"ipsec whack --staus" after first tunnel setup:
-----------------------------------------------
000  
000 "RZN78L80_R1N10_DSL": 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79...%any===10.13.10.0/32; unrouted; eroute owner: #0
000 "RZN78L80_R1N10_DSL":     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L80_R1N10_DSL":   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L80_R1N10_DSL":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L80_R1N10_DSL":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip80; kind=CK_TEMPLATE
000 "RZN78L80_R1N10_DSL":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0;
000 "RZN78L80_R1N10_DSL"[1]: 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79...%any[@000149FFFF70.example.de]===10.13.10.0/32; erouted; eroute owner: #2
000 "RZN78L80_R1N10_DSL"[1]:     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L80_R1N10_DSL"[1]:   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L80_R1N10_DSL"[1]:   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L80_R1N10_DSL"[1]:   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip80; kind=CK_INSTANCE
000 "RZN78L80_R1N10_DSL"[1]:   newest ISAKMP SA: #0; newest IPsec SA: #2; eroute owner: #2;
000 "RZN78L81_R1N11_DSL": 10.11.0.0/24===192.168.3.81[@08002725BA4E.example.de]---192.168.3.79...%any[@000149FFFF70.example.de]===10.13.11.0/32; unrouted; eroute owner: #0
000 "RZN78L81_R1N11_DSL":     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L81_R1N11_DSL":   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L81_R1N11_DSL":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L81_R1N11_DSL":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip81; kind=CK_PERMANENT
000 "RZN78L81_R1N11_DSL":   newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner: #0;
000 "RZN78L81_R1N11_DSL":   IKE algorithm newest: AES_CBC_256-SHA2_256-MODP2048
000  
000 #2: "RZN78L80_R1N10_DSL"[1] 0.0.0.0:500 IKEv1.0 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28508s; newest IPSEC; eroute owner; isakmp#1; idle; import:not set
000 #2: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 esp.5d7ea956@0.0.0.0 esp.4cb1b81a@192.168.3.80 %passthrough tun.0@192.168.3.80 ref=0 refhim=4294901761
000 #1: "RZN78L81_R1N11_DSL":500 IKEv1.0 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3307s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set

"ipsec whack --staus" after "power off" of client and new tunnel setup:
-----------------------------------------------------------------------
000  
000 "RZN78L80_R1N10_DSL": 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79...%any===10.13.10.0/32; unrouted; eroute owner: #0
000 "RZN78L80_R1N10_DSL":     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L80_R1N10_DSL":   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L80_R1N10_DSL":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L80_R1N10_DSL":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip80; kind=CK_TEMPLATE
000 "RZN78L80_R1N10_DSL":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0;
000 "RZN78L80_R1N10_DSL"[1]: 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79...%any[@000149FFFF70.example.de]===10.13.10.0/32; erouted; eroute owner: #4
000 "RZN78L80_R1N10_DSL"[1]:     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L80_R1N10_DSL"[1]:   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L80_R1N10_DSL"[1]:   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L80_R1N10_DSL"[1]:   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip80; kind=CK_INSTANCE
000 "RZN78L80_R1N10_DSL"[1]:   newest ISAKMP SA: #3; newest IPsec SA: #4; eroute owner: #4;
000 "RZN78L80_R1N10_DSL"[1]:   IKE algorithm newest: AES_CBC_256-SHA2_256-MODP2048
000 "RZN78L81_R1N11_DSL": 10.11.0.0/24===192.168.3.81[@08002725BA4E.example.de]---192.168.3.79...%any[@000149FFFF70.example.de]===10.13.11.0/32; unrouted; eroute owner: #0
000 "RZN78L81_R1N11_DSL":     myip=unset; hisip=unset; mycert=/etc/ipsec.d/MyCerts/08002725BA4E.cert.der;
000 "RZN78L81_R1N11_DSL":   CAs: 'C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de'...'%any'
000 "RZN78L81_R1N11_DSL":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes 
000 "RZN78L81_R1N11_DSL":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK; prio: 24,32; interface: eth1:ip81; kind=CK_PERMANENT
000 "RZN78L81_R1N11_DSL":   newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner: #0;
000 "RZN78L81_R1N11_DSL":   IKE algorithm newest: AES_CBC_256-SHA2_256-MODP2048
000  
000 #4: "RZN78L80_R1N10_DSL"[1] 0.0.0.0:500 IKEv1.0 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28515s; newest IPSEC; eroute owner; isakmp#3; idle; import:not set
000 #4: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 esp.5eaae9eb@0.0.0.0 esp.76b53651@192.168.3.80 %passthrough tun.0@192.168.3.80 ref=0 refhim=4294901761
000 #3: "RZN78L80_R1N10_DSL"[1] 0.0.0.0:500 IKEv1.0 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3314s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
000 #2: "RZN78L80_R1N10_DSL"[1] 0.0.0.0:500 IKEv1.0 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28426s; isakmp#1; idle; import:not set
000 #2: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 esp.5d7ea956@0.0.0.0 esp.4cb1b81a@192.168.3.80 %passthrough tun.0@192.168.3.80 ref=0 refhim=4294901761
000 #1: "RZN78L81_R1N11_DSL":500 IKEv1.0 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3225s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
000  


Log of RZNV78v2 ( Linux Openswan U2.6.51.2/K4.4.165-81-default (netkey)):
=========================================================================
Startup:
--------
May 22 17:18:29 rznv78v2 systemd[1]: Starting Openswan daemon...
