On 2008-06-17, Russell Howe <[EMAIL PROTECTED]> wrote:
> I have a pair of firewall routers running OpenBSD (4.1 and 4.2 at
> present - need to get them updated) and I recently added an IPsec tunnel
> to their configurations, using ipsecctl and ipsec.conf complete with
> sasyncd.
>
> This works fine, and the host which is master of the carp interface I've
> told isakmpd to use gets routes to and from the remote network in the
> "Encap" section of route(8)'s output.
I tie sasyncd to a carp(4) interface and configure that interface with
a prefix that covers all of the IPsec routes on that cluster, and list
it in ospfd.conf like "interface carp46 { passive }". It's a bit messy
but works reasonably well.
