Последняя вариант конфигурации выглядит так (ospf на L2VPN-интерфейсе не шифрую):2821:
interface Tunnel0
bandwidth 512
ip address 172.16.17.1 255.255.255.252
ip ospf network point-to-point
tunnel source GigabitEthernet0/1.1
tunnel destination 195.184.XXX.YYY
tunnel mode ipsec ipv4
tunnel protection ipsec profile GRE_IPSEC
interface GigabitEthernet0/1.169
bandwidth 256
encapsulation dot1Q 169
ip address 172.16.16.1 255.255.255.252
ip ospf network point-to-point
crypto map APK_VPN_MAP1
service-policy output SHAPER_256
router ospf 1
router-id 172.16.16.1
log-adjacency-changes
redistribute connected subnets route-map REDIST_STATIC
redistribute static subnets route-map REDIST_STATIC
network 172.16.16.0 0.0.0.3 area 0
router ospf 2
router-id 172.16.17.1
log-adjacency-changes
redistribute connected subnets route-map REDIST_STATIC
redistribute static subnets route-map REDIST_STATIC
network 172.16.17.0 0.0.0.3 area 0
Neighbor ID Pri State Dead Time Address Interface
172.16.17.2 0 FULL/ - 00:00:35 172.16.17.2 Tunnel0
172.16.16.2 0 FULL/ - 00:00:35 172.16.16.2 GigabitEthernet0/1.169
Tunnel0 is up, line protocol is up
Internet Address 172.16.17.1/30, Area 0
Process ID 2, Router ID 172.16.17.1, Network Type POINT_TO_POINT, Cost: 195
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:02
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 39
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.17.2
Suppress hello for 0 neighbor(s)
GigabitEthernet0/1.169 is up, line protocol is up
Internet Address 172.16.16.1/30, Area 0
Process ID 1, Router ID 172.16.16.1, Network Type POINT_TO_POINT, Cost: 390
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:00
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 40
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.16.2
Suppress hello for 0 neighbor(s)
1841:
interface Tunnel0
bandwidth 512
ip address 172.16.17.2 255.255.255.252
ip ospf network point-to-point
tunnel source FastEthernet0/1.20
tunnel destination 92.242.YYY.ZZ
tunnel mode ipsec ipv4
tunnel protection ipsec profile GRE_IPSEC
interface FastEthernet0/1.169
bandwidth 256
encapsulation dot1Q 169
ip address 172.16.16.2 255.255.255.252
ip ospf network point-to-point
crypto map VPN_MAP1
service-policy output SHAPER_256
router ospf 1
router-id 172.16.16.2
log-adjacency-changes
redistribute connected subnets route-map REDIST_STATIC
network 172.16.16.0 0.0.0.3 area 0
router ospf 2
router-id 172.16.17.2
log-adjacency-changes
redistribute connected subnets route-map REDIST_STATIC
network 172.16.17.0 0.0.0.3 area 0
172.16.17.1 0 FULL/ - 00:00:38 172.16.17.1 Tunnel0
172.16.16.1 0 FULL/ - 00:00:36 172.16.16.1 FastEthernet0/1.169
Tunnel0 is up, line protocol is up
Internet Address 172.16.17.2/30, Area 0
Process ID 2, Router ID 172.16.17.2, Network Type POINT_TO_POINT, Cost: 195
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:06
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.17.1
Suppress hello for 0 neighbor(s)
FastEthernet0/1.169 is up, line protocol is up
Internet Address 172.16.16.2/30, Area 0
Process ID 1, Router ID 172.16.16.2, Network Type POINT_TO_POINT, Cost: 390
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:06
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.16.1
Suppress hello for 0 neighbor(s)
Вышеописанная непереключаемость сохранилась, но, плюс ко всему, после перезагрузки 1841 садится на канал с большей стоимостью.