Hi Mikrotik people!!
First of all I’m from Argentine and english is not my natural language (sorry if I’m wrong in my writing) I’m a newbie in mikrotik too.
In my work I have setup an ipsec tunnel between two RB3011 from office A to office B and is up and running since a month. I did it with winbox following an internet guide. Now I need to setup a second tunnel from office A to office C (in office C I have an RB2011) I did exacltly the same configuration for the second channel but it didn’t work. All mikrotiks are with OS 6.46.2. In logs I have the following errors:

failed to pre-process ph2 packet
peer sent packet for dead phase2
peer sent packet for dead phase2

OFFICE A
Public IP: 111.111.111.111
Private IP: 192.168.0.0/24
OFFICE B
Public IP: 222.222.222.222
Private IP: 192.168.1.0/24
OFFICE C
Public IP: 333.333.333.333
Private IP: 192.168.2.0/24

OFFICE A
/ip ipsec peer> print
0 name=“peer-tunnel-01” address=222.222.222.222/32 local-address=111.111.111.111 profile=default exchange-mode=main send-initial-contact=yes
1 name=“peer-tunnel-02” address=333.333.333.333/32 local-address=111.111.111.111 profile=default exchange-mode=main send-initial-contact=yes

/ip ipsec policy> print

PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT

0 peer-tunnel-01 yes 192.168.0.0/24 192.168.1.0/24 all encrypt require 1
1 peer-tunnel-02 yes 192.168.0.0/24 192.168.2.0/24 all encrypt require 0

/ip ipsec proposal> print
0 * name=“default” auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m pfs-group=modp1024

/ip ipsec identity> print
0 peer=peer-tunnel-01 auth-method=pre-shared-key secret=“password” generate-policy=no
1 peer=peer-tunnel-02 auth-method=pre-shared-key secret=“password” generate-policy=no

OFFICE B
/ip ipsec peer> print
0 name=“peer-tunnel-01” address=111.111.111.111/32 local-address=222.222.222.222 profile=default exchange-mode=main send-initial-contact=no

/ip ipsec policy> print

PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT

0 A peer-tunnel-01 yes 192.168.1.0/24 192.168.0.0/24 all encrypt require 1

/ip ipsec proposal> print
0 * name=“default” auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m pfs-group=modp1024

/ip ipsec identity> print
0 peer=peer-tunnel-01 auth-method=pre-shared-key secret=“password” generate-policy=no

OFFICE C
/ip ipsec peer> print
0 name=“peer-tunnel-02” address=111.111.111.111/32 local-address=333.333.333.333 profile=default exchange-mode=main send-initial-contact=no

/ip ipsec policy> print

PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT

0 A peer-tunnel-01 yes 192.168.2.0/24 192.168.0.0/24 all encrypt require 1

/ip ipsec proposal> print
0 * name=“default” auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m pfs-group=modp1024

/ip ipsec identity> print
0 peer=peer-tunnel-02 auth-method=pre-shared-key secret=“password” generate-policy=no

Thanks in advance!!!

Hi there Pattone,
Cloud you please share with us the guide that you have been following?

Thx

Hi thecoffemaker!!!
I had follow a few guides because all of them were for OS versions olders than the one I had in my mikrotiks, and a few things where in “different places” in my winbox. Some of them were:

https://www.raulprietofernandez.net/blog/mikrotik/como-conectar-dos-oficinas-por-vpn-con-mikrotik-y-routeros
https://www.youtube.com/watch?v=mTTVz3WCxIs
https://soporte.syscom.mx/es/articles/2034873-mikrotik-configuracion-de-vpn-con-tunnel-ipsec

Hello people… it’s me again.
I have more data to post about my case:
If I turn off (disable) the first tunnel (the working one) the second tunnel not work neither; I don’t know why… the configuration is the same for both tunnels, the only differences are the IPs (public and private)
Any suggestion??