Lancom Router Site to Site Problem mit Außenstellen

login as: root
Keyboard-interactive authentication prompts from server:
| Local password authentication for root
| Password:
End of keyboard-interactive prompts from server


#
| LANCOM 1781VA (over ISDN)
| Ver. 10.40.0414RU3 / 04.11.2020
| SN.  4004166032100812
| Copyright (c) LANCOM Systems

Router-Hauptstelle, Connection No.: 002 (LAN)



[VPN-Status] 2020/12/03 09:48:43,961
VPN: Disconnect info: physical-disconnected (0x4304) for Peer-Buero2 (IP-Buero2)

[VPN-Status] 2020/12/03 09:48:43,961
VPN: disconnecting Peer-Buero2 (IP-Buero2)

[VPN-Status] 2020/12/03 09:48:43,961
VPN: Disconnect info: physical-disconnected (0x4304) for Peer-Buero2 (IP-Buero2)

[VPN-Status] 2020/12/03 09:48:43,970
Disconnect Request for peer Peer-Buero2 (ikev2)
Deleting IKE_SA (ISAKMP-PEER-Peer-Buero2, Peer-Buero2)
Peer Peer-Buero2: Constructing an INFORMATIONAL-REQUEST  for send
CHILD_SA ('Peer-Buero2', 'IPSEC-0-Peer-Buero2-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0x08572A2E Inbound-SPI 0xC01213DB) removed from SADB  
CHILD_SA ('Peer-Buero2', 'IPSEC-0-Peer-Buero2-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0x08572A2E Inbound-SPI 0xC01213DB) freed  
Message scheduled for retransmission (1) in 6.075529 seconds
Sending an INFORMATIONAL-REQUEST of 96 bytes (responder encrypted)
Gateways: IP-Hauptstelle:4500-->IP-Buero2:4500, tag 0 (UDP)
SPIs: 0x17FCD68290A4D0CA2A94D99DD548B72C, Message-ID 109
IKE_SA ('Peer-Buero2', 'ISAKMP-PEER-Peer-Buero2' IPSEC_IKE SPIs 0x17FCD68290A4D0CA2A94D99DD548B72C) removed from SADB  

[VPN-Status] 2020/12/03 09:48:43,971
vpn-maps[29], remote: Peer-Buero2, idle, static-name

[VPN-Status] 2020/12/03 09:48:43,978
VPN: installing ruleset for Peer-Buero2 (0.0.0.0)

[VPN-Status] 2020/12/03 09:48:43,983
Config parser: Start

[VPN-Status] 2020/12/03 09:48:43,983
Config parser: Finish
  Wall clock time: 0 ms
  CPU time: 0 ms

[VPN-Status] 2020/12/03 09:48:43,983
VPN: WAN state changed to WanIdle for Peer-Buero2 (0.0.0.0), called by: 01c89d60

[VPN-Status] 2020/12/03 09:48:43,984
DISCONNECT-RESPONSE sent for handle 29

Peer-Buero2 (ikev2): Remote gateway has changed from IP-Buero2 to 0.0.0.0 -> tearing down

[VPN-Status] 2020/12/03 09:48:43,986
VPN: rulesets installed

[VPN-Status] 2020/12/03 09:48:43,989
Peer Peer-Buero2 [responder]: Received an INFORMATIONAL-RESPONSE of 112 bytes (encrypted)
Gateways: IP-Hauptstelle:4500<--IP-Buero2:4500
SPIs: 0x17FCD68290A4D0CA2A94D99DD548B72C, Message-ID 109

[VPN-Status] 2020/12/03 09:48:43,989
IKE_SA ('Peer-Buero2', 'ISAKMP-PEER-Peer-Buero2' IPSEC_IKE SPIs 0x17FCD68290A4D0CA2A94D99DD548B72C) freed  

[VPN-Status] 2020/12/03 09:48:43,989
VPN: Peer-Buero2 (0.0.0.0)  disconnected

[VPN-Status] 2020/12/03 09:48:43,990
vpn-maps[29], remote: Peer-Buero2, idle, static-name

[VPN-Status] 2020/12/03 09:48:44,088
Config parser: Start

[VPN-Status] 2020/12/03 09:48:44,118
Config parser: Finish
  Wall clock time: 29 ms
  CPU time: 9 ms

