Hi, just to toss in my 2 cents...
OpenBSD is a policy-based IPSec engine. Since you are considering a separate machine, it is possible to have a redundant connection, however the secondary machine must have a different public IP than the primary, or you have to connect to a separate endpoint on the remote end.
You may also be able to configure sasyncd, but that would require the second machine sharing carp interface groups with the first and the primary IP (either the public endpoint IP on your side or the private IP it is nat'd to) would need to be a floating IP between the machines.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
|