Electric Fence 2.1 Copyright (C) 1987-1998 Bruce Perens. ../parentI2psk ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) ../parentI2psk ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) ../parentI2psk ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) ../parentI2psk ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) ../parentI2psk ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) ../parentI2psk ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) ../parentI2psk ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) | interface "eth0" matched left side ../parentI2psk added connection description "westnet--eastnet-ikev2" RC=0 "westnet--eastnet-ikev2": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west,S=C]...192.1.2.23<192.1.2.23>[@east,S=C]===192.0.2.0/24; unrouted; eroute owner: #0 RC=0 "westnet--eastnet-ikev2": myip=unset; hisip=unset; RC=0 "westnet--eastnet-ikev2": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 RC=0 "westnet--eastnet-ikev2": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_DISABLE+IKEv2ALLOW+IKEV2_PROPOSE; prio: 24,24; interface: eth0; RC=0 "westnet--eastnet-ikev2": newest ISAKMP SA: #0; newest IPsec SA: #0; | interface "eth0" matched left side | ICOOKIE: 00 01 02 03 04 05 06 07 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 4 | inserting state object #1 on chain 4 ../parentI2psk initiating v2 parent SA RC=133 STATE_PARENT_I1: initiate sending 508 bytes for ikev2_parent_outI1_tail through eth0:500 to 192.1.2.23:500 (using #1) | 00 01 02 03 04 05 06 07 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 fc 22 80 00 f4 | 02 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 05 02 00 00 28 02 01 00 04 | 03 00 00 08 01 00 00 0c 03 00 00 08 03 00 00 02 | 03 00 00 08 02 00 00 01 00 00 00 08 04 00 00 05 | 02 00 00 28 03 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 05 02 00 00 28 04 01 00 04 | 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 02 | 03 00 00 08 02 00 00 01 00 00 00 08 04 00 00 05 | 02 00 00 28 05 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 00 00 00 28 06 01 00 04 | 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 02 | 03 00 00 08 02 00 00 01 00 00 00 08 04 00 00 02 | 28 00 00 c8 00 05 00 00 ff bc 6a 92 a6 b9 55 9b | 05 fa 96 a7 a4 35 07 b4 c1 e1 c0 86 1a 58 71 d9 | ba 73 a1 63 11 37 88 c0 de bb 39 79 e7 ff 0c 52 | b4 ce 60 50 eb 05 36 9e a4 30 0d 2b ff 3b 1b 29 | 9f 3b 80 2c cb 13 31 8c 2a b9 e3 b5 62 7c b4 b3 | 5e b9 39 98 20 76 b5 7c 05 0d 7b 35 c3 c5 c7 cc | 8c 0f ea b7 b6 4a 7d 7b 6b 8f 6b 4d ab f4 ac 40 | 6d d2 01 26 b9 0a 98 ac 76 6e fa 37 a7 89 0c 43 | 94 ff 9a 77 61 5b 58 f5 2d 65 1b bf a5 8d 2a 54 | 9a f8 b0 1a a4 bc a3 d7 62 42 66 63 b1 55 d4 eb | da 9f 60 a6 a1 35 73 e6 a8 88 13 5c dc 67 3d d4 | 83 02 99 03 f3 a9 0e ca 23 e1 ec 1e 27 03 31 b2 | d0 50 f4 f7 58 f4 99 27 2b 80 00 14 b5 ce 84 19 | 09 5c 6e 2b 6b 62 d3 05 53 05 b3 c4 00 00 00 10 | 4f 45 VENDOR ../parentI2psk transition from state STATE_IKEv2_START to state STATE_PARENT_I1 ../parentI2psk STATE_PARENT_I1: sent v2I1, expected v2R1 | *received 308 bytes from 192.1.2.23:500 on eth0 (port=500) | 00 01 02 03 04 05 06 07 c0 2e 7a 30 31 a0 31 88 | 21 20 22 20 00 00 00 00 00 00 01 34 22 80 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 05 28 00 00 c8 00 05 00 00 | cd 30 df 6e c0 85 44 12 53 01 80 d8 7e 1a fb b3 | 26 79 3e 99 56 c8 6a 96 25 53 c2 77 ad 5b ab 50 | f8 32 5a d8 64 0b 0e fe a5 1d 6c 83 1f a1 7c fb | 0f 2e 1a f4 b1 66 a0 fe 30 75 12 ad 0f 81 ab b8 | aa fb 68 48 ec 10 a4 97 6c 3d b1 17 ec e1 e6 61 | db bf 48 0c 28 2e 3f 11 07 c1 86 42 80 1e e8 3f | 9e 4a b9 ab 63 6f 23 7d aa f6 a7 aa d8 22 99 3e | a4 1e a3 31 ee 27 82 0b 93 f5 0b 8f 3f 71 05 61 | c9 25 70 26 97 ba 6b 1e 95 3c 21 fb c9 a7 7d 2b | 5f 