[VPN-Status] 2020/12/03 09:48:44,130
DISCONNECT-RESPONSE sent for handle 29

[VPN-Status] 2020/12/03 09:48:44,130
VPN: rulesets installed

[VPN-Status] 2020/12/03 09:48:44,464
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 424 bytes
Gateways: IP-Hauptstelle:4500<--IP-Buero2:4500
SPIs: 0x70C291A5A2C5F9E40000000000000000, Message-ID 0
Peer identified: DEFAULT
IKE_SA ('', '' IPSEC_IKE SPIs 0x70C291A5A2C5F9E4FD3BD8D212119FA0) entered to SADB  
Switching to local port 4500 and remote port 4500
Received 2 notifications:
  +NAT_DETECTION_DESTINATION_IP(0x1AD8F1C13F25C6D4E35E4F171C9A833397C9EABF) (STATUS)
  +NAT_DETECTION_SOURCE_IP(0x1AFC8E3111660BF7D3278265FD321D00DEC102E9) (STATUS)
We (responder) are not behind a NAT. NAT-T is already enabled
+IKE-SA:
  IKE-Proposal-1  (4 transforms)
    ENCR : AES-CBC-256
    PRF  : PRF-HMAC-SHA-256
    INTEG: HMAC-SHA-256
    DH   : 14
+Received KE-DH-Group 14 (2048 bits)

[VPN-Status] 2020/12/03 09:48:44,513
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
+IKE-SA:
  IKE-Proposal-1  (4 transforms)
    ENCR : AES-CBC-256
    PRF  : PRF-HMAC-SHA-256
    INTEG: HMAC-SHA-256
    DH   : 14
+KE-DH-Group 14 (2048 bits)
IKE_SA_INIT [responder] for peer DEFAULT initiator id <no ipsec id>, responder id <no ipsec id>
initiator cookie: 0x70C291A5A2C5F9E4, responder cookie: 0xFD3BD8D212119FA0
NAT-T enabled. We are not behind a nat, the remote side is  behind a nat
SA ISAKMP for peer DEFAULT Encryption AES-CBC-256  Integrity AUTH-HMAC-SHA-256  IKE-DH-Group 14  PRF-HMAC-SHA-256
life time soft 12/04/2020 12:48:44 (in 97200 sec) / 0 kb
life time hard 12/04/2020 15:48:44 (in 108000 sec) / 0 kb
DPD: NONE

Sending an IKE_SA_INIT-RESPONSE of 481 bytes (responder)
Gateways: IP-Hauptstelle:4500-->IP-Buero2:4500, tag 0 (UDP)
SPIs: 0x70C291A5A2C5F9E4FD3BD8D212119FA0, Message-ID 0

[VPN-Status] 2020/12/03 09:48:44,589
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 400 bytes (encrypted)
Gateways: IP-Hauptstelle:4500<--IP-Buero2:4500
SPIs: 0x70C291A5A2C5F9E4FD3BD8D212119FA0, Message-ID 1
CHILD_SA ('', '' ) entered to SADB  
Updating remote port to 4500
Received 1 notification:
  +INITIAL_CONTACT (STATUS)
+Received-ID Peer-Buero2@domain:USER_FQDN matches the Expected-ID Peer-Buero2@domain:USER_FQDN
+Peer identified: Peer-Buero2
+Peer uses AUTH(PSK)
+Authentication successful
IKE_SA ('Peer-Buero2', 'ISAKMP-PEER-Peer-Buero2' IPSEC_IKE SPIs 0x70C291A5A2C5F9E4FD3BD8D212119FA0) removed from SADB  
IKE_SA ('Peer-Buero2', 'ISAKMP-PEER-Peer-Buero2' IPSEC_IKE SPIs 0x70C291A5A2C5F9E4FD3BD8D212119FA0) entered to SADB  
TSi: (  0,     0-65535,    192.168.10.0-192.168.10.255 )
TSr: (  0,     0-65535,   192.168.131.0-192.168.131.255)
+CHILD-SA:
  ESP-Proposal-1 Peer-SPI: 0x0A25D988 (3 transforms)
    ENCR : AES-CBC-256
    INTEG: HMAC-SHA-256
    ESN  : NONE

