[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another field for traffic selector?
Assuming just for a moment that some "VPN-ID" type attribute would be useful.
Then, wouldn't something similar be required if someone actually
implemented "userid" specific selector? And, wanted to have separate
SA's for each user on a multiuser system (even when communicating with
the same other end).
If I ever implemented it, the policy would actually read as
dst = <someservice> -> use_user_specicic_IPSEC
(e.g. selector would match all traffic to/from <someservice>, but the
specification instructs system negotiate SA pair per user).