Initiator                     Responder
---------------------------------------------------------------------
HDR(IKE_SA_INIT), SAi1, --->
KEi(Curve25519), Ni, N(IKEV2_FRAG_SUPPORTED)
                   <--- HDR(IKE_SA_INIT), SAr1,
                        KEr(Curve25519), Nr, N(IKEV2_FRAG_SUPPORTED),
                        N(CHILDLESS_IKEV2_SUPPORTED)

HDR(IKE_AUTH), SK{ IDi, AUTH  } --->
                   <--- HDR(IKE_AUTH), SK{ IDr, AUTH }

HDR(CREATE_CHILD_SA),
      SK{ SAi(.. ADDKE*...), Ni, KEi(Curve25519) } --->
  Proposal #1
    Transform ECR (ID = ENCR_AES_GCM_16,
                   256-bit key)
    Transform PRF (ID = PRF_HMAC_SHA2_512)
    Transform KE (ID = Curve25519)
    Transform ADDKE1 (ID = PQ_KEM_1)
    Transform ADDKE1 (ID = PQ_KEM_2)
    Transform ADDKE2 (ID = PQ_KEM_5)
    Transform ADDKE2 (ID = PQ_KEM_6)
    Transform ADDKE2 (ID = NONE)
                   <--- HDR(CREATE_CHILD_SA), SK{ SAr(.. ADDKE*...),
                        Nr, KEr(Curve25519),
                        N(ADDITIONAL_KEY_EXCHANGE)(link1) }
                          Proposal #1
                            Transform ECR (ID = ENCR_AES_GCM_16,
                                           256-bit key)
                            Transform PRF (ID = PRF_HMAC_SHA2_512)
                            Transform KE (ID = Curve25519)
                            Transform ADDKE1 (ID = PQ_KEM_2)
                            Transform ADDKE2 (ID = PQ_KEM_5)

HDR(IKE_FOLLOWUP_KE), SK{ KEi(1)(PQ_KEM_2), --->
N(ADDITIONAL_KEY_EXCHANGE)(link1) }
                  <--- HDR(IKE_FOLLOWUP_KE), SK{ KEr(1)(PQ_KEM_2),
                        N(ADDITIONAL_KEY_EXCHANGE)(link2) }

HDR(IKE_FOLLOWUP_KE), SK{ KEi(2)(PQ_KEM_5), --->
N(ADDITIONAL_KEY_EXCHANGE)(link2) }
                  <--- HDR(IKE_FOLLOWUP_KE), SK{ KEr(2)(PQ_KEM_5) }