 f7 0f  d5 21 d9 e8
|   52 b3 80 64  e8 3c 1e e5  2c 13 6b c5  60 00 e5 a1
|   0d fa 9f d5  c1 d5 c9 25  2b 46 d5 73  60 42 7a 0b
|   2b 28 08 23  b2 70 f8 94  54 31 b7 e4  55 81 2c 7f
|   98 c1 4d 3f  96 36 fd d2  09 2d d2 c2  d4 2c 2d 96
|   70 a3 3e df  02 dc c6 04  2c 97 67 f9  8c ab 72 26
|   23 80 d9 85  f1 c5 80 ba  2f 1b 41 f0  5d 3a eb 6c
|   76 4f 97 cd  0a 26 20 23  13 c2 2a 83
| ikev2 I 0x0001020304050607 0xc02e7a3031a03188 sha1:0x4ea8e662b07cdd430f6944c6723e4b82d5722418 aes128:0x3f44bf47cafd8150591deb088199fcbf
| ikev2 R 0x0001020304050607 0xc02e7a3031a03188 sha1:0x515b0bd22e6d76b34fdb760aa7bfad80b109b75d aes128:0xbedb67ec7dc3d00cccac42e70cd63bde
| data being hmac:  00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   2e 20 23 08  00 00 00 01  00 00 01 dc  23 80 01 c0
|   00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   19 15 f1 05  5d 13 fc 7c  f5 6b 16 12  a6 e9 10 34
|   3c 2f 16 c2  28 a4 e5 ef  c1 05 41 7b  df 74 b5 b3
|   76 73 13 c2  78 f5 b2 d8  a6 00 06 45  4a 0c db 77
|   91 b4 a7 b6  1f ed 1e fa  a7 67 31 f8  c1 d5 b8 3d
|   ca 6b 22 c5  1f 79 61 56  ff 28 35 02  76 1c 83 7e
|   f1 57 c2 61  8c 62 ad 2f  62 ad db e6  75 7c f1 60
|   a5 a7 56 f9  98 f6 09 c8  19 c1 e1 a6  00 7b a1 ba
|   ab 23 40 ce  6c b4 0d 17  52 43 a6 ad  42 e6 f3 55
|   dd 8e f7 01  e8 d2 8b 81  e7 1a 0f c1  7e 57 76 0f
|   5e 3a 1e 03  e0 6d 6a 86  a0 a0 f7 44  ed 8e fb 4d
|   ea e8 c6 18  4c 51 6e 0f  c2 3c 6d d1  50 54 06 ee
|   8c 4e 98 0c  62 54 2d 09  b2 b7 a1 f4  b2 08 99 45
|   40 68 d2 cc  60 04 8d 6a  d2 4e d0 ae  10 b1 f6 c8
|   16 1b b4 14  d0 95 7d 67  9c 7e bc 46  d3 a3 8b b6
|   41 4d 2e c3  0b e7 e6 81  e7 e9 90 fd  53 dd e3 85
|   b3 9d 1f 9a  e0 34 77 74  76 e8 26 ff  8b 7c ad 94
|   9e 97 e9 b8  78 5d c3 fc  1f c1 a5 99  c7 75 0c 99
|   9f 88 3e 7f  0e 40 24 76  ad 99 84 66  c7 04 78 b1
|   18 09 98 43  99 40 00 a3  1d ee b5 82  48 19 3b b9
|   11 9e dd 1c  fe 80 83 f5  d1 c9 f7 0f  d5 21 d9 e8
|   52 b3 80 64  e8 3c 1e e5  2c 13 6b c5  60 00 e5 a1
|   0d fa 9f d5  c1 d5 c9 25  2b 46 d5 73  60 42 7a 0b
|   2b 28 08 23  b2 70 f8 94  54 31 b7 e4  55 81 2c 7f
|   98 c1 4d 3f  96 36 fd d2  09 2d d2 c2  d4 2c 2d 96
|   70 a3 3e df  02 dc c6 04  2c 97 67 f9  8c ab 72 26
|   23 80 d9 85  f1 c5 80 ba  2f 1b 41 f0  5d 3a eb 6c
| R2 calculated auth:  76 4f 97 cd  0a 26 20 23  13 c2 2a 83
| R2  provided  auth:  76 4f 97 cd  0a 26 20 23  13 c2 2a 83
| authenticator matched
| data before decryption:
|   19 15 f1 05  5d 13 fc 7c  f5 6b 16 12  a6 e9 10 34
|   3c 2f 16 c2  28 a4 e5 ef  c1 05 41 7b  df 74 b5 b3
|   76 73 13 c2  78 f5 b2 d8  a6 00 06 45  4a 0c db 77
|   91 b4 a7 b6  1f ed 1e fa  a7 67 31 f8  c1 d5 b8 3d
|   ca 6b 22 c5  1f 79 61 56  ff 28 35 02  76 1c 83 7e
|   f1 57 c2 61  8c 62 ad 2f  62 ad db e6  75 7c f1 60