[VPN-Status] 2020/12/03 09:48:44,594
Peer Peer-Buero2: Constructing an IKE_AUTH-RESPONSE for send
+Local-ID Peer-Buero2@domain:USER_FQDN
+I use AUTH(PSK)

IKE_SA_INIT [responder] for peer Peer-Buero2 initiator id Peer-Buero2@domain, responder id Peer-Buero2@domain
initiator cookie: 0x70C291A5A2C5F9E4, responder cookie: 0xFD3BD8D212119FA0
NAT-T enabled. We are not behind a nat, the remote side is  behind a nat
SA ISAKMP for peer Peer-Buero2 Encryption AES-CBC-256  Integrity AUTH-HMAC-SHA-256  IKE-DH-Group 14  PRF-HMAC-SHA-256
life time soft 12/04/2020 12:48:44 (in 97200 sec) / 0 kb
life time hard 12/04/2020 15:48:44 (in 108000 sec) / 0 kb
DPD: 30 sec

+TSi 0: (  0,     0-65535,    192.168.10.0-192.168.10.255 )
+TSr 0: (  0,     0-65535,   192.168.131.0-192.168.131.255)
+CHILD-SA:
  ESP-Proposal-1 My-SPI: 0xA07E3750 (3 transforms)
    ENCR : AES-CBC-256
    INTEG: HMAC-SHA-256
    ESN  : NONE

CHILD_SA [responder] done with 2 SAS for peer Peer-Buero2 rule IPSEC-0-Peer-Buero2-PR0-L0-R0
IP-Hauptstelle:4500-->IP-Buero2:4500, Routing tag 0, Com-channel 29
rule:' ipsec 192.168.131.0/24 <-> 192.168.10.0/24  
outgoing SA ESP [0x0A25D988]  Encryption AES-CBC-256  Integrity AUTH-HMAC-SHA-256  PFS-DH-Group None  ESN None
incoming SA ESP [0xA07E3750]  Encryption AES-CBC-256  Integrity AUTH-HMAC-SHA-256  PFS-DH-Group None  ESN None
life time soft 12/03/2020 17:00:44 (in 25920 sec) / 1800000 kb
life time hard 12/03/2020 17:48:44 (in 28800 sec) / 2000000 kb
tunnel between src: IP-Hauptstelle dst: IP-Buero2

Sending an IKE_AUTH-RESPONSE of 240 bytes (responder encrypted)
Gateways: IP-Hauptstelle:4500-->IP-Buero2:4500, tag 0 (UDP)
SPIs: 0x70C291A5A2C5F9E4FD3BD8D212119FA0, Message-ID 1

[VPN-Status] 2020/12/03 09:48:44,594
set_ip_transport for Peer-Buero2: [id: 98952, UDP (17) {incoming unicast, fixed source address}, dst: IP-Buero2, tag 0 (U), src: IP-Hauptstelle, hop limit: 64, pmtu: 1500, iface: WITCOM (6), mac address: 70:db:98:61:b4:d6, port 0]

[VPN-Status] 2020/12/03 09:48:44,594
VPN: WAN state changed to WanCalled for Peer-Buero2 (IP-Buero2), called by: 01c89d60

[VPN-Status] 2020/12/03 09:48:44,594
vpn-maps[29], remote: Peer-Buero2, nego, static-name, connected-by-name

[VPN-Status] 2020/12/03 09:48:44,594
VPN: wait for IKE negotiation from Peer-Buero2 (IP-Buero2)

[VPN-Status] 2020/12/03 09:48:44,594
VPN: WAN state changed to WanProtocol for Peer-Buero2 (IP-Buero2), called by: 01c89d60

[VPN-Status] 2020/12/03 09:48:45,604
VPN: Peer-Buero2 connected

[VPN-Status] 2020/12/03 09:48:45,604
VPN: WAN state changed to WanConnect for Peer-Buero2 (IP-Buero2), called by: 01c89d60

[VPN-Status] 2020/12/03 09:48:45,604
vpn-maps[29], remote: Peer-Buero2, connected, static-name, connected-by-name

[VPN-Status] 2020/12/03 09:48:45,618
starting external DNS resolution for Peer-Buero1
IpStr=>dns-Name-Buero1<, IpAddr(old)=IP-Buero1, IpTtl(old)=60s

