IPSec tunnel over multiple interfaces

IPSec tunnel over multiple interfaces

Post by g.n.. » Sat, 23 Jul 2005 07:03:02

What I would like to do is set up an IPSec tunnel which connects over
the Internet using multiple interfaces. Allow me to explain.

I currently manage two networks: 10.1.x.x and 10.2.x.x. Gateway-A
( has an IPSec tunnel configured to talk to Gateway-B
(, making one big happy VPN. (For example, can
communicate with, despite the fact that they're on opposite
sides of the Internet).

The problem is that Gateway-A has two connections to the Internet which
are connected to T-1 links provided by different carriers. Gateway-B,
on the other hand, connects via an OC-48. Since the VPN can only use
one of Gateway-A's interfaces, my bandwidth across the tunnel is
limited to the speed of a single T-1, even though I have two.

I would like to configure these two endpoints to use both of
Gateway-A's Internet uplinks for their IPSec VPN. I'm using the KAME
tools for my VPN setup with 2.6.11. I imagine the solution would
involve something interesting like multiple routing tables, packet
mangling, or hacking the IPSec kernel module.  But if there's a simple
solution, I'd love to hear it.