Additional Approaches: (1)Using a PRPA as TIA IPv6: Configure a link-local and global before PANA (DHCPv6 or stateless) TIA=global, TOA=link-local Requires SPD selection based on the name (session-ID), not the IP address Explicit support in RFC2401bis Name is set, address selectors are NULL RFC2401? Not clear. Racoon’s generate_policy directive Authenticate peer by PSK, accept proposed TIA (skip SPD check), than create SPD Should we include this? |