May 22 17:18:30 rznv78v2 kernel: NET: Registered protocol family 15
May 22 17:18:30 rznv78v2 ipsec_setup[2065]: Starting Openswan IPsec U2.6.51.2/K4.4.165-81-default...
May 22 17:18:30 rznv78v2 ipsec[2054]: <27>May 22 17:18:29 ipsec_setup: Starting Openswan IPsec U2.6.51.2/K4.4.165-81-default...
May 22 17:18:30 rznv78v2 ipsec_setup[2082]: Using NETKEY(XFRM) stack
May 22 17:18:30 rznv78v2 kernel: Initializing XFRM netlink socket
May 22 17:18:30 rznv78v2 kernel: AVX2 instructions are not detected.
May 22 17:18:30 rznv78v2 kernel: AVX2 or AES-NI instructions are not detected.
May 22 17:18:30 rznv78v2 ipsec__plutorun[2180]: Starting Pluto subsystem...
May 22 17:18:30 rznv78v2 ipsec_setup[2185]: ...Openswan IPsec started
May 22 17:18:30 rznv78v2 systemd[1]: Started Openswan daemon.
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: adjusting ipsec.d to /etc/ipsec.d
May 22 17:18:30 rznv78v2 pluto[2188]: adjusting ipsec.d to /etc/ipsec.d
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: Labelled IPsec not enabled; value 32001 ignored.
May 22 17:18:30 rznv78v2 pluto[2188]: Labelled IPsec not enabled; value 32001 ignored.
May 22 17:18:30 rznv78v2 pluto[2188]: Starting Pluto (Openswan Version 2.6.51.2; Vendor ID OSW][OUd@}hE) pid:2188
May 22 17:18:30 rznv78v2 pluto[2188]: LEAK_DETECTIVE support [disabled]
May 22 17:18:30 rznv78v2 pluto[2188]: OCF support for IKE [disabled]
May 22 17:18:30 rznv78v2 pluto[2188]: SAref support [disabled]: Protocol not available
May 22 17:18:30 rznv78v2 pluto[2188]: SAbind support [disabled]: Protocol not available
May 22 17:18:30 rznv78v2 pluto[2188]: NSS support [disabled]
May 22 17:18:30 rznv78v2 pluto[2188]: HAVE_STATSD notification support not compiled in
May 22 17:18:30 rznv78v2 pluto[2188]: Setting NAT-Traversal port-4500 floating to on
May 22 17:18:30 rznv78v2 pluto[2188]:    port floating activation criteria nat_t=1/port_float=1
May 22 17:18:30 rznv78v2 pluto[2188]:    NAT-Traversal support  [enabled]
May 22 17:18:30 rznv78v2 pluto[2188]: using /dev/urandom as source of random entropy
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
May 22 17:18:30 rznv78v2 pluto[2188]: starting up 1 cryptographic helpers
May 22 17:18:30 rznv78v2 pluto[2188]: started helper pid=2191 (fd:8)
May 22 17:18:30 rznv78v2 pluto[2188]: Using Linux XFRM/NETKEY IPsec interface code on 4.4.165-81-default
May 22 17:18:30 rznv78v2 pluto[2191]: using /dev/urandom as source of random entropy
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
May 22 17:18:30 rznv78v2 pluto[2188]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
May 22 17:18:30 rznv78v2 pluto[2188]:   loaded CA cert file 'exampleCa-2015-cacert.pem' (1814 bytes)
May 22 17:18:30 rznv78v2 pluto[2188]:   loading certificate from /etc/ipsec.d/MyCerts/08002725BA4E.cert.der
May 22 17:18:30 rznv78v2 pluto[2188]:   loaded host cert file '/etc/ipsec.d/MyCerts/08002725BA4E.cert.der' (1333 bytes)
May 22 17:18:30 rznv78v2 pluto[2188]: adding connection: "RZN78L80_R1N10_DSL"
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002   loading certificate from /etc/ipsec.d/MyCerts/08002725BA4E.cert.der
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002   loaded host cert file '/etc/ipsec.d/MyCerts/08002725BA4E.cert.der' (1333 bytes)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding connection: "RZN78L80_R1N10_DSL"
May 22 17:18:30 rznv78v2 pluto[2188]:   loading certificate from /etc/ipsec.d/MyCerts/08002725BA4E.cert.der
May 22 17:18:30 rznv78v2 pluto[2188]:   loaded host cert file '/etc/ipsec.d/MyCerts/08002725BA4E.cert.der' (1333 bytes)
May 22 17:18:30 rznv78v2 pluto[2188]: adding connection: "RZN78L81_R1N11_DSL"
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002   loading certificate from /etc/ipsec.d/MyCerts/08002725BA4E.cert.der
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002   loaded host cert file '/etc/ipsec.d/MyCerts/08002725BA4E.cert.der' (1333 bytes)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding connection: "RZN78L81_R1N11_DSL"
May 22 17:18:30 rznv78v2 pluto[2188]: listening for IKE messages
