und just ist der Tunnel weg…
LOG:
Oct 30 11:58:59 charon 14[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:58:59 charon 14[ENC] <con1|15>generating CREATE_CHILD_SA response 74 [ N(TS_UNACCEPT) ]
Oct 30 11:58:59 charon 14[IKE] <con1|15>failed to establish CHILD_SA, keeping IKE_SA
Oct 30 11:58:59 charon 14[IKE] <con1|15>traffic selectors 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0 inacceptable
Oct 30 11:58:59 charon 14[ENC] <con1|15>parsed CREATE_CHILD_SA request 74 [ SA No TSi TSr ]
Oct 30 11:58:59 charon 14[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (304 bytes)
Oct 30 11:58:56 charon 14[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:58:56 charon 14[ENC] <con1|15>generating CREATE_CHILD_SA response 73 [ N(TS_UNACCEPT) ]
Oct 30 11:58:56 charon 14[IKE] <con1|15>failed to establish CHILD_SA, keeping IKE_SA
Oct 30 11:58:56 charon 14[IKE] <con1|15>traffic selectors 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0 inacceptable
Oct 30 11:58:56 charon 14[ENC] <con1|15>parsed CREATE_CHILD_SA request 73 [ SA No TSi TSr ]
Oct 30 11:58:56 charon 14[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (304 bytes)
Oct 30 11:58:56 charon 14[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:58:56 charon 14[ENC] <con1|15>generating CREATE_CHILD_SA response 72 [ N(TS_UNACCEPT) ]
Oct 30 11:58:56 charon 14[IKE] <con1|15>failed to establish CHILD_SA, keeping IKE_SA
Oct 30 11:58:56 charon 14[IKE] <con1|15>traffic selectors 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0 inacceptable
Oct 30 11:58:56 charon 14[ENC] <con1|15>parsed CREATE_CHILD_SA request 72 [ SA No TSi TSr ]
Oct 30 11:58:56 charon 14[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (304 bytes)
Oct 30 11:58:56 charon 14[CFG] added configuration 'con1'
Oct 30 11:58:56 charon 14[CFG] loaded certificate "C=DE, ST=North-Rhine-Westphalen, L=cologne, O=IT, E=flyfrank@XXX.XX, CN=XXXXXXX.de, OU=IT" from '/var/etc/ipsec/ipsec.d/certs/cert-1.crt'
Oct 30 11:58:56 charon 14[CFG] reusing virtual IP address pool 10.98.1.0/24
Oct 30 11:58:56 charon 14[CFG] received stroke: add connection 'con1'
Oct 30 11:58:56 ipsec_starter 3990 'bypasslan' shunt PASS policy installed
Oct 30 11:58:56 charon 14[CFG] received stroke: route 'bypasslan'
Oct 30 11:58:56 charon 14[CFG] added configuration 'bypasslan'
Oct 30 11:58:56 charon 14[CFG] received stroke: add connection 'bypasslan'
Oct 30 11:58:56 charon 14[CFG] deleted connection 'con1'
Oct 30 11:58:56 charon 14[CFG] received stroke: delete connection 'con1'
Oct 30 11:58:56 charon 07[CFG] deleted connection 'bypasslan'
Oct 30 11:58:56 charon 07[CFG] received stroke: delete connection 'bypasslan'
Oct 30 11:58:56 ipsec_starter 3990 shunt policy 'bypasslan' uninstalled
Oct 30 11:58:56 charon 15[CFG] received stroke: unroute 'bypasslan'
Oct 30 11:58:56 charon 07[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls'
Oct 30 11:58:56 charon 07[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Oct 30 11:58:56 charon 07[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Oct 30 11:58:56 charon 07[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Oct 30 11:58:56 charon 07[CFG] loaded ca certificate "C=DE, ST=North-Rhine-Westphalen, L=cologne, O=IT, E=flyfrank@XXX.XX, CN=vpnca, OU=IT" from '/usr/local/etc/ipsec.d/cacerts/2f1593d6.0.crt'
Oct 30 11:58:56 charon 07[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Oct 30 11:58:56 charon 07[CFG] loaded EAP secret for anderson@XXXXX.de
Oct 30 11:58:56 charon 07[CFG] loaded RSA private key from '/var/etc/ipsec/ipsec.d/private/cert-1.key'
Oct 30 11:58:56 charon 07[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Oct 30 11:58:56 charon 07[CFG] rereading secrets
Oct 30 11:58:55 charon 12[NET] <con1|15>sending packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[30752] (80 bytes)
Oct 30 11:58:55 charon 12[ENC] <con1|15>generating CREATE_CHILD_SA response 71 [ N(NO_PROP) ]
Oct 30 11:58:55 charon 12[IKE] <con1|15>failed to establish CHILD_SA, keeping IKE_SA
Oct 30 11:58:55 charon 12[IKE] <con1|15>no acceptable proposal found
Oct 30 11:58:55 charon 12[CFG] <con1|15>configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_512_256/MODP_2048/NO_EXT_SEQ
Oct 30 11:58:55 charon 12[CFG] <con1|15>received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Oct 30 11:58:55 charon 12[ENC] <con1|15>parsed CREATE_CHILD_SA request 71 [ SA No TSi TSr ]
Oct 30 11:58:55 charon 12[NET] <con1|15>received packet: from YYY.YYY.YYY.YYY[30752] to XXX.XXX.XXX.XXX[4500] (304 bytes)</con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15></con1|15>