
  Electric Fence 2.1 Copyright (C) 1987-1998 Bruce Perens.
../parentR1dcookie ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
../parentR1dcookie ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
../parentR1dcookie ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
../parentR1dcookie ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
../parentR1dcookie ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
../parentR1dcookie ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
../parentR1dcookie ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
| interface "eth0" matched right side
../parentR1dcookie added connection description "westnet--eastnet-ikev2"
Pre-amble: #!-pluto-whack-file- recorded on east on 2008-01-17 15:33:58
../parentR1dcookie listening for IKE messages
RC=0 "westnet--eastnet-ikev2": 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east,S=C]...192.1.2.45<192.1.2.45>[@west,S=C]===192.0.1.0/24; unrouted; eroute owner: #0
RC=0 "westnet--eastnet-ikev2":     myip=unset; hisip=unset;
RC=0 "westnet--eastnet-ikev2":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
RC=0 "westnet--eastnet-ikev2":   policy: PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init; prio: 24,24; interface: eth0; 
RC=0 "westnet--eastnet-ikev2":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
| *received 668 bytes from 192.1.2.45:500 on eth0 (port=500)
|   00 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 02 9c  22 80 01 94
|   02 00 00 28  01 01 00 04  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  02 01 00 04
|   03 00 00 08  01 00 00 0c  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  03 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 05  02 00 00 28  04 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 05
|   02 00 00 28  05 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  02 00 00 28  06 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 02
|   02 00 00 28  07 01 00 04  03 00 00 08  01 00 00 0c
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 0e  02 00 00 28  08 01 00 04
|   03 00 00 08  01 00 00 0c  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 0e
|   02 00 00 28  09 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 0e  00 00 00 28  0a 01 00 04
|   03 00 00 08  01 00 00 03  03 00 00 08  03 00 00 02
|   03 00 00 08  02 00 00 01  00 00 00 08  04 00 00 0e
|   28 00 00 c8  00 05 00 00  ff bc 6a 92  a6 b9 55 9b
|   05 fa 96 a7  a4 35 07 b4  c1 e1 c0 86  1a 58 71 d9
|   ba 73 a1 63  11 37 88 c0  de bb 39 79  e7 ff 0c 52
|   b4 ce 60 50  eb 05 36 9e  a4 30 0d 2b  ff 3b 1b 29
|   9f 3b 80 2c  cb 13 31 8c  2a b9 e3 b5  62 7c b4 b3
|   5e b9 39 98  20 76 b5 7c  05 0d 7b 35  c3 c5 c7 cc
|   8c 0f ea b7  b6 4a 7d 7b  6b 8f 6b 4d  ab f4 ac 40
|   6d d2 01 26  b9 0a 98 ac  76 6e fa 37  a7 89 0c 43
|   94 ff 9a 77  61 5b 58 f5  2d 65 1b bf  a5 8d 2a 54
|   9a f8 b0 1a  a4 bc a3 d7  62 42 66 63  b1 55 d4 eb
|   da 9f 60 a6  a1 35 73 e6  a8 88 13 5c  dc 67 3d d4
|   83 02 99 03  f3 a9 0e ca  23 e1 ec 1e  27 03 31 b2
|   d0 50 f4 f7  58 f4 99 27  2b 80 00 14  b5 ce 84 19
|   09 5c 6e 2b  6b 62 d3 05  53 05 b3 c4  00 00 00 10
|   4f 45 VENDOR
| **parse ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_INIT
|    message ID:  00 00 00 00
|    length: 668
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34)
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| v2 state object not found
| ***parse IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: Payload-Critical
|    length: 404
| processing payload: ISAKMP_NEXT_v2SA (len=404) 
| ***parse IKEv2 Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_v2Ni
|    length: 200