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth2/eth2 10.11.0.78:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth2/eth2 10.11.0.78:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip87/eth1:ip87 192.168.3.87:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip87/eth1:ip87 192.168.3.87:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip89/eth1:ip89 192.168.3.89:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip89/eth1:ip89 192.168.3.89:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip88/eth1:ip88 192.168.3.88:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip88/eth1:ip88 192.168.3.88:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip86/eth1:ip86 192.168.3.86:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip86/eth1:ip86 192.168.3.86:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip85/eth1:ip85 192.168.3.85:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip85/eth1:ip85 192.168.3.85:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip81/eth1:ip81 192.168.3.81:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip81/eth1:ip81 192.168.3.81:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip80/eth1:ip80 192.168.3.80:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1:ip80/eth1:ip80 192.168.3.80:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1/eth1 192.168.3.78:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth1/eth1 192.168.3.78:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth0/eth0 10.1.5.78:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface eth0/eth0 10.1.5.78:4500
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface lo/lo 127.0.0.1:500 (AF_INET)
May 22 17:18:30 rznv78v2 pluto[2188]: adding interface lo/lo 127.0.0.1:4500
May 22 17:18:30 rznv78v2 pluto[2188]: loading secrets from "/etc/ipsec.secrets"
May 22 17:18:30 rznv78v2 pluto[2188]:   loaded private key file '/etc/ipsec.d/private/08002725BA4E.key.pem' (1751 bytes)
May 22 17:18:30 rznv78v2 pluto[2188]: loaded private key for keyid: PPK_RSA:AwEAAef8L/42F8 62EC 7C6B 1ECF C411 8C7D 4373 6C3C 771B 90DE
May 22 17:18:30 rznv78v2 pluto[2188]: loaded private key for keyid: PPK_RSA:AQOIxxcfK/CA21 5F7B 781C 15D7 BD0D 62B3 222D 1EEE FA27 2FC3
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 listening for IKE messages
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth2/eth2 10.11.0.78:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth2/eth2 10.11.0.78:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip87/eth1:ip87 192.168.3.87:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip87/eth1:ip87 192.168.3.87:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip89/eth1:ip89 192.168.3.89:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip89/eth1:ip89 192.168.3.89:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip88/eth1:ip88 192.168.3.88:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip88/eth1:ip88 192.168.3.88:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip86/eth1:ip86 192.168.3.86:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip86/eth1:ip86 192.168.3.86:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip85/eth1:ip85 192.168.3.85:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip85/eth1:ip85 192.168.3.85:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip81/eth1:ip81 192.168.3.81:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip81/eth1:ip81 192.168.3.81:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip80/eth1:ip80 192.168.3.80:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1:ip80/eth1:ip80 192.168.3.80:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1/eth1 192.168.3.78:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth1/eth1 192.168.3.78:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth0/eth0 10.1.5.78:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface eth0/eth0 10.1.5.78:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface lo/lo 127.0.0.1:500 (AF_INET)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 adding interface lo/lo 127.0.0.1:4500
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 loading secrets from "/etc/ipsec.secrets"
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002   loaded private key file '/etc/ipsec.d/private/08002725BA4E.key.pem' (1751 bytes)