[VPN-Status] 2020/12/03 09:48:45,619
internal DNS resolution for Peer-Buero2
IpStr=>0.0.0.0<, IpAddr(old)=0.0.0.0, IpTtl(old)=0s
IpStr=>0.0.0.0<, IpAddr(new)=0.0.0.0, IpTtl(new)=0s

[VPN-Status] 2020/12/03 09:48:45,724
Config parser: Start

[VPN-Status] 2020/12/03 09:48:45,747
external DNS resolution for Peer-Buero1
IpStr=>dns-Name-Buero1<, IpAddr(old)=0.0.0.0, IpTtl(old)=60s
IpStr=>dns-Name-Buero1<, IpAddr(new)=IP-Buero1, IpTtl(new)=60s

[VPN-Status] 2020/12/03 09:48:45,754
Config parser: Finish
  Wall clock time: 30 ms
  CPU time: 9 ms

[VPN-Status] 2020/12/03 09:48:45,759
IKE info: Delete Notification sent for Phase-2 SA IPSEC-0-Peer-Buero1-PR0-L0-R0 to peer Peer-Buero1, spi [0x2a3016f6]


[VPN-Status] 2020/12/03 09:48:45,760
IKE info: Delete Notification sent for Phase-1 SA to peer Peer-Buero1, cookies [0xa7310e660648d94d 0xb6503aa3b859ead7]


[VPN-Status] 2020/12/03 09:48:45,768
Tearing down Peer-Buero1 (ikev1) (remote gateway changed from IP-Buero1 to 0.0.0.0)
Phase-2 SA ('Peer-Buero1', 'IPSEC-0-Peer-Buero1-PR0-L0-R0') removed from SADB  
  Containing Protocol IPSEC_ESP Outbound-SPI 0x7CF9D973 Inbound-SPI 0x2A3016F6
Phase-2 SA ('Peer-Buero1', 'IPSEC-0-Peer-Buero1-PR0-L0-R0') freed  
  Containing Protocol IPSEC_ESP Outbound-SPI 0x7CF9D973 Inbound-SPI 0x2A3016F6
Phase-1 SA ('Peer-Buero1', 'ISAKMP-PEER-Peer-Buero1' IPSEC_IKE Cookies 0xA7310E660648D94DB6503AA3B859EAD7) removed from SADB  
  Freeing exchanges...IKE-DISCONNECT-INDICATION sent for handle 23

[VPN-Status] 2020/12/03 09:48:45,769
VPN: rulesets installed

[VPN-Status] 2020/12/03 09:48:45,789
vpn-maps[23], remote: Peer-Buero1, idle, dns-name, static-name

[VPN-Status] 2020/12/03 09:48:45,795
selecting first remote gateway using strategy eFirst for Peer-Buero1
     => IpStr=>dns-Name-Buero1<, IpAddr=IP-Buero1

[VPN-Status] 2020/12/03 09:48:45,796
VPN: installing ruleset for Peer-Buero1 (IP-Buero1)

[VPN-Status] 2020/12/03 09:48:45,796
VPN: WAN state changed to WanDisconnect for Peer-Buero1 (IP-Buero1), called by: 01c89d60

[VPN-Status] 2020/12/03 09:48:45,800
Config parser: Start

[VPN-Status] 2020/12/03 09:48:45,801
Config parser: Finish
  Wall clock time: 0 ms
  CPU time: 0 ms

[VPN-Status] 2020/12/03 09:48:45,801
VPN: WAN state changed to WanIdle for Peer-Buero1 (IP-Buero1), called by: 01c89d60

[VPN-Status] 2020/12/03 09:48:45,801
vpn-maps[23], remote: Peer-Buero1, idle, dns-name, static-name

[VPN-Status] 2020/12/03 09:48:45,802
Phase-1 SA ('Peer-Buero1', 'ISAKMP-PEER-Peer-Buero1' IPSEC_IKE Cookies 0xA7310E660648D94DB6503AA3B859EAD7) freed  
DISCONNECT-INDICATION sent for handle 23
DISCONNECT-RESPONSE sent for handle 23

Peer-Buero1 (ikev1): Remote gateway has changed from 0.0.0.0 to IP-Buero1 -> tearing down