|    transform type: 5
| processing payload: ISAKMP_NEXT_v2KE (len=200) 
| ***parse IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2V
|    critical bit: Payload-Critical
|    length: 20
| processing payload: ISAKMP_NEXT_v2Ni (len=20) 
| ***parse IKEv2 Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: Payload-Non-Critical
|    length: 16
| processing payload: ISAKMP_NEXT_v2V (len=16) 
| find_host_connection called from ikev2parent_inI1outR1, me=192.1.2.23:500 him=192.1.2.45:500 policy=IKEv2ALLOW
| find_host_pair: comparing to 192.1.2.23:500 192.1.2.45:500 
| find_host_pair_conn (find_host_connection2): 192.1.2.23:500 192.1.2.45:500 -> hp:westnet--eastnet-ikev2 
| searching for policy=IKEv2ALLOW, found=IKEv2ALLOW (westnet--eastnet-ikev2)
| find_host_connection returns westnet--eastnet-ikev2
| found connection: westnet--eastnet-ikev2 
| creating state object #1 at ADDR
| interface "eth0" matched right side
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
| inserting state object #1 on chain 4
| ikev2 secret_of_the_day used abcdabcdabcd, length 20
| busy mode on. receieved I1 without a valid dcookie
| send a dcookie and forget this state
../parentR1dcookie sending notification v2N_COOKIE to 192.1.2.45:500
| **emit ISAKMP Message:
|    initiator cookie:
|   00 01 02 03  04 05 06 07
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    next payload type: ISAKMP_NEXT_v2N
|    ISAKMP version: IKEv2 version 2.0 (rfc4306)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_RESPONSE
|    message ID:  00 00 00 00
| Adding a v2N Payload
| ***emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    critical bit: Payload-Critical
|    Protocol ID: PROTO_ISAKMP
|    SPI size: 0
|    Notify Message Type: v2N_COOKIE
| emitting 20 raw bytes of Notifiy data into IKEv2 Notify Payload
| Notifiy data  1e f3 91 b5  a5 e2 49 40  b9 31 35 70  9f a1 19 3d
|   44 2d 0a bc
| emitting length of IKEv2 Notify Payload: 28
| emitting length of ISAKMP Message: 56
sending 56 bytes for send_v2_notification through eth0:500 to 192.1.2.45:500 (using #1)
|   00 01 02 03  04 05 06 07  00 00 00 00  00 00 00 00
|   29 20 22 20  00 00 00 00  00 00 00 38  00 80 00 1c
|   01 00 40 06  1e f3 91 b5  a5 e2 49 40  b9 31 35 70
|   9f a1 19 3d  44 2d 0a bc
| complete v2 state transition with (null)
RC=200 STATE_PARENT_R1: (null)
| state transition function for STATE_PARENT_R1 failed: (null)
| ICOOKIE:  00 01 02 03  04 05 06 07
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 4
../parentR1dcookie leak: msg_digest
../parentR1dcookie leak: myid string
../parentR1dcookie leak: my FQDN
../parentR1dcookie leak: host_pair
../parentR1dcookie leak: host ip
../parentR1dcookie leak: keep id name
../parentR1dcookie leak: host ip
../parentR1dcookie leak: keep id name
../parentR1dcookie leak: connection name
../parentR1dcookie leak: struct connection
../parentR1dcookie leak: policies path
../parentR1dcookie leak: ocspcerts path
../parentR1dcookie leak: aacerts path
../parentR1dcookie leak: certs path
../parentR1dcookie leak: private path
../parentR1dcookie leak: crls path
../parentR1dcookie leak: cacert path
../parentR1dcookie leak: acert path
../parentR1dcookie leak: 7 * default conf
../parentR1dcookie leak: 2 * hasher name
TCPDUMP output
reading from file parentR1dcookie.pcap, link-type NULL (BSD loopback)
20:00:00.000000 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 84, bad cksum 0 (->f652)!)
    192.1.2.23.500 > 192.1.2.45.500: [no cksum] isakmp 2.0 msgid 00000000 cookie 0001020304050607->0000000000000000: parent_sa ikev2_init[]:
    (n[C]: prot_id=isakmp type=16390(cookie) data=(1ef391b5a5e24940b93135709fa1193d442d0abc))