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 loaded private key for keyid: PPK_RSA:AwEAAef8L/42F8 62EC 7C6B 1ECF C411 8C7D 4373 6C3C 771B 90DE
May 22 17:18:30 rznv78v2 ipsec__plutorun[2182]: 002 loaded private key for keyid: PPK_RSA:AQOIxxcfK/CA21 5F7B 781C 15D7 BD0D 62B3 222D 1EEE FA27 2FC3

first tunnel setup:
-------------------
May 22 17:18:51 rznv78v2 pluto[2188]: packet from 192.168.1.3:500: ignoring unknown Vendor ID payload [4f535751624a50497c705f61]
May 22 17:18:51 rznv78v2 pluto[2188]: packet from 192.168.1.3:500: received Vendor ID payload [Dead Peer Detection]
May 22 17:18:51 rznv78v2 pluto[2188]: packet from 192.168.1.3:500: received Vendor ID payload [RFC 3947] method set to=115
May 22 17:18:51 rznv78v2 pluto[2188]: packet from 192.168.1.3:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
May 22 17:18:51 rznv78v2 pluto[2188]: packet from 192.168.1.3:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
May 22 17:18:51 rznv78v2 pluto[2188]: packet from 192.168.1.3:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
May 22 17:18:51 rznv78v2 pluto[2188]: packet from 192.168.1.3:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: responding to Main Mode
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: STATE_MAIN_R1: sent MR1, expecting MI2
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: STATE_MAIN_R2: sent MR2, expecting MI3
May 22 17:18:51 rznv78v2 pluto[2188]: | WARNING: /root/Openswan/openswan-2.6.51.3/programs/pluto/crypt_start_dh.c:160: encryptor 'aes' expects keylen 32/256, SA #1 RESPONDER keylen is 0
May 22 17:18:51 rznv78v2 pluto[2188]: | WARNING: /root/Openswan/openswan-2.6.51.3/programs/pluto/ikev1_main.c:1206: encryptor 'aes' expects keylen 32/256, SA #1 RESPONDER keylen is 0
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: Main mode peer ID is ID_FQDN: '@000149FFFF70.example.de'
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: no crl from issuer "C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de" found (strict=no)
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL" #1: switched from "RZN78L80_R1N10_DSL" to "RZN78L81_R1N11_DSL"
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L81_R1N11_DSL" #1: I am sending my cert
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L81_R1N11_DSL" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L81_R1N11_DSL" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG oursig= theirsig=AwEAAa34z cipher=aes_256 prf=OAKLEY_SHA2_256 group=modp2048}
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L81_R1N11_DSL" #1: the peer proposed: 10.11.0.0/24:0/0 -> 10.13.10.0/32:0/0
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #2: responding to Quick Mode proposal {msgid:8dad209f}
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #2:     us: 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79
May 22 17:18:51 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #2:   them: %any[@000149FFFF70.example.de]===10.13.10.0/32
May 22 17:18:51 rznv78v2 pluto[2188]: |  authalg converted for sha2 truncation at 96bits instead of IETF's mandated 128bits
May 22 17:18:52 rznv78v2 pluto[2188]: |  authalg converted for sha2 truncation at 96bits instead of IETF's mandated 128bits
May 22 17:18:52 rznv78v2 pluto[2188]: | creating SPD to 192.168.1.3->spi=00010000@192.168.3.80 proto=4
May 22 17:18:52 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
May 22 17:18:52 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
May 22 17:18:52 rznv78v2 kernel: alg: No test for echainiv(authenc(hmac(sha256),cbc(aes))) (echainiv(authenc(hmac(sha256-avx),cbc-aes-aesni)))
May 22 17:18:52 rznv78v2 pluto[2188]: | creating SPD to 192.168.3.80->spi=00000000@192.168.1.3 proto=4
May 22 17:18:52 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
May 22 17:18:52 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x5d7ea956 <0x4cb1b81a xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=none}


new tunnel setup after "power off" of client:
---------------------------------------------
May 22 17:20:01 rznv78v2 cron[2234]: pam_unix(crond:session): session opened for user root by (uid=0)
May 22 17:20:01 rznv78v2 systemd[1]: Started Session 5 of user root.