87 3c fc 50 99 e7 7d 48 4c dd 52 66 4b cf 0d | bf 00 ca fd ae 6d e7 14 6d 11 35 f6 5d 93 5f 60 | b9 73 0f e0 49 2c 2a f8 c9 04 f6 4c 59 16 90 9d | 2b 80 00 14 47 e9 f9 25 8c a2 38 58 f6 75 b1 66 | b0 2c c2 92 00 00 00 10 4f 45 70 6c 75 74 6f 75 | 6e 69 74 30 | **parse ISAKMP Message: | initiator cookie: | 00 01 02 03 04 05 06 07 | responder cookie: | c0 2e 7a 30 31 a0 31 88 | next payload type: ISAKMP_NEXT_v2SA | ISAKMP version: IKEv2 version 2.0 (rfc4306) | exchange type: ISAKMP_v2_SA_INIT | flags: ISAKMP_FLAG_RESPONSE | message ID: 00 00 00 00 | length: 308 | processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34) | ICOOKIE: 00 01 02 03 04 05 06 07 | RCOOKIE: c0 2e 7a 30 31 a0 31 88 | state hash entry 30 | v2 state object not found | ICOOKIE: 00 01 02 03 04 05 06 07 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 4 | v2 peer and cookies match on #1 | v2 state object #1 found, in STATE_PARENT_I1 | ICOOKIE: 00 01 02 03 04 05 06 07 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 4 | ICOOKIE: 00 01 02 03 04 05 06 07 | RCOOKIE: c0 2e 7a 30 31 a0 31 88 | state hash entry 30 | inserting state object #1 on chain 30 | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE | critical bit: Payload-Critical | length: 44 | processing payload: ISAKMP_NEXT_v2SA (len=44) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni | length: 200 | transform type: 5 | processing payload: ISAKMP_NEXT_v2KE (len=200) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2V | critical bit: Payload-Critical | length: 20 | processing payload: ISAKMP_NEXT_v2Ni (len=20) | ***parse IKEv2 Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE | critical bit: Payload-Non-Critical | length: 16 | processing payload: ISAKMP_NEXT_v2V (len=16) | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | cd 30 df 6e c0 85 44 12 53 01 80 d8 7e 1a fb b3 | 26 79 3e 99 56 c8 6a 96 25 53 c2 77 ad 5b ab 50 | f8 32 5a d8 64 0b 0e fe a5 1d 6c 83 1f a1 7c fb | 0f 2e 1a f4 b1 66 a0 fe 30 75 12 ad 0f 81 ab b8 | aa fb 68 48 ec 10 a4 97 6c 3d b1 17 ec e1 e6 61 | db bf 48 0c 28 2e 3f 11 07 c1 86 42 80 1e e8 3f | 9e 4a b9 ab 63 6f 23 7d aa f6 a7 aa d8 22 99 3e | a4 1e a3 31 ee 27 82 0b 93 f5 0b 8f 3f 71 05 61 | c9 25 70 26 97 ba 6b 1e 95 3c 21 fb c9 a7 7d 2b | 5f 87 3c fc 50 99 e7 7d 48 4c dd 52 66 4b cf 0d | bf 00 ca fd ae 6d e7 14 6d 11 35 f6 5d 93 5f 60 | b9 73 0f e0 49 2c 2a f8 c9 04 f6 4c 59 16 90 9d | ****parse IKEv2 Proposal Substructure Payload: | next payload type: ISAKMP_NEXT_NONE | length: 40 | prop #: 1 | proto ID: 1 | spi size: 0 | # transforms: 4 | *****parse IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | length: 8 | transform type: 1 | transform ID: 12 | *****parse IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | length: 8 | transform type: 3 | transform ID: 2 | *****parse IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | length: 8 | transform type: 2 | transform ID: 2 | *****parse IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_NONE | length: 8 | transform type: 4 | transform ID: 5 | ikev2 I 0x0001020304050607 0xc02e7a3031a03188 sha1:0x4ea8e662b07cdd430f6944c6723e4b82d5722418 aes128:0x3f44bf47cafd8150591deb088199fcbf | ikev2 R 0x0001020304050607 0xc02e7a3031a03188 sha1:0x515b0bd22e6d76b34fdb760aa7bfad80b109b75d aes128:0xbedb67ec7dc3d00cccac42e70cd63bde | duplicating state object #1 | creating state object #2 at ADDR | ICOOKIE: 00 01 02 03 04 05 06 07 | RCOOKIE: c0 2e 7a 30 31 a0 31 88 | state hash entry 30 | inserting state object #2 on chain 30 | **emit ISAKMP Message: | initiator cookie: | 00 01 02 03 04 05 06 07 | responder cookie: | c0 2e 7a 30 31 a0 31 88 | next payload type: ISAKMP_NEXT_v2E | ISAKMP version: IKEv2 version 2.0 (rfc4306) | exchange type: ISAKMP_v2_AUTH | flags: ISAKMP_FLAG_INIT | message ID: 00 00 00 01 | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi | critical bit: Payload-Critical | emitting 16 zero bytes of iv into IKEv2 Encryption Payload | IKEv2 thinking whether to send my certificate: | my policy has no RSASIG, the policy is : PSK+ENCRYPT+TUNNEL+PFS+IKEV1_DISABLE+IKEv2ALLOW+IKEV2_PROPOSE | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so do not send cert. | I did not send a certificate because digital signatures are not being used. (PSK) | *****emit IKEv2 Identification Payload: | next payload type: ISAKMP_NEXT_v2AUTH | id_type: ID_FQDN | emitting 4 raw bytes of my identity into IKEv2 Identification Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification Payload: 12 | idhash calc pi cc 07 97 44 b4 a3 4e 8a 0d 2f 27 8b ee 06 6d 07 | a5 a5 75 2e | idhash calc I2 02 00 00 00 77 65 73 74 | *****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA | auth method: v2_AUTH_SHARED | emitting 20 zero bytes of fake psk auth into IKEv2 Authentication Payload | emitting length of IKEv2 Authentication Payload: 28 | empty esp_info, returning defaults | *****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi | critical bit: Payload-Critical | ******emit IKEv2 Proposal Substructure Payload: | next payload type: ISAKMP_NEXT_P | prop #: 1 | proto ID: 3 | spi size: 4 | # transforms: 3 | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 12 34 56 78 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | transform type: 1 | transform ID: 12 | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | transform type: 3 | transform ID: 2 | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_NONE | transform type: 5 | transform ID: 0 | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | ******emit IKEv2 Proposal Substructure Payload: | next payload type: ISAKMP_NEXT_P | prop #: 2 | proto ID: 3 | spi size: 4 | # transforms: 3 | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 12 34 56 78 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | transform type: 1 | transform ID: 12 | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | transform type: 3 | transform ID: 2 | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_NONE | transform type: 5 | transform ID: 0 | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | ******emit IKEv2 Proposal Substructure Payload: | next payload type: ISAKMP_NEXT_P | prop #: 3 | proto ID: 3 | spi size: 4 | # transforms: 3 | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 12 34 56 78 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | transform type: 1 | transform ID: 3 | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | transform type: 3 | transform ID: 2 | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_NONE | transform type: 5 | transform ID: 0 | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | ******emit IKEv2 Proposal Substructure Payload: | next payload type: ISAKMP_NEXT_NONE | prop #: 4 | proto ID: 3 | spi size: 4 | # transforms: 3 | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 12 34 56 78 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | transform type: 1 | transform ID: 3 | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_T | transform type: 3 | transform ID: 2 | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | next payload type: ISAKMP_NEXT_NONE | transform type: 5 | transform ID: 0 | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | emitting length of IKEv2 Security Association Payload: 148 | *****emit IKEv2 Traffic Selectors: | next payload type: ISAKMP_NEXT_v2TSr | number of TS: 1 | ******emit IKEv2 Traffic Selectors: | TS type: ID_IPV4_ADDR_RANGE | IP Protocol ID: 0 | start port: 0 | end port: 65535 | emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selectors | ipv4 low c0 00 01 00 | emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selectors | ipv4 high c0 00 01 ff | emitting length of IKEv2 Traffic Selectors: 16 | emitting length of IKEv2 Traffic Selectors: 24 | *****emit IKEv2 Traffic Selectors: | next payload type: ISAKMP_NEXT_NONE | number of TS: 1 | ******emit IKEv2 Traffic Selectors: | TS type: ID_IPV4_ADDR_RANGE | IP Protocol ID: 0 | start port: 0 | end port: 65535 | emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selectors | ipv4 low c0 00 02 00 | emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selectors | ipv4 high c0 00 02 ff | emitting length of IKEv2 Traffic Selectors: 16 | emitting length of IKEv2 Traffic Selectors: 24 | emitting 4 raw bytes of padding and length into cleartext | padding and length 00 01 02 03 | emitting 12 zero bytes of 96-bits of truncated HMAC into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 272 | emitting length of ISAKMP Message: 300 | data before encryption: | 27 00 00 0c 02 00 00 00 77 65 73 74 21 00 00 1c | 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 2c 80 00 94 02 00 00 24 | 01 03 04 03 12 34 56 78 03 00 00 08 01 00 00 0c | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 02 00 00 24 02 03 04 03 12 34 56 78 03 00 00 08 | 01 00 00 0c 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 02 00 00 24 03 03 04 03 12 34 56 78 | 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 02 | 00 00 00 08 05 00 00 00 00 00 00 24 04 03 04 03 | 12 34 56 78 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | data after encryption: | 52 de 7e 61 b3 e8 0c d9 33 11 27 15 f6 9a 5e 21 | c7 a5 71 f6 ec 54 bf 85 c2 de 76 a5 8c 3e e8 e2 | e0 c8 59 ce ea 04 15 03 d7 60 67 6b d8 3f 3f fc | 02 5a 8e 53 20 6b 2c 98 fa ed 9a 9a 2f 96 b4 30 | a7 7b fb cd 14 a2 a0 b7 b6 a9 02 68 05 2e b7 e3 | 4b bf 30 03 79 da 81 53 b3 6e fa e3 51 50 b3 b5 | 5f f8 59 23 0b 3d d6 0e 92 73 03 35 68 99 55 3f | 99 eb 09 3b 04 e1 73 8f b1 7a e2 49 66 20 e0 99 | 88 2c 19 19 c8 34 7d ca 15 6c 38 ce 59 47 e6 71 | e9 86 53 dd 79 d3 cf f9 09 66 d9 6e b7 a5 aa b8 | a8 a4 e6 ea 9a e7 00 20 f1 45 09 ea 99 6c 64 09 | ef 10 66 a5 af f7 54 0e 60 cb 1d f8 c8 0b 29 77 | bd f0 8b db ab 93 de 57 69 ba 3d fe 16 4c d0 11 | e4 4c 58 d3 32 7b 0c ba 2c d9 aa 39 ab e3 b8 2e | b7 c0 d1 f1 a9 34 7d e5 04 c7 e6 e7 ee ea 9c 55 | complete v2 state transition with STF_OK ../parentI2psk transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 ../parentI2psk STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_128 integ=sha1 prf=oakley_sha group=modp1536} | sending reply packet to 192.1.2.23:500 (from port 500) sending 300 bytes for STATE_PARENT_I1 through eth0:500 to 192.1.2.23:500 (using #2) | 00 01 02 03 04 05 06 07 c0 2e 7a 30 31 a0 31 88 | 2e 20 23 08 00 00 00 01 00 00 01 2c 23 80 01 10 | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 52 de 7e 61 b3 e8 0c d9 33 11 27 15 f6 9a 5e 21 | c7 a5 71 f6 ec 54 bf 85 c2 de 76 a5 8c 3e e8 e2 | e0 c8 59 ce ea 04 15 03 d7 60 67 6b d8 3f 3f fc | 02 5a 8e 53 20 6b 2c 98 fa ed 9a 9a 2f 96 b4 30 | a7 7b fb cd 14 a2 a0 b7 b6 a9 02 68 05 2e b7 e3 | 4b bf 30 03 79 da 81 53 b3 6e fa e3 51 50 b3 b5 | 5f f8 59 23 0b 3d d6 0e 92 73 03 35 68 99 55 3f | 99 eb 09 3b 04 e1 73 8f b1 7a e2 49 66 20 e0 99 | 88 2c 19 19 c8 34 7d ca 15 6c 38 ce 59 47 e6 71 | e9 86 53 dd 79 d3 cf f9 09 66 d9 6e b7 a5 aa b8 | a8 a4 e6 ea 9a e7 00 20 f1 45 09 ea 99 6c 64 09 | ef 10 66 a5 af f7 54 0e 60 cb 1d f8 c8 0b 29 77 | bd f0 8b db ab 93 de 57 69 ba 3d fe 16 4c d0 11 | e4 4c 58 d3 32 7b 0c ba 2c d9 aa 39 ab e3 b8 2e | b7 c0 d1 f1 a9 34 7d e5 04 c7 e6 e7 ee ea 9c 55 | 75 c6 9b 0a bb 1c 32 9a 24 48 a6 8c | deleting state #2 | ICOOKIE: 00 01 02 03 04 05 06 07 | RCOOKIE: c0 2e 7a 30 31 a0 31 88 | state hash entry 30 ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_prop ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: 4 * sa copy attrs array ../parentI2psk leak: sa copy trans array ../parentI2psk leak: sa copy prop array ../parentI2psk leak: sa copy prop conj array ../parentI2psk leak: sa copy prop_conj ../parentI2psk leak: ikev2_inR1outI2 KE ../parentI2psk leak: long term secret ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_prop ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: msg_digest ../parentI2psk leak: ikev2_outI1 KE ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_prop ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: db_v2_trans ../parentI2psk leak: db_v2_prop_conj ../parentI2psk leak: host_pair ../parentI2psk leak: host ip ../parentI2psk leak: keep id name ../parentI2psk leak: host ip ../parentI2psk leak: keep id name ../parentI2psk leak: connection name ../parentI2psk leak: struct connection ../parentI2psk leak: policies path ../parentI2psk leak: ocspcerts path ../parentI2psk leak: aacerts path ../parentI2psk leak: certs path ../parentI2psk leak: private path ../parentI2psk leak: crls path ../parentI2psk leak: cacert path ../parentI2psk leak: acert path ../parentI2psk leak: 7 * default conf ../parentI2psk leak: 2 * hasher name TCPDUMP output reading from file parentI2psk.pcap, link-type NULL (BSD loopback) IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 536, bad cksum 0 (->f48e)!) 192.1.2.45.500 > 192.1.2.23.500: [no cksum] isakmp 2.0 msgid 00000000 cookie 0001020304050607->0000000000000000: parent_sa ikev2_init[I]: (sa[C]: len=240 (p: #1 protoid=isakmp transform=4 len=40 (t: #1 type=encr id=aes ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=prf id=hmac-sha ) (t: #4 type=dh id=modp1536 )) (p: #2 protoid=isakmp transform=4 len=40 (t: #1 type=encr id=aes ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=prf id=hmac-md5 ) (t: #4 type=dh id=modp1536 )) (p: #3 protoid=isakmp transform=4 len=40 (t: #1 type=encr id=3des ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=prf id=hmac-sha ) (t: #4 type=dh id=modp1536 )) (p: #4 protoid=isakmp transform=4 len=40 (t: #1 type=encr id=3des ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=prf id=hmac-md5 ) (t: #4 type=dh id=modp1536 )) (p: #5 protoid=isakmp transform=4 len=40 (t: #1 type=encr id=3des ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=prf id=hmac-sha ) (t: #4 type=dh id=modp1024 )) (p: #6 protoid=isakmp transform=4 len=40 (t: #1 type=encr id=3des ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=prf id=hmac-md5 ) (t: #4 type=dh id=modp1024 ))) (v2ke: len=192 group=modp1536) (nonce[C]: len=16 nonce=(b5ce8419095c6e2b6b62d3055305b3c4) ) (v2vid: len=12 vid=OEababababab) IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 328, bad cksum 0 (->f55e)!) 192.1.2.45.500 > 192.1.2.23.500: [no cksum] isakmp 2.0 msgid 00000001 cookie 0001020304050607->c02e7a3031a03188: child_sa ikev2_auth[I]: (v2e[C]: len=268 (v2IDi: len=8 fqdn:west) (v2auth: len=24 method=shared-secret authdata=(0000000000000000000000000000000000000000) ) (sa[C]: len=144 (p: #1 protoid=ipsec-esp transform=3 len=36 spi=12345678 (t: #1 type=encr id=aes ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=esn id=no-esn )) (p: #2 protoid=ipsec-esp transform=3 len=36 spi=12345678 (t: #1 type=encr id=aes ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=esn id=no-esn )) (p: #3 protoid=ipsec-esp transform=3 len=36 spi=12345678 (t: #1 type=encr id=3des ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=esn id=no-esn )) (p: #4 protoid=ipsec-esp transform=3 len=36 spi=12345678 (t: #1 type=encr id=3des ) (t: #2 type=integ id=hmac-sha ) (t: #3 type=esn id=no-esn ))) (v2TSi: len=20) (v2TSr: len=20))