by What I would like to do is set up an IPSec tunnel which connects over
the Internet using multiple interfaces. Allow me to explain.
I currently manage two networks: 10.1.x.x and 10.2.x.x. Gateway-A
(10.1.1.1) has an IPSec tunnel configured to talk to Gateway-B
(10.2.1.1), making one big happy VPN. (For example, 10.1.8.8 can
communicate with 10.2.9.9, despite the fact that they're on opposite
sides of the Internet).
The problem is that Gateway-A has two connections to the Internet which
are connected to T-1 links provided by different carriers. Gateway-B,
on the other hand, connects via an OC-48. Since the VPN can only use
one of Gateway-A's interfaces, my bandwidth across the tunnel is
limited to the speed of a single T-1, even though I have two.
I would like to configure these two endpoints to use both of
Gateway-A's Internet uplinks for their IPSec VPN. I'm using the KAME
tools for my VPN setup with 2.6.11. I imagine the solution would
involve something interesting like multiple routing tables, packet
mangling, or hacking the IPSec kernel module. But if there's a simple
solution, I'd love to hear it.