Running OpenBSD 4.5 (I know, I should upgrade it), with isakmpd and ipsec.
Here's what I want to do:
|----------|==================SiteB)
SiteA ---| Firewall | VPN Tunnels )---multiple subnets
|----------|==================SiteC)
In words:
I have a site in the US with an OpenBSD 4.5 firewall. It has one
connection to the Internet via a University LAN. We have set up IPsec
tunnels to 2 UK sites, which each act as VPN gateways to multiple
subnets. We want to have failover between the tunnels, but we want the
primary routes for the subnets to be configured through the "closest"
gateway.
I've seen lots of discussion on how to do failover if you have multiple
external connections, but basically we are trying to set up failover if
one of the remote endpoints goes down, and to route the subnets on the
remote end dynamically.
Is this even possible?
--
Henry Stilmack <h.stilm...@jach.hawaii.edu> Systems Administrator
UK/Canada/Netherlands Joint Astronomy Centre Tel: +1 808-969-6530
660 N. A'ohoku Place, Hilo, HI 96720 Fax: +1 808-961-6516
GPG key: ID=70E73E16 Signature=133F14E79A8AE9858F38 3BA8BF2D914A70E73E16
