IPSec tunnel over multiple interfaces
What I would like to do is set up an IPSec tunnel which connects over the Internet using multiple interfaces. Allow me to explain.
I currently manage two networks: 10.1.x.x and 10.2.x.x. Gateway-A (10.1.1.1) has an IPSec tunnel configured to talk to Gateway-B (10.2.1.1), making one big happy VPN. (For example, 10.1.8.8 can communicate with 10.2.9.9, despite the fact that they're on opposite sides of the Internet).
The problem is that Gateway-A has two connections to the Internet which are connected to T-1 links provided by different carriers. Gateway-B, on the other hand, connects via an OC-48. Since the VPN can only use one of Gateway-A's interfaces, my bandwidth across the tunnel is limited to the speed of a single T-1, even though I have two.
I would like to configure these two endpoints to use both of Gateway-A's Internet uplinks for their IPSec VPN. I'm using the KAME tools for my VPN setup with 2.6.11. I imagine the solution would involve something interesting like multiple routing tables, packet mangling, or hacking the IPSec kernel module. But if there's a simple solution, I'd love to hear it.