On 2011-05-02, Tobias Crefeld <t...@cataneo.eu> wrote: > >> I've successfully run IPSEC (iked and isakmpd both work), bridging and >> various network services this way. > > I moved from IPSEC to SSL/OpenVPN some years ago because it's more > robust against packet loss but in combination with routing protocols > like OSPF OpenVPN seems to be a bad choice as it keeps the > tunnel-interfaces AKA link-states always UP even if the tunnel is down. > Is there a way IPSEC can handle link-state-protocols better?
gre(4), which you can run inside ipsec, can do keepalives which will bring the link-state down when the tunnel is down. support for this was added to OpenBSD in 4.8.