[VPN-Status] 2020/12/03 09:48:45,804
VPN: rulesets installed

[VPN-Status] 2020/12/03 09:48:45,906
Config parser: Start

[VPN-Status] 2020/12/03 09:48:45,936
Config parser: Finish
  Wall clock time: 30 ms
  CPU time: 9 ms

[VPN-Status] 2020/12/03 09:48:45,948
VPN: rulesets installed

[VPN-Status] 2020/12/03 09:48:46,136
VPN: local reconnect lock active for Peer-Buero1

[VPN-Status] 2020/12/03 09:48:46,151
VPN: local reconnect lock active for Peer-Buero1

[VPN-Status] 2020/12/03 09:48:46,437
VPN: connecting to Peer-Buero1 (IP-Buero1 IKEv1)

[VPN-Status] 2020/12/03 09:48:46,437
VPN: WAN state changed to WanCall for Peer-Buero1 (IP-Buero1), called by: 01c89d60

[VPN-Status] 2020/12/03 09:48:46,437
vpn-maps[23], remote: Peer-Buero1, nego, dns-name, static-name, connected-by-name

[VPN-Status] 2020/12/03 09:48:46,444
set_ip_transport for Peer-Buero1: [id: 98971, UDP (17) {outgoing}, dst: IP-Buero1, tag 0 (U), src: IP-Hauptstelle, hop limit: 64, pmtu: 1500, (R) iface: WITCOM (6), next hop: IP-nextHOP]

[VPN-Status] 2020/12/03 09:48:46,444
Transport builder result for Peer-Buero1: success
[id: 98971, UDP (17) {outgoing}, dst: IP-Buero1, tag 0 (U), src: IP-Hauptstelle, hop limit: 64, pmtu: 1500, (R) iface: WITCOM (6), next hop: IP-nextHOP]
stack COM channel to parent WITCOM

[VPN-Status] 2020/12/03 09:48:46,445
vpn-maps[23], remote: Peer-Buero1, nego, dns-name, static-name, connected-by-name

[VPN-Status] 2020/12/03 09:48:46,445
VPN: installing ruleset for Peer-Buero1 (IP-Buero1)

[VPN-Status] 2020/12/03 09:48:46,445
Config parser: Start

[VPN-Status] 2020/12/03 09:48:46,445
Config parser: Finish
  Wall clock time: 0 ms
  CPU time: 0 ms

[VPN-Status] 2020/12/03 09:48:46,446
VPN: ruleset installed for Peer-Buero1 (IP-Buero1)

[VPN-Status] 2020/12/03 09:48:46,446
VPN: start IKE negotiation for Peer-Buero1 (IP-Buero1)

[VPN-Status] 2020/12/03 09:48:46,446
VPN: WAN state changed to WanProtocol for Peer-Buero1 (IP-Buero1), called by: 01c89d60

[VPN-Status] 2020/12/03 09:48:46,447
IKE info: Phase-1 negotiation started for peer Peer-Buero1 rule isakmp-peer-Peer-Buero1 using MAIN mode


[VPN-Status] 2020/12/03 09:48:46,454
VPN: rulesets installed

[VPN-Status] 2020/12/03 09:48:53,455
Received Connection-Request for Peer-Buero1 (ikev1)
transport: [id: 98972, UDP (17) {outgoing}, dst: IP-Buero1, tag 0 (U), src: IP-Hauptstelle, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, (R) iface: WITCOM (6), next hop: IP-nextHOP], local port: 500, remote port: 500
Establishing connection(s): IPSEC-0-Peer-Buero1-PR0-L0-R0,IPSEC-1-Peer-Buero1-PR0-L0-R0,IPSEC-2-Peer-Buero1-PR0-L0-R0,IPSEC-3-Peer-Buero1-PR0-L0-R0

Phase-1 SA ('', '' IPSEC_IKE Cookies 0xF4C956C3F7FB81520000000000000000) entered to SADB  