|   a5 a7 56 f9  98 f6 09 c8  19 c1 e1 a6  00 7b a1 ba
|   ab 23 40 ce  6c b4 0d 17  52 43 a6 ad  42 e6 f3 55
|   dd 8e f7 01  e8 d2 8b 81  e7 1a 0f c1  7e 57 76 0f
|   5e 3a 1e 03  e0 6d 6a 86  a0 a0 f7 44  ed 8e fb 4d
|   ea e8 c6 18  4c 51 6e 0f  c2 3c 6d d1  50 54 06 ee
|   8c 4e 98 0c  62 54 2d 09  b2 b7 a1 f4  b2 08 99 45
|   40 68 d2 cc  60 04 8d 6a  d2 4e d0 ae  10 b1 f6 c8
|   16 1b b4 14  d0 95 7d 67  9c 7e bc 46  d3 a3 8b b6
|   41 4d 2e c3  0b e7 e6 81  e7 e9 90 fd  53 dd e3 85
|   b3 9d 1f 9a  e0 34 77 74  76 e8 26 ff  8b 7c ad 94
|   9e 97 e9 b8  78 5d c3 fc  1f c1 a5 99  c7 75 0c 99
|   9f 88 3e 7f  0e 40 24 76  ad 99 84 66  c7 04 78 b1
|   18 09 98 43  99 40 00 a3  1d ee b5 82  48 19 3b b9
|   11 9e dd 1c  fe 80 83 f5  d1 c9 f7 0f  d5 21 d9 e8
|   52 b3 80 64  e8 3c 1e e5  2c 13 6b c5  60 00 e5 a1
|   0d fa 9f d5  c1 d5 c9 25  2b 46 d5 73  60 42 7a 0b
|   2b 28 08 23  b2 70 f8 94  54 31 b7 e4  55 81 2c 7f
|   98 c1 4d 3f  96 36 fd d2  09 2d d2 c2  d4 2c 2d 96
|   70 a3 3e df  02 dc c6 04  2c 97 67 f9  8c ab 72 26
|   23 80 d9 85  f1 c5 80 ba  2f 1b 41 f0  5d 3a eb 6c
| decrypted payload:  27 00 00 0c  02 00 00 00  77 65 73 74  21 00 00 c8
|   02 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  2c 80 00 94  02 00 00 24  01 03 04 03
|   12 34 56 78  03 00 00 08  01 00 00 0c  03 00 00 08
|   03 00 00 02  00 00 00 08  05 00 00 00  02 00 00 24
|   02 03 04 03  12 34 56 78  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  00 00 00 08  05 00 00 00
|   02 00 00 24  03 03 04 03  12 34 56 78  03 00 00 08
|   01 00 00 03  03 00 00 08  03 00 00 02  00 00 00 08
|   05 00 00 00  00 00 00 24  04 03 04 03  12 34 56 78
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   00 00 00 08  05 00 00 00  2d 00 00 18  01 00 00 00
|   07 00 00 10  00 00 ff ff  c0 00 01 00  c0 00 01 ff
|   00 00 00 18  01 00 00 00  07 00 00 10  00 00 ff ff
|   c0 00 02 00  c0 00 02 ff  00 01 02 03  04 05 06 07
| striping 8 bytes as pad
| **parse IKEv2 Identification Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH
|    length: 12
|    id_type: ID_FQDN
| processing payload: ISAKMP_NEXT_v2IDi (len=12) 
| **parse IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA
|    length: 200
|    auth method: v2_AUTH_SHARED
| processing payload: ISAKMP_NEXT_v2AUTH (len=200) 
| **parse IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi
|    critical bit: Payload-Critical
|    length: 148
| processing payload: ISAKMP_NEXT_v2SA (len=148) 
| **parse IKEv2 Traffic Selectors:
|    next payload type: ISAKMP_NEXT_v2TSr
|    length: 24
|    number of TS: 1
| processing payload: ISAKMP_NEXT_v2TSi (len=24) 
| **parse IKEv2 Traffic Selectors:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 24
|    number of TS: 1
