Yeah, I got an update from another side, so it is a Wireshark "bug", it doesn't know or decode correctly this packages. I used this filter on the capture: gre and !gre.proto == 0x9000 export this visible entries and the use the editcap to cut the GRE header:
editcap -C 38 xyz.pcap xyz_stripped.pcap
Open the xyz_stripped.pacp and I see the clear and unencrypted user traffic eg. TLS, DNS, ICMP, HTTP.