Hi folks,
As a follow-up of the previous discussion about ESN and anti-replay
entanglement problem, we've prepared a draft:
https://datatracker.ietf.org/doc/draft-pan-ipsecme-anti-replay-notification/
The current draft mainly wants to highlight the problem.
It also gives a preliminary solution
Hi folks,
We've encountered a real problem when using IPsec in the Multi-VPN environment.
We find that separate IPsec tunnels (i.e., different IKE SAs and different
Child SAs) are needed for each VPN to distingue the traffic from different VPNs.
But, due to the number of peer devices and the numb
Initial thought while having morning coffee.
I can see how you want an extra SPD selector for the VPN ID - but maybe call it
Namespace ID or something else as VPN ID is confusing.
Your gateway that needs to support say 256 VPN IDs could split up its SPI range
so it can detect which VPN to send
Hi chairs,
We have a new draft on IKEv2 support for ShangMi cryptographic algorithm
suites: https://datatracker.ietf.org/doc/draft-guo-ipsecme-ikev2-using-shangmi/.
The main purpose of this draft is to describe how the Chinese mandatory and ISO
standard ShangMi cryptographic algorithms can be use