| processing payload: ISAKMP_NEXT_v2TSr (len=24) 
../parentR2psk IKEv2 mode peer ID is ID_FQDN: '@west'
| idhash verify pi  cc 07 97 44  b4 a3 4e 8a  0d 2f 27 8b  ee 06 6d 07
|   a5 a5 75 2e
| idhash verify I2  02 00 00 00  77 65 73 74
| **emit ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   c0 2e 7a 30  31 a0 31 88
|    next payload type: ISAKMP_NEXT_v2E
|    ISAKMP version: IKEv2 version 2.0 (rfc4306)
|    exchange type: ISAKMP_v2_AUTH
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 01
| ***emit IKEv2 Encryption Payload:
|    next payload type: ISAKMP_NEXT_v2IDr
|    critical bit: Payload-Critical
| emitting 16 zero bytes of iv into IKEv2 Encryption Payload
| *****emit IKEv2 Identification Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH
|    id_type: ID_FQDN
| emitting 4 raw bytes of my identity into IKEv2 Identification Payload
| my identity  65 61 73 74
| emitting length of IKEv2 Identification Payload: 12
| idhash calc pr  e9 00 11 7e  41 d4 31 62  40 b8 63 22  bf 06 9f bc
|   eb 81 58 e7
| idhash calc R2  02 00 00 00  65 61 73 74
| *****emit IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA
|    auth method: v2_AUTH_SHARED
| emitting 192 zero bytes of fake psk auth into IKEv2 Authentication Payload
| emitting length of IKEv2 Authentication Payload: 200
| duplicating state object #1
| creating state object #2 at ADDR
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  c0 2e 7a 30  31 a0 31 88
| state hash entry 30
| *****emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi
|    critical bit: Payload-Critical
| empty esp_info, returning defaults
| ***parse IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    length: 36
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into CHILD SA SPI
| CHILD SA SPI  12 34 56 78
| SPI received: 12345678
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 8
|    transform type: 1
|    transform ID: 12
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    length: 8
|    transform type: 3
|    transform ID: 2
| ****parse IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 8
|    transform type: 5
|    transform ID: 0
| ***parse IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_P
|    length: 36
|    prop #: 2
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into CHILD SA SPI
| CHILD SA SPI  12 34 56 78
| SPI received: 12345678
| ******emit IKEv2 Proposal Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    prop #: 1
|    proto ID: 3
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  12 34 56 78
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 1
|    transform ID: 12
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_T
|    transform type: 3
|    transform ID: 2
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    transform type: 5
