Subject: Re: netkey API has severe problems
To: Alan Barrett <apb@cequrux.com>
From: None <itojun@iijlab.net>
List: tech-kern
Date: 04/04/2000 20:56:42
>> racoon should grab policy configuration from the kernel and compile
>> IKE phase proposal based on it. sakane (cc'ed) is working on it.
>To deal with roaming users, you should be able to have a policy like
>"I don't care what IP address the remote side uses; I require the
>remote side to present a user_fqdn from a preconfigured list, and to
>know the associated secret; then I want all traffic to be protected by
>algorithms X and Y". There's no way to configure such a policy into
>the kernel; you have to configure it into racoon.
yup, for responder side, racoon would need to put some SPD entries
into the kernel for some cases (roaming user case). I agree with it.
itojun