A new firewall

I am still using an old 486 as firewall. Several times I have said that I was going to replace it "the next time it reboots", but the system is so rock stable that it never had to be rebooted. However, the system is too slow and can't handle a large number of connections. Time for a replacement, and this time I mean it!

Instead of installing yet another debian system, I decided it is time for something new. For a firewall the obvious choice would be OpenBSD. It has most of the firewalling features that I need, uses sane default values (in most cases) and has some interesting features that I want to experiment with (carp/pfsync).

Aside from firewalling, I also want to configure two IPSec VPN tunnels to remote devices. The remote devices are netscreen firewalls, they are quite flexible, i have configured VPNs with all kinds of funky systems ranging from checkpoint clusters to cheap soho routers. So I don't really expect any problems here.
The idea is to run OSPF on top of that. One of the VPN tunnels is meant as a backup in case the other tunnel fails. Adding multiple routes with different metrics is a possibility but I don't like having to add them manually every time new subnets are created or linked with the central site.

Oh, and of course my IPv6 tunnels need to be configured as well, but i'm not expecting any issues there either.