|    transform ID: 0
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| emitting length of IKEv2 Security Association Payload: 40
| ***parse IKEv2 Traffic Selectors:
|    TS type: ID_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    length: 16
|    start port: 0
|    end port: 65535
| parsing 4 raw bytes of IKEv2 Traffic Selectors into ipv4 ts
| ipv4 ts  c0 00 01 00
| parsing 4 raw bytes of IKEv2 Traffic Selectors into ipv4 ts
| ipv4 ts  c0 00 01 ff
| ***parse IKEv2 Traffic Selectors:
|    TS type: ID_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    length: 16
|    start port: 0
|    end port: 65535
| parsing 4 raw bytes of IKEv2 Traffic Selectors into ipv4 ts
| ipv4 ts  c0 00 02 00
| parsing 4 raw bytes of IKEv2 Traffic Selectors into ipv4 ts
| ipv4 ts  c0 00 02 ff
|   ikev2_eval_conn evaluating I=westnet--eastnet-ikev2:192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 
|     tsi[0]=192.0.1.0/192.0.1.255 tsr[0]=192.0.2.0/192.0.2.255 
|       has ts_range1=8 maskbits1=24 ts_range2=8 maskbits2=24 fitbits=8224 <> -1
| find_host_pair: comparing to 192.1.2.23:500 192.1.2.45:500 
|   checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is not found
| *****emit IKEv2 Traffic Selectors:
|    next payload type: ISAKMP_NEXT_v2TSr
|    number of TS: 1
| ******emit IKEv2 Traffic Selectors:
|    TS type: ID_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selectors
| ipv4 low  c0 00 01 00
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selectors
| ipv4 high  c0 00 01 ff
| emitting length of IKEv2 Traffic Selectors: 16
| emitting length of IKEv2 Traffic Selectors: 24
| *****emit IKEv2 Traffic Selectors:
|    next payload type: ISAKMP_NEXT_NONE
|    number of TS: 1
| ******emit IKEv2 Traffic Selectors:
|    TS type: ID_IPV4_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selectors
| ipv4 low  c0 00 02 00
| emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selectors
| ipv4 high  c0 00 02 ff
| emitting length of IKEv2 Traffic Selectors: 16
| emitting length of IKEv2 Traffic Selectors: 24
| kernel_alg_esp_info():transid=12, auth=2, ei=0xADDR enckeylen=16, authkeylen=20, encryptalg=12, authalg=3
| prf+[0]:  1b c2 c7 bb  61 1e 4a 70  7b a5 60 70  86 8a 23 2a
|   ff 38 45 b2
| prf+[1]:  39 f1 e3 e0  ba e2 7f 09  e9 ca 7f 12  40 74 0c 81
|   79 68 c6 4f
| prf+[2]:  47 72 9c d3  66 f4 a1 70  9d c8 71 c8  01 64 a7 fa
|   e5 49 da 1c
| prf+[3]:  c0 c1 23 75  5a 95 2f b1  d9 83 32 13  b7 7f 0f 3c
|   ce a3 ed 85
| our  keymat  79 68 c6 4f  47 72 9c d3  66 f4 a1 70  9d c8 71 c8
|   01 64 a7 fa  e5 49 da 1c  c0 c1 23 75  5a 95 2f b1
|   d9 83 32 13
| peer keymat  1b c2 c7 bb  61 1e 4a 70  7b a5 60 70  86 8a 23 2a
|   ff 38 45 b2  39 f1 e3 e0  ba e2 7f 09  e9 ca 7f 12
|   40 74 0c 81
