I've set up a tunnel between 2 routers, one RB850Gx2 (6.42.7), and one x86 (6.42.6) in a KVM virtual environment. The connection is established, but it frequently drops the ball and no traffic can pass between them. Sometimes it works for a full day, then drops again for extended periods. There're no subnets, I'm just doing the tunnel between the 2 external, public IPs. Tried with subnets, the same issue. The x86 one is running other tunnels to other peers without problems, so maybe the latest release is to blame on the RB850Gx2?

What can I check? Sometimes it works, sometimes it doesn't. Should I upgrade both to 6.42.7 or downgrade?

I removed the ipsec config for a while since the unsecured connection works between the 2 IPs and we need to do traffic between the peers. However I need the secure the connection, so I added the same config again. When I ping eg. IP2 from IP1, I see egress traffic in Torch on ether1 (the IF with the pubic IP) on ipsec proto and also ingress traffic on IP2 on ipsec proto, on both sides with the correct peer IPs, but the ping times out all the time, with other protocols timing out too. No egress ipsec traffic from IP2 to the peer IP. Pinging or any general traffic between the peers with no ipsec active works without problems. Disabling all blocking rules in the FW temporarily doesn't help.

Could someone please provide some hints? It's a very simple config and I have absolutely no idea what to change. Maybe it's a bug in ROS?