"ipsec whack --staus" after first tunnel setup:
-----------------------------------------------
000 "RZN78L80_R1N10_DSL": 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79...%any===10.13.10.0/32; unrouted; eroute owner: #0
000 "RZN78L80_R1N10_DSL":     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L80_R1N10_DSL":   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L80_R1N10_DSL":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L80_R1N10_DSL":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip80; kind=CK_TEMPLATE
000 "RZN78L80_R1N10_DSL":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0;
000 "RZN78L80_R1N10_DSL"[1]: 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79...192.168.1.5[@000149FFFF70.example.de]===10.13.10.0/32; erouted; eroute owner: #2
000 "RZN78L80_R1N10_DSL"[1]:     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L80_R1N10_DSL"[1]:   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L80_R1N10_DSL"[1]:   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L80_R1N10_DSL"[1]:   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip80; kind=CK_INSTANCE
000 "RZN78L80_R1N10_DSL"[1]:   newest ISAKMP SA: #1; newest IPsec SA: #2; eroute owner: #2;
000 "RZN78L80_R1N10_DSL"[1]:   IKE algorithm newest: AES_CBC_256-SHA2_256-MODP2048
000  
000 #2: "RZN78L80_R1N10_DSL"[1] 192.168.1.5:500 IKEv1.0 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28519s; newest IPSEC; eroute owner; isakmp#1; idle; import:not set
000 #2: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 esp.223f6d80@192.168.1.5 esp.21c4ccff@192.168.3.80 tun.0@192.168.1.5 tun.0@192.168.3.80 ref=0 refhim=4294901761
000 #1: "RZN78L80_R1N10_DSL"[1] 192.168.1.5:500 IKEv1.0 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3319s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set

"ipsec whack --staus" after "power off" of client and new tunnel setup:
-----------------------------------------------------------------------
000 "RZN78L80_R1N10_DSL": 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79...%any===10.13.10.0/32; unrouted; eroute owner: #0
000 "RZN78L80_R1N10_DSL":     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L80_R1N10_DSL":   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L80_R1N10_DSL":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L80_R1N10_DSL":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip80; kind=CK_TEMPLATE
000 "RZN78L80_R1N10_DSL":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0;
000 "RZN78L80_R1N10_DSL"[1]: 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79...192.168.1.5[@000149FFFF70.example.de]===10.13.10.0/32; erouted; eroute owner: #4
000 "RZN78L80_R1N10_DSL"[1]:     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L80_R1N10_DSL"[1]:   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L80_R1N10_DSL"[1]:   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L80_R1N10_DSL"[1]:   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip80; kind=CK_INSTANCE
000 "RZN78L80_R1N10_DSL"[1]:   newest ISAKMP SA: #3; newest IPsec SA: #4; eroute owner: #4;
000 "RZN78L80_R1N10_DSL"[1]:   IKE algorithm newest: AES_CBC_256-SHA2_256-MODP2048
000  
000 #4: "RZN78L80_R1N10_DSL"[1] 192.168.1.5:500 IKEv1.0 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28523s; newest IPSEC; eroute owner; isakmp#3; idle; import:not set
000 #4: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 esp.d63208fb@192.168.1.5 esp.b4333e15@192.168.3.80 tun.0@192.168.1.5 tun.0@192.168.3.80 ref=0 refhim=4294901761
000 #3: "RZN78L80_R1N10_DSL"[1] 192.168.1.5:500 IKEv1.0 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3323s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
000 #2: "RZN78L80_R1N10_DSL"[1] 192.168.1.5:500 IKEv1.0 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28435s; isakmp#1; idle; import:not set
000 #2: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 esp.223f6d80@192.168.1.5 esp.21c4ccff@192.168.3.80 tun.0@192.168.1.5 tun.0@192.168.3.80 ref=0 refhim=4294901761
000 #1: "RZN78L80_R1N10_DSL"[1] 192.168.1.5:500 IKEv1.0 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3235s; lastdpd=-1s(seq in:0 out:0); idle; import:not set


Log of RZNV78v2 ( Linux Openswan U2.6.51.2/K4.4.165-81-default (netkey)):
=========================================================================
Startup:
--------
May 22 11:28:24 rznv78v2 systemd[1]: Starting Openswan daemon...
May 22 11:28:24 rznv78v2 kernel: NET: Registered protocol family 15
May 22 11:28:24 rznv78v2 ipsec_setup[11724]: Starting Openswan IPsec U2.6.51.2/K4.4.165-81-default...
May 22 11:28:24 rznv78v2 ipsec[11712]: <27>May 22 11:28:24 ipsec_setup: Starting Openswan IPsec U2.6.51.2/K4.4.165-81-default...
