I've started to use IPsec between my OpenBSD hosts. So far, this has
been setup manually copying around the local.pub keys and running iked.
I noticed the ikectl command has the ca sub-command. I'm curious if
anyone has been running host-to-host IPsec for their OpenBSD clusters?
If so, how did you automate managing the key distribution, and other
support like the iked.conf and /etc/hosts?

It looks like you could script with ikectl, ssh, and rdist to get this
done.  I'm curious what other approaches there might be.

TIA,

			--Bruce