View Single Post
  #1   (View Single Post)  
Old 20th December 2012
igy01 igy01 is offline
Port Guard
 
Join Date: Jan 2011
Posts: 20
Default Ipsec and backup link

I have two OpenBSD boxes, two WAN network cards for each, and two links ("main" and "backup"):

Code:
LAN1---fxp0 BSD1 em0----Link1 (main)------em0 BSD2 fxp0---LAN2
             ----em1----Link2 (backup)----em1
I have isakmpd/IPsec connections for traffic between LAN1 and LAN2 (tunnel mode on BSD), i.e. IPsec SA between BSD1-em0 & BSD2-em0.

I want to configure some kind of "backup" IPsec for the same traffic, between same hosts BSD1 & BSD2.

I think, without IKE/IPsec, situation is very simple. We put ospfd on BSD1 and BSD2; when main link is broken, ospf send traffic to backup link. But, how configure IPsec i.e. ipsec.conf for this situation? Is there any reason to create CARP and sasyncd? But how? Some other link/idea?

Last edited by igy01; 20th December 2012 at 06:54 PM.
Reply With Quote