IPsec trouble with 24.1.5_3

[slykens]

Hello All -

I started having a lot of performance and reliability problems with my Zerotier network with 24.1.4. Because of this I built an IPsec mesh to operate alongside and provide failover for the Zerotier network. This had worked pretty well with bfd and bgp in the mix to failover properly.

Now with 24.1.5_3 I've got very unpredictable IPsec behavior - on at least two of four nodes in my network it seems to be passing all interface IPs to the other side which causes the IKE SA to be renegotiated from internal IPv4s or external IPv4 even though all tunnels are configured for IPv6 only - this renegotiation seems to break the tunnels. These are route-based tunnels configured through the Tunnel Settings UI. (Is that the problem?)

I feel like I'm taking crazy pills trying to diagnose this. Nothing in the logs makes it clear what's going on - logs will show IPv6 conversation then suddenly it builds a new IKE SA on IPv4 with addresses that are not configured in any way for the tunnels. (For example, one IKE SA switched from public IPv6 addresses to 10.15.1.1 -- 10.250.0.11 which are both random internal addresses from each side)

I'm hoping for some ideas or guidance on where to try to starting figuring this one out. Thanks,