I have two OpenBSD boxes, two WAN network cards for each, and two links ("main" and "backup"):
LAN1---fxp0 BSD1 em0----Link1 (main)------em0 BSD2 fxp0---LAN2
I have isakmpd/IPsec connections for traffic between LAN1 and LAN2 (tunnel mode on BSD), i.e. IPsec SA between BSD1-em0 & BSD2-em0.
I want to configure some kind of "backup" IPsec for the same traffic, between same hosts BSD1 & BSD2.
I think, without IKE/IPsec, situation is very simple. We put ospfd on BSD1 and BSD2; when main link is broken, ospf send traffic to backup link. But, how configure IPsec i.e. ipsec.conf for this situation? Is there any reason to create CARP and sasyncd? But how? Some other link/idea?