May 22 11:28:24 rznv78v2 ipsec_setup[11741]: Using NETKEY(XFRM) stack
May 22 11:28:24 rznv78v2 kernel: Initializing XFRM netlink socket
May 22 11:28:24 rznv78v2 kernel: AVX2 instructions are not detected.
May 22 11:28:24 rznv78v2 kernel: AVX2 or AES-NI instructions are not detected.
May 22 11:28:24 rznv78v2 ipsec__plutorun[11839]: Starting Pluto subsystem...
May 22 11:28:24 rznv78v2 ipsec_setup[11845]: ...Openswan IPsec started
May 22 11:28:24 rznv78v2 systemd[1]: Started Openswan daemon.
May 22 11:28:24 rznv78v2 pluto[11846]: adjusting ipsec.d to /etc/ipsec.d
May 22 11:28:24 rznv78v2 pluto[11846]: Labelled IPsec not enabled; value 32001 ignored.
May 22 11:28:24 rznv78v2 pluto[11846]: Starting Pluto (Openswan Version 2.6.51.2; Vendor ID OSW][OUd@}hE) pid:11846
May 22 11:28:24 rznv78v2 pluto[11846]: LEAK_DETECTIVE support [disabled]
May 22 11:28:24 rznv78v2 pluto[11846]: OCF support for IKE [disabled]
May 22 11:28:24 rznv78v2 pluto[11846]: SAref support [disabled]: Protocol not available
May 22 11:28:24 rznv78v2 pluto[11846]: SAbind support [disabled]: Protocol not available
May 22 11:28:24 rznv78v2 pluto[11846]: NSS support [disabled]
May 22 11:28:24 rznv78v2 pluto[11846]: HAVE_STATSD notification support not compiled in
May 22 11:28:24 rznv78v2 pluto[11846]: Setting NAT-Traversal port-4500 floating to on
May 22 11:28:24 rznv78v2 pluto[11846]:    port floating activation criteria nat_t=1/port_float=1
May 22 11:28:24 rznv78v2 pluto[11846]:    NAT-Traversal support  [enabled]
May 22 11:28:24 rznv78v2 pluto[11846]: using /dev/urandom as source of random entropy
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
May 22 11:28:24 rznv78v2 pluto[11846]: starting up 1 cryptographic helpers
May 22 11:28:24 rznv78v2 pluto[11846]: started helper pid=11850 (fd:8)
May 22 11:28:24 rznv78v2 pluto[11846]: Using Linux XFRM/NETKEY IPsec interface code on 4.4.165-81-default
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: adjusting ipsec.d to /etc/ipsec.d
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: Labelled IPsec not enabled; value 32001 ignored.
May 22 11:28:24 rznv78v2 pluto[11850]: using /dev/urandom as source of random entropy
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 11:28:24 rznv78v2 pluto[11846]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
May 22 11:28:24 rznv78v2 pluto[11846]:   loaded CA cert file 'exampleCa-2015-cacert.pem' (1814 bytes)
May 22 11:28:24 rznv78v2 pluto[11846]:   loading certificate from /etc/ipsec.d/MyCerts/08002725BA4E.cert.der
May 22 11:28:24 rznv78v2 pluto[11846]:   loaded host cert file '/etc/ipsec.d/MyCerts/08002725BA4E.cert.der' (1333 bytes)
May 22 11:28:24 rznv78v2 pluto[11846]: adding connection: "RZN78L80_R1N10_DSL"
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002   loading certificate from /etc/ipsec.d/MyCerts/08002725BA4E.cert.der
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002   loaded host cert file '/etc/ipsec.d/MyCerts/08002725BA4E.cert.der' (1333 bytes)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding connection: "RZN78L80_R1N10_DSL"
May 22 11:28:24 rznv78v2 pluto[11846]: listening for IKE messages
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth2/eth2 10.11.0.78:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth2/eth2 10.11.0.78:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip87/eth1:ip87 192.168.3.87:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip87/eth1:ip87 192.168.3.87:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip89/eth1:ip89 192.168.3.89:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip89/eth1:ip89 192.168.3.89:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip88/eth1:ip88 192.168.3.88:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip88/eth1:ip88 192.168.3.88:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip86/eth1:ip86 192.168.3.86:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip86/eth1:ip86 192.168.3.86:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip85/eth1:ip85 192.168.3.85:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip85/eth1:ip85 192.168.3.85:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip81/eth1:ip81 192.168.3.81:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip81/eth1:ip81 192.168.3.81:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip80/eth1:ip80 192.168.3.80:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1:ip80/eth1:ip80 192.168.3.80:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1/eth1 192.168.3.78:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth1/eth1 192.168.3.78:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth0/eth0 10.1.5.78:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface eth0/eth0 10.1.5.78:4500
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface lo/lo 127.0.0.1:500 (AF_INET)
May 22 11:28:24 rznv78v2 pluto[11846]: adding interface lo/lo 127.0.0.1:4500
May 22 11:28:24 rznv78v2 pluto[11846]: loading secrets from "/etc/ipsec.secrets"
May 22 11:28:24 rznv78v2 pluto[11846]:   loaded private key file '/etc/ipsec.d/private/08002725BA4E.key.pem' (1751 bytes)
May 22 11:28:24 rznv78v2 pluto[11846]: loaded private key for keyid: PPK_RSA:AwEAAef8L/42F8 62EC 7C6B 1ECF C411 8C7D 4373 6C3C 771B 90DE
May 22 11:28:24 rznv78v2 pluto[11846]: loaded private key for keyid: PPK_RSA:AQOIxxcfK/CA21 5F7B 781C 15D7 BD0D 62B3 222D 1EEE FA27 2FC3
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 listening for IKE messages