| emitting 4 raw bytes of padding and length into cleartext
| padding and length  00 01 02 03
| emitting 12 zero bytes of 96-bits of truncated HMAC into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 336
| emitting length of ISAKMP Message: 364
| data before encryption:
|   27 00 00 0c  02 00 00 00  65 61 73 74  21 00 00 c8
|   02 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
|   00 00 00 00  2c 80 00 28  00 00 00 24  01 03 04 03
|   12 34 56 78  03 00 00 08  01 00 00 0c  03 00 00 08
|   03 00 00 02  00 00 00 08  05 00 00 00  2d 00 00 18
|   01 00 00 00  07 00 00 10  00 00 ff ff  c0 00 01 00
|   c0 00 01 ff  00 00 00 18  01 00 00 00  07 00 00 10
|   00 00 ff ff  c0 00 02 00  c0 00 02 ff  00 01 02 03
| data after encryption:
|   fa 2a 97 14  eb 12 1b 1a  79 18 e9 85  bc ee b3 28
|   48 9d ef a8  fe 68 44 b2  6c 97 df 52  57 a5 e8 de
|   00 69 86 0f  80 27 bd 2f  bb a9 99 97  8e fb 1a e8
|   16 13 a0 6b  8b f2 bd 16  b3 13 2f 41  ba ad b7 e5
|   cf 92 ec b5  6a ea 39 67  99 41 b8 1c  45 b2 59 e9
|   8c 16 2e ca  4f e0 ea b6  45 44 79 de  8e 40 46 18
|   02 28 8a 58  6a 95 d2 9f  3c 33 e4 65  4e 9f f7 51
|   44 bf 1f 20  93 ed 4a e4  f2 a9 e4 7a  fa 30 d3 9f
|   99 95 65 d2  7f 48 66 42  9f f7 73 9b  9d e6 48 c4
|   2d cb a6 0e  bf 68 ec 2b  23 00 5d dc  06 fc 13 c2
|   f4 ab ef 54  d5 13 67 da  e4 2c f4 91  7f 1e 08 4a
|   14 87 c1 bd  e9 63 8b 8e  f1 78 14 84  10 27 59 e8
|   73 d7 49 75  7f 92 50 67  ae 6b d8 00  65 35 ad 9a
|   ab 32 e7 cc  b8 92 49 ee  d3 82 53 2d  29 da 49 3c
|   38 69 bc 30  60 d8 1c 41  b2 94 de 3e  8f d1 c4 73
|   fd 6b 5f 9b  d7 a7 6e b5  a6 ee bf 45  a2 f0 5e e8
|   26 c4 ba 9a  b6 b2 8a 4e  d6 82 0c 19  69 77 b7 d5
|   c4 d9 d9 97  e5 94 9b fd  50 c6 8b 3b  82 bd 54 65
|   d3 a6 2f f8  d1 9a db 35  3b 07 ac 7f  fc 9d 2f 7c
| data being hmac:  00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   2e 20 23 20  00 00 00 01  00 00 01 6c  24 80 01 50
|   00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   fa 2a 97 14  eb 12 1b 1a  79 18 e9 85  bc ee b3 28
|   48 9d ef a8  fe 68 44 b2  6c 97 df 52  57 a5 e8 de
|   00 69 86 0f  80 27 bd 2f  bb a9 99 97  8e fb 1a e8
|   16 13 a0 6b  8b f2 bd 16  b3 13 2f 41  ba ad b7 e5
|   cf 92 ec b5  6a ea 39 67  99 41 b8 1c  45 b2 59 e9
|   8c 16 2e ca  4f e0 ea b6  45 44 79 de  8e 40 46 18
|   02 28 8a 58  6a 95 d2 9f  3c 33 e4 65  4e 9f f7 51
|   44 bf 1f 20  93 ed 4a e4  f2 a9 e4 7a  fa 30 d3 9f
|   99 95 65 d2  7f 48 66 42  9f f7 73 9b  9d e6 48 c4
|   2d cb a6 0e  bf 68 ec 2b  23 00 5d dc  06 fc 13 c2
|   f4 ab ef 54  d5 13 67 da  e4 2c f4 91  7f 1e 08 4a
|   14 87 c1 bd  e9 63 8b 8e  f1 78 14 84  10 27 59 e8
|   73 d7 49 75  7f 92 50 67  ae 6b d8 00  65 35 ad 9a
|   ab 32 e7 cc  b8 92 49 ee  d3 82 53 2d  29 da 49 3c
|   38 69 bc 30  60 d8 1c 41  b2 94 de 3e  8f d1 c4 73
