Multiple matching SAs - IPsec 'failover'?
So I've got a situation where a client wants to set up a VPN for VoIP to a satellite office a block or so away. At the main office, they're already using dual-WAN failover in pfSense. At the satellite I've got pfSense up and running with an SA to the primary WAN at the main office.
What I'm wondering is if I set up a matching SA to the other WAN IP at the main office, will pfSense detect if one of the WANs goes down and switch to the other SA? That is of course assuming I can create the two SAs at the same time to begin with.
Dual WAN at the satellite isn't an option right now, but I would like to be able to handle the primary WAN at the main office going down, as all 3 WAN connections are on different ISPs, the satellite isn't likely to be taken out by an outage that would take out the primary WAN connection. I am curious though if a similar setup would work, but with 4 SAs at each side to handle any single link failure at each site.