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth2/eth2 10.11.0.78:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth2/eth2 10.11.0.78:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip87/eth1:ip87 192.168.3.87:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip87/eth1:ip87 192.168.3.87:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip89/eth1:ip89 192.168.3.89:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip89/eth1:ip89 192.168.3.89:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip88/eth1:ip88 192.168.3.88:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip88/eth1:ip88 192.168.3.88:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip86/eth1:ip86 192.168.3.86:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip86/eth1:ip86 192.168.3.86:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip85/eth1:ip85 192.168.3.85:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip85/eth1:ip85 192.168.3.85:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip81/eth1:ip81 192.168.3.81:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip81/eth1:ip81 192.168.3.81:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip80/eth1:ip80 192.168.3.80:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1:ip80/eth1:ip80 192.168.3.80:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1/eth1 192.168.3.78:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth1/eth1 192.168.3.78:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth0/eth0 10.1.5.78:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface eth0/eth0 10.1.5.78:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface lo/lo 127.0.0.1:500 (AF_INET)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 adding interface lo/lo 127.0.0.1:4500
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 loading secrets from "/etc/ipsec.secrets"
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002   loaded private key file '/etc/ipsec.d/private/08002725BA4E.key.pem' (1751 bytes)
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 loaded private key for keyid: PPK_RSA:AwEAAef8L/42F8 62EC 7C6B 1ECF C411 8C7D 4373 6C3C 771B 90DE
May 22 11:28:24 rznv78v2 ipsec__plutorun[11841]: 002 loaded private key for keyid: PPK_RSA:AQOIxxcfK/CA21 5F7B 781C 15D7 BD0D 62B3 222D 1EEE FA27 2FC3
May 22 11:29:08 rznv78v2 pluto[11846]: packet from 192.168.1.5:500: ignoring unknown Vendor ID payload [4f535751624a50497c705f61]
May 22 11:29:08 rznv78v2 pluto[11846]: packet from 192.168.1.5:500: received Vendor ID payload [Dead Peer Detection]
May 22 11:29:08 rznv78v2 pluto[11846]: packet from 192.168.1.5:500: received Vendor ID payload [RFC 3947] method set to=115
May 22 11:29:08 rznv78v2 pluto[11846]: packet from 192.168.1.5:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
May 22 11:29:08 rznv78v2 pluto[11846]: packet from 192.168.1.5:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
May 22 11:29:08 rznv78v2 pluto[11846]: packet from 192.168.1.5:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
May 22 11:29:08 rznv78v2 pluto[11846]: packet from 192.168.1.5:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

first tunnel setup:
-------------------
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: responding to Main Mode
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: STATE_MAIN_R1: sent MR1, expecting MI2
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: STATE_MAIN_R2: sent MR2, expecting MI3
May 22 11:29:08 rznv78v2 pluto[11846]: | WARNING: /root/Openswan/openswan-2.6.51.3/programs/pluto/crypt_start_dh.c:160: encryptor 'aes' expects keylen 32/256, SA #1 RESPONDER keylen is 0
May 22 11:29:08 rznv78v2 pluto[11846]: | WARNING: /root/Openswan/openswan-2.6.51.3/programs/pluto/ikev1_main.c:1206: encryptor 'aes' expects keylen 32/256, SA #1 RESPONDER keylen is 0
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: Main mode peer ID is ID_FQDN: '@000149FFFF70.example.de'
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: no crl from issuer "C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de" found (strict=no)
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL" #1: switched from "RZN78L80_R1N10_DSL" to "RZN78L80_R1N10_DSL"
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #1: I am sending my cert
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG oursig= theirsig=AwEAAa34z cipher=aes_256 prf=OAKLEY_SHA2_256 group=modp2048}
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #1: the peer proposed: 10.11.0.0/24:0/0 -> 10.13.10.0/32:0/0
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #2: responding to Quick Mode proposal {msgid:9bbc9309}
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #2:     us: 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #2:   them: 192.168.1.5[@000149FFFF70.example.de]===10.13.10.0/32
May 22 11:29:08 rznv78v2 pluto[11846]: |  authalg converted for sha2 truncation at 96bits instead of IETF's mandated 128bits
May 22 11:29:08 rznv78v2 pluto[11846]: |  authalg converted for sha2 truncation at 96bits instead of IETF's mandated 128bits
May 22 11:29:08 rznv78v2 pluto[11846]: | creating SPD to 192.168.1.5->spi=00010000@192.168.3.80 proto=4
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
May 22 11:29:08 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
May 22 11:29:08 rznv78v2 pluto[11846]: | creating SPD to 192.168.3.80->spi=00000000@192.168.1.5 proto=4
May 22 11:29:09 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
May 22 11:29:09 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x223f6d80 <0x21c4ccff xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=none}


new tunnel setup after "power off" of client:
---------------------------------------------
May 22 11:30:01 rznv78v2 cron[11876]: pam_unix(crond:session): session opened for user root by (uid=0)
May 22 11:30:01 rznv78v2 cron[11875]: pam_unix(crond:session): session opened for user root by (uid=0)
May 22 11:30:01 rznv78v2 systemd[1]: Started Session 311 of user root.