|   fd 6b 5f 9b  d7 a7 6e b5  a6 ee bf 45  a2 f0 5e e8
|   26 c4 ba 9a  b6 b2 8a 4e  d6 82 0c 19  69 77 b7 d5
|   c4 d9 d9 97  e5 94 9b fd  50 c6 8b 3b  82 bd 54 65
|   d3 a6 2f f8  d1 9a db 35  3b 07 ac 7f  fc 9d 2f 7c
| out calculated auth:
|   81 23 57 24  37 a1 d2 8c  f5 2f dc 2d
| complete v2 state transition with STF_OK
../parentR2psk transition from state STATE_PARENT_R1 to state STATE_PARENT_R2
../parentR2psk negotiated tunnel [192.0.2.0,192.0.2.255] -> [192.0.1.0,192.0.1.255]
../parentR2psk STATE_PARENT_R2: received v2I2, PARENT SA established tunnel mode {ESP=>0x12345678 <0x12345678 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
| sending reply packet to 192.1.2.45:500 (from port 500)
sending 364 bytes for STATE_PARENT_R1 through eth0:500 to 192.1.2.45:500 (using #2)
|   00 01 02 03  04 05 06 07  c0 2e 7a 30  31 a0 31 88
|   2e 20 23 20  00 00 00 01  00 00 01 6c  24 80 01 50
|   00 01 02 03  04 05 06 07  08 09 0a 0b  0c 0d 0e 0f
|   fa 2a 97 14  eb 12 1b 1a  79 18 e9 85  bc ee b3 28
|   48 9d ef a8  fe 68 44 b2  6c 97 df 52  57 a5 e8 de
|   00 69 86 0f  80 27 bd 2f  bb a9 99 97  8e fb 1a e8
|   16 13 a0 6b  8b f2 bd 16  b3 13 2f 41  ba ad b7 e5
|   cf 92 ec b5  6a ea 39 67  99 41 b8 1c  45 b2 59 e9
|   8c 16 2e ca  4f e0 ea b6  45 44 79 de  8e 40 46 18
|   02 28 8a 58  6a 95 d2 9f  3c 33 e4 65  4e 9f f7 51
|   44 bf 1f 20  93 ed 4a e4  f2 a9 e4 7a  fa 30 d3 9f
|   99 95 65 d2  7f 48 66 42  9f f7 73 9b  9d e6 48 c4
|   2d cb a6 0e  bf 68 ec 2b  23 00 5d dc  06 fc 13 c2
|   f4 ab ef 54  d5 13 67 da  e4 2c f4 91  7f 1e 08 4a
|   14 87 c1 bd  e9 63 8b 8e  f1 78 14 84  10 27 59 e8
|   73 d7 49 75  7f 92 50 67  ae 6b d8 00  65 35 ad 9a
|   ab 32 e7 cc  b8 92 49 ee  d3 82 53 2d  29 da 49 3c
|   38 69 bc 30  60 d8 1c 41  b2 94 de 3e  8f d1 c4 73
|   fd 6b 5f 9b  d7 a7 6e b5  a6 ee bf 45  a2 f0 5e e8
|   26 c4 ba 9a  b6 b2 8a 4e  d6 82 0c 19  69 77 b7 d5
|   c4 d9 d9 97  e5 94 9b fd  50 c6 8b 3b  82 bd 54 65
|   d3 a6 2f f8  d1 9a db 35  3b 07 ac 7f  fc 9d 2f 7c
|   81 23 57 24  37 a1 d2 8c  f5 2f dc 2d
| releasing whack for #2 (sock=-1)
| releasing whack for #1 (sock=-1)
../parentR2psk leak: reply packet
../parentR2psk leak: skeyseed_t1
../parentR2psk leak: responder keys
../parentR2psk leak: initiator keys
../parentR2psk leak: db_v2_trans
../parentR2psk leak: db_v2_prop_conj
../parentR2psk leak: db_v2_prop
../parentR2psk leak: db_v2_trans
../parentR2psk leak: db_v2_prop_conj
../parentR2psk leak: db_v2_trans
../parentR2psk leak: db_v2_prop_conj
../parentR2psk leak: db_v2_trans
../parentR2psk leak: db_v2_prop_conj
../parentR2psk leak: 4 * sa copy attrs array
../parentR2psk leak: sa copy trans array
../parentR2psk leak: sa copy prop array
../parentR2psk leak: sa copy prop conj array
