[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another field for traffic selector?

Assuming just for a moment that some "VPN-ID" type attribute would be useful.

Then, wouldn't something similar be required if someone actually
implemented "userid" specific selector? And, wanted to have separate
SA's for each user on a multiuser system (even when communicating with
the same other end).

If I ever implemented it, the policy would actually read as

  dst = <someservice> -> use_user_specicic_IPSEC

(e.g. selector would match all traffic to/from <someservice>, but the
specification instructs system negotiate SA pair per user).