As per the topic title, I'm running a few IKEv2 tunnels on a RB4011.
A bunch of Windows clients connect to it, three of my other MikroTiks for now (hAP ac2) and one FreeBSD based router I think (support for some software uses it) which stacks up PH2 count from time to time, but that's not an issue, for now.
All the Tiks are running v6.46.6.
Between the Tiks I have only a simple policy between two IPs over which I run an IPIP Tunnel.
Now, from time to time, when I check the Active Peers, I see one, two, or all three of those Tiks with the sides reversed. (all the clients as initiators).
Checked on the hAP ac2s and they also say "responder".
Everything works though, the IPIP Tunnels never go down, but should I be worried about this?
The RB4011 has the peer configured with passive=yes & send-initial-contact=no.
The hAP ac2s have the peer configured with passive=no & send-initial-contact=yes.
Code: Select all
/ip ipsec active-peers> print detail
Flags: R - responder, N - natt-peer
0 RN id="win-22" side=responder dynamic-address=172.28.248.22 uptime=2w4d1h5m28s last-seen=1m3s ph2-total=1
1 RN id="win-23" side=responder dynamic-address=172.28.248.23 uptime=2w3d1h7m35s last-seen=1m13s ph2-total=1
2 RN id="win-21" side=responder dynamic-address=172.28.248.21 uptime=1w3d10s last-seen=1m24s ph2-total=1
3 RN id="win-25" side=responder dynamic-address=172.28.248.25 uptime=1w2d23h1m6s last-seen=20s
4 id="ac2-69" side=initiator dynamic-address=172.28.252.69 uptime=6d17h18m25s last-seen=1m5s ph2-total=1
5 RN id="win-12" side=responder dynamic-address=172.28.248.12 uptime=5d16h21m30s last-seen=1m17s
6 RN id="win-11" side=responder dynamic-address=172.28.248.11 uptime=3d1h41m20s last-seen=1m13s ph2-total=1
7 id="ac2-134" side=initiator dynamic-address=172.28.252.134 uptime=3d10m22s last-seen=41s ph2-total=1
8 N id="ac2-135" side=initiator dynamic-address=172.28.252.135 uptime=2d23h52m30s last-seen=1m11s ph2-total=1
9 R id="bsd" side=responder uptime=11h42m24s last-seen=0s ph2-total=2
10 RN id="win-42" side=responder dynamic-address=172.28.248.42 uptime=2h18m38s last-seen=33s ph2-total=1
11 RN id="win-13" side=responder dynamic-address=172.28.248.13 uptime=2h13s last-seen=22s
12 RN id="win-14" side=responder dynamic-address=172.28.248.14 uptime=45m11s last-seen=1m9s ph2-total=1
13 RN id="win-47" side=responder dynamic-address=172.28.248.47 uptime=25m30s last-seen=1m29s ph2-total=1
14 RN id="win-44" side=responder dynamic-address=172.28.248.44 uptime=11m3s last-seen=1m3s ph2-total=1
Code: Select all
8 RN id="ac2-135" side=responder dynamic-address=172.28.252.135 uptime=3d4m20s last-seen=54s ph2-total=1