Hi.
I have 2 RB951G conected site to site with IPSEC.
When the second device restart, the IPSEC connection is duplicated, adding a “_” after the last name character, and the connection cant be stablished. I need access it, delete that second connection, from active peers, identities and peers. After do that, the connection is correctly stablished. I do all the process using winbox.
Actually im monitoring that checking the uptime using ssh remotely every 10 minutes, so if the time is restarted, send me a message to notify it.
I have 2 questions:
1 - How can i detect why the connection is duplicated?
2 - How can i delete the second connection using the command line?
My first question is which version of RouterOS you are running.
Regarding question 1:
does the “second device” have a public IP address directly on itself or is it behind some NAT?
At that device, have you changed send-initial-contact parameter of the peer representing the “first device” to no from the default value yes?
When you mention that you have to delete the second connection not only from active-peers but also from the peer and identity tables, are the rows in /ip ipsec peer and /ip ipsec identity marked as dynamic or not? Can you show the output of /ip ipsec peer print detail, /ip ipsec active-peers print detail, /ip ipsec identity print detail, and /ip ipsec export hide-sensitive during that strange state (don’t forget to change the secret value in the identity print before posting)?
Regarding question 2:
you can schedule a script to run every minute, which will check for the presence of two active peers which differ just by the underscore in the name, and remove the one with underscore from the tables from which it needs to be removed. But that should be only a workaround if the root cause cannot be resolved.