Okie dokie.. so I used a loopback instead:
gw1:
add interface lo loopback 169.254.1.1/32
add vpn tunnel 1 type unnumbered peer FOO-gw dev loop00
set static-route 192.168.100.0/24 nexthop gateway logical vpnt1 on
gw2:
add interface lo loopback 169.254.1.2/32
add vpn tunnel 1 type unnumbered peer FOO-gw dev loop00
set static-route 192.168.100.0/24 nexthop gateway logical vpnt1 on
In SmartConsole:
Edit cluster object - Network Management - Get Interfaces -> "Get Interfaces WITHOUT topology" (my emphasis)
The physical IP of vpnt1 on each cluster member was the Gaia config (as expected). I configured the VIP of "vpnt1" to be the same IP as the same IP of the physical egress interface (eth0, in this case; for my customer this was a bond0.X VLAN).
This actually works... wow. I'm a bit surprised. 🙂 I ran a VPN debug to see what was going on, and ... nothing much, actually. It looked just about the same as any typical IKEv2 VPN would. The traffic selectors did their thing as you'd expect. VPN came up, and I tested clusterXL_admin down/up on each of the cluster members while passing traffic. Nothing unusual.
R80.40 HFA 139 for my customer, but HFA 158 for my lab VMs.