May 22 17:20:01 rznv78v2 sntp[2244]: sntp 4.2.8p12@1.3728-o Tue Oct 23 16:07:06 UTC 2018 (1)
May 22 17:20:01 rznv78v2 sntp[2244]: 2019-05-22 17:20:01.730762 (+0200) +1.13 +/- 0.831623 10.1.5.254 s4 no-leap
May 22 17:20:02 rznv78v2 sddm-greeter[1800]: Time engine Clock skew signaled
May 22 17:20:02 rznv78v2 CRON[2234]: pam_unix(crond:session): session closed for user root
May 22 17:20:20 rznv78v2 pluto[2188]: packet from 192.168.1.4:500: ignoring unknown Vendor ID payload [4f535751624a50497c705f61]
May 22 17:20:20 rznv78v2 pluto[2188]: packet from 192.168.1.4:500: received Vendor ID payload [Dead Peer Detection]
May 22 17:20:20 rznv78v2 pluto[2188]: packet from 192.168.1.4:500: received Vendor ID payload [RFC 3947] method set to=115
May 22 17:20:20 rznv78v2 pluto[2188]: packet from 192.168.1.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
May 22 17:20:20 rznv78v2 pluto[2188]: packet from 192.168.1.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
May 22 17:20:20 rznv78v2 pluto[2188]: packet from 192.168.1.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
May 22 17:20:20 rznv78v2 pluto[2188]: packet from 192.168.1.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: responding to Main Mode from unknown peer 0.0.0.0
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: STATE_MAIN_R1: sent MR1, expecting MI2
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: STATE_MAIN_R2: sent MR2, expecting MI3
May 22 17:20:20 rznv78v2 pluto[2188]: | WARNING: /root/Openswan/openswan-2.6.51.3/programs/pluto/crypt_start_dh.c:160: encryptor 'aes' expects keylen 32/256, SA #3 RESPONDER keylen is 0
May 22 17:20:20 rznv78v2 pluto[2188]: | WARNING: /root/Openswan/openswan-2.6.51.3/programs/pluto/ikev1_main.c:1206: encryptor 'aes' expects keylen 32/256, SA #3 RESPONDER keylen is 0
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: Main mode peer ID is ID_FQDN: '@000149FFFF70.example.de'
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: no crl from issuer "C=DE, ST=BY, L=ExampleLocation., O=example.de, OU=IT, CN=example CA-2015, E=info@example.de" found (strict=no)
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: I am sending my cert
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG oursig= theirsig=AwEAAa34z cipher=aes_256 prf=OAKLEY_SHA2_256 group=modp2048}
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #3: the peer proposed: 10.11.0.0/24:0/0 -> 10.13.10.0/32:0/0
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #4: responding to Quick Mode proposal {msgid:8884ac32}
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #4:     us: 10.11.0.0/24===192.168.3.80[@08002725BA4E.example.de]---192.168.3.79
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #4:   them: %any[@000149FFFF70.example.de]===10.13.10.0/32
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #4: keeping refhim=4294901761 during rekey
May 22 17:20:20 rznv78v2 pluto[2188]: |  authalg converted for sha2 truncation at 96bits instead of IETF's mandated 128bits
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
May 22 17:20:20 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
May 22 17:20:21 rznv78v2 pluto[2188]: |  authalg converted for sha2 truncation at 96bits instead of IETF's mandated 128bits
May 22 17:20:21 rznv78v2 pluto[2188]: | creating SPD to 192.168.3.80->spi=00000000@192.168.1.4 proto=4
May 22 17:20:21 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
May 22 17:20:21 rznv78v2 pluto[2188]: "RZN78L80_R1N10_DSL"[1] 0.0.0.0 #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x5eaae9eb <0x76b53651 xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=none}