Hello Daniel
That’s an excellent question! I tried labbing this up and found the following:
In the first case I removed the tunnel key from Tunnel 2 on both ends. When pinging I found that the behavior remained the same, as if both keys were installed. It seems that both R1 and R2 recognize that the route that must be taken is via tunnel 1 since routing is configured that way, and since tunnel 1 still has keys on both ends, there is no confusion as to which tunnel to use.
In the second case I replaced the tunnel key on Tunnel 2 and removed it from Tunnel 1. I found that the pings from H1 were sent out of R1 correctly, as I see the Pkts Out column value increasing. However, I see that the packets never reach R2, or at least they never register on the stats of the tunnel interface. I would have to assume then that if a router like R2 has at least one GRE tunnel configured with a key, and the arriving packet has no key, it simply drops the packet.
I hope this has been helpful!
Laz