[VPN-Status] 2020/12/03 09:49:15,456
Sending DPD-REQUEST (Peer-Buero2)
Peer Peer-Buero2: Constructing an INFORMATIONAL-REQUEST (DPD-REQUEST) for send
Message scheduled for retransmission (1) in 8.175254 seconds
Sending an INFORMATIONAL-REQUEST (DPD-REQUEST) of 80 bytes (responder encrypted)
Gateways: IP-Hauptstelle:4500-->IP-Buero2:4500, tag 0 (UDP)
SPIs: 0x70C291A5A2C5F9E4FD3BD8D212119FA0, Message-ID 0

[VPN-Status] 2020/12/03 09:49:15,466
Peer Peer-Buero2 [responder]: Received an INFORMATIONAL-RESPONSE of 96 bytes (encrypted)
Gateways: IP-Hauptstelle:4500<--IP-Buero2:4500
SPIs: 0x70C291A5A2C5F9E4FD3BD8D212119FA0, Message-ID 0

[VPN-Status] 2020/12/03 09:49:16,454
VPN: connection for Peer-Buero1 (IP-Buero1) timed out: no response

[VPN-Status] 2020/12/03 09:49:16,454     connection is blocked for 24 seconds

[VPN-Status] 2020/12/03 09:49:16,454
VPN: disconnecting Peer-Buero1 (0.0.0.0)

[VPN-Status] 2020/12/03 09:49:16,454     connection is blocked for 30 seconds

[VPN-Status] 2020/12/03 09:49:16,454
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for Peer-Buero1 (0.0.0.0)

[VPN-Status] 2020/12/03 09:49:16,461
Disconnect Request for peer Peer-Buero1 (ikev1)
Phase-1 SA ('', '' IPSEC_IKE Cookies 0xF4C956C3F7FB81520000000000000000) removed from SADB  
Phase-1 SA ('', '' IPSEC_IKE Cookies 0xF4C956C3F7FB81520000000000000000) freed  

[VPN-Status] 2020/12/03 09:49:16,462
vpn-maps[23], remote: Peer-Buero1, idle, dns-name, static-name

[VPN-Status] 2020/12/03 09:49:16,469
selecting first remote gateway using strategy eFirst for Peer-Buero1
     => IpStr=>dns-Name-Buero1<, IpAddr=0.0.0.0

[VPN-Status] 2020/12/03 09:49:16,469
VPN: installing ruleset for Peer-Buero1 (0.0.0.0)

[VPN-Status] 2020/12/03 09:49:16,469
VPN: WAN state changed to WanDisconnect for Peer-Buero1 (0.0.0.0), called by: 01c89d60

[VPN-Status] 2020/12/03 09:49:16,469
Config parser: Start

[VPN-Status] 2020/12/03 09:49:16,469
Config parser: Finish
  Wall clock time: 0 ms
  CPU time: 0 ms

[VPN-Status] 2020/12/03 09:49:16,470
VPN: WAN state changed to WanIdle for Peer-Buero1 (0.0.0.0), called by: 01c89d60

[VPN-Status] 2020/12/03 09:49:16,471
DISCONNECT-RESPONSE sent for handle 23

Peer-Buero1 (ikev1): Remote gateway has changed from IP-Buero1 to 0.0.0.0 -> tearing down

[VPN-Status] 2020/12/03 09:49:16,472
VPN: rulesets installed

[VPN-Status] 2020/12/03 09:49:17,909
VPN: connection backoff wait timer blocks Peer-Buero1 (28 seconds remaining)

[VPN-Status] 2020/12/03 09:49:21,910
VPN: connection backoff wait timer blocks Peer-Buero1 (24 seconds remaining)

[VPN-Status] 2020/12/03 09:49:25,910
VPN: connection backoff wait timer blocks Peer-Buero1 (20 seconds remaining)

[VPN-Status] 2020/12/03 09:49:29,910
VPN: connection backoff wait timer blocks Peer-Buero1 (16 seconds remaining)
tr # vpn-status
[VPN-Status] 2020/12/03 09:49:33,911
VPN: connection backoff wait timer blocks Peer-Buero1 (12 seconds remaining)       tr #vpn-status
 Syntax Error: #vpn-status

root@Router-Hauptstelle:/
>
[VPN-Status] 2020/12/03 09:49:37,911
VPN: connection backoff wait timer blocks Peer-Buero1 (8 seconds remaining)
tr #vpn-status
 Syntax Error: #vpn-status

root@Router-Hauptstelle:/
> tr # vpn-status
VPN-Status                 OFF