On 2014-08-05, David Dahlberg <[email protected]> wrote: > I do not know enough of Cisco to be able to tell you whether or not > one may cluster their routers/VPN gateways. But you have multiple > options to emulate the fallback behaviour that you described above. > > 1) Just configure two tunnels, to both Cisco gateways. Give one route(8) > -priority, or use a dynamic routing protocol. > > 2) You may use ifstated or similar to monitor the gateways and tunnels > and switch over, when indicated.
Note that for these methods you'll need to use some explicit encapsulation (for example, gif or gre) rather than using standard ipsec tunnels. On OpenBSD IPsec is flow-based and there is no option for route-based like various other vendors support.