May 22 11:30:01 rznv78v2 systemd[1]: Started Session 312 of user root.
May 22 11:30:01 rznv78v2 sntp[11897]: sntp 4.2.8p12@1.3728-o Tue Oct 23 16:07:06 UTC 2018 (1)
May 22 11:30:01 rznv78v2 sntp[11897]: 2019-05-22 11:30:01.267769 (+0200) -0.00 +/- 0.079897 10.1.5.254 s4 no-leap
May 22 11:30:01 rznv78v2 sddm-greeter[1802]: Time engine Clock skew signaled
May 22 11:30:01 rznv78v2 CRON[11876]: pam_unix(crond:session): session closed for user root
May 22 11:30:01 rznv78v2 CRON[11875]: pam_unix(crond:session): session closed for user root
May 22 11:30:36 rznv78v2 pluto[11846]: packet from 192.168.1.6:500: ignoring unknown Vendor ID payload [4f535751624a50497c705f61]
May 22 11:30:36 rznv78v2 pluto[11846]: packet from 192.168.1.6:500: received Vendor ID payload [Dead Peer Detection]
May 22 11:30:36 rznv78v2 pluto[11846]: packet from 192.168.1.6:500: received Vendor ID payload [RFC 3947] method set to=115
May 22 11:30:36 rznv78v2 pluto[11846]: packet from 192.168.1.6:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
May 22 11:30:36 rznv78v2 pluto[11846]: packet from 192.168.1.6:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
May 22 11:30:36 rznv78v2 pluto[11846]: packet from 192.168.1.6:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
May 22 11:30:36 rznv78v2 pluto[11846]: packet from 192.168.1.6:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: responding to Main Mode from unknown peer 192.168.1.5
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: STATE_MAIN_R1: sent MR1, expecting MI2
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: STATE_MAIN_R2: sent MR2, expecting MI3
May 22 11:30:36 rznv78v2 pluto[11846]: | WARNING: /root/Openswan/openswan-2.6.51.3/programs/pluto/crypt_start_dh.c:160: encryptor 'aes' expects keylen 32/256, SA #3 RESPONDER keylen is 0
May 22 11:30:36 rznv78v2 pluto[11846]: | WARNING: /root/Openswan/openswan-2.6.51.3/programs/pluto/ikev1_main.c:1206: encryptor 'aes' expects keylen 32/256, SA #3 RESPONDER keylen is 0
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: Main mode peer ID is ID_FQDN: '@000149FFFF70.example.de'
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: no crl from issuer "C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de" found (strict=no)
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: I am sending my cert
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG oursig= theirsig=AwEAAa34z cipher=aes_256 prf=OAKLEY_SHA2_256 group=modp2048}
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #3: the peer proposed: 10.11.0.0/24:0/0 -> 10.13.10.0/32:0/0
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #4: responding to Quick Mode proposal {msgid:b7051a22}
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #4:     us: 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #4:   them: 192.168.1.5[@000149FFFF70.example.de]===10.13.10.0/32
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #4: keeping refhim=4294901761 during rekey
May 22 11:30:36 rznv78v2 pluto[11846]: |  authalg converted for sha2 truncation at 96bits instead of IETF's mandated 128bits
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
May 22 11:30:36 rznv78v2 pluto[11846]: |  authalg converted for sha2 truncation at 96bits instead of IETF's mandated 128bits
May 22 11:30:36 rznv78v2 pluto[11846]: | creating SPD to 192.168.3.80->spi=00000000@192.168.1.6 proto=4
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
May 22 11:30:36 rznv78v2 pluto[11846]: "RZN78L80_R1N10_DSL"[1] 192.168.1.5 #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xd63208fb <0xb4333e15 xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=none}