../parentR2psk leak: sa copy prop_conj
../parentR2psk leak: st_skey_pr in duplicate_state
../parentR2psk leak: st_skey_pi in duplicate_state
../parentR2psk leak: st_skey_er in duplicate_state
../parentR2psk leak: st_skey_ei in duplicate_state
../parentR2psk leak: st_skey_ar in duplicate_state
../parentR2psk leak: st_skey_ai in duplicate_state
../parentR2psk leak: st_skey_d in duplicate_state
../parentR2psk leak: st_skeyseed in duplicate_state
../parentR2psk leak: st_enc_key in duplicate_state
../parentR2psk leak: struct state in new_state()
../parentR2psk leak: ikev2_inI2outR2 KE
../parentR2psk leak: reply packet
../parentR2psk leak: long term secret
../parentR2psk leak: ikev2_inI1outR1 KE
../parentR2psk leak: msg_digest
../parentR2psk leak: myid string
../parentR2psk leak: my FQDN
../parentR2psk leak: host_pair
../parentR2psk leak: host ip
../parentR2psk leak: keep id name
../parentR2psk leak: host ip
../parentR2psk leak: keep id name
../parentR2psk leak: connection name
../parentR2psk leak: struct connection
../parentR2psk leak: policies path
../parentR2psk leak: ocspcerts path
../parentR2psk leak: aacerts path
../parentR2psk leak: certs path
../parentR2psk leak: private path
../parentR2psk leak: crls path
../parentR2psk leak: cacert path
../parentR2psk leak: acert path
../parentR2psk leak: 7 * default conf
../parentR2psk leak: 2 * hasher name
TCPDUMP output
reading from file parentR2psk.pcap, link-type NULL (BSD loopback)
19:00:00.000000 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 336, bad cksum 0 (->f556)!)
    192.1.2.23.500 > 192.1.2.45.500: [no cksum] isakmp 2.0 msgid 00000000 cookie 0001020304050607->c02e7a3031a03188: parent_sa ikev2_init[]:
    (sa[C]: len=40
        (p: #1 protoid=isakmp transform=4 len=40
            (t: #1 type=encr id=aes )
            (t: #2 type=integ id=hmac-sha )
            (t: #3 type=prf id=hmac-sha )
            (t: #4 type=dh id=modp1536 )))
    (v2ke: len=192 group=modp1536)
    (nonce[C]: len=16 nonce=(47e9f9258ca23858f675b166b02cc292) )
    (v2vid: len=12 vid=OEababababab)
19:00:00.000000 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 392, bad cksum 0 (->f51e)!)
    192.1.2.23.500 > 192.1.2.45.500: [no cksum] isakmp 2.0 msgid 00000001 cookie 0001020304050607->c02e7a3031a03188: child_sa  ikev2_auth[]:
    (v2e[C]: len=332
            (v2IDr: len=8 fqdn:east)
            (v2auth: len=196 method=shared-secret authdata=(000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) )
            (sa[C]: len=36
                (p: #1 protoid=ipsec-esp transform=3 len=36 spi=12345678
                    (t: #1 type=encr id=aes )
                    (t: #2 type=integ id=hmac-sha )
                    (t: #3 type=esn id=no-esn )))
            (v2TSi: len=20)
            (v2TSr: len=20))
