Packet handling based on user information included in packet headers by a network gateway

What is claimed is: 1. A method of passing information about a user into a network environment from a gateway to the network environment, the method comprising: in the gateway: establishing a first connection between the gateway and a first connection endpoint outside of the network environment, wherein the first connection is established based on authentication of user information received from the first connection endpoint; adding the user information to a packet header of one or more packets carrying a request to establish a second connection between the gateway and a second connection endpoint within the network environment; and transferring the one or more packets towards the second connection endpoint. 2. The method of claim 1 , wherein the one or more first packets comply with Internet Protocol version 4 and wherein adding the user information to the packet header comprises: including the user information to an option type field of the packet header. 3. The method of claim 1 , wherein the one or more first packets comply with Internet Protocol version 6 and wherein adding the user information to the packet header comprises: including the user information to an extension header of the packet header. 4. The method of claim 1 , further comprising: in the gateway, establishing a second connection within the network environment using a transport protocol. 5. The method of claim 4 , wherein the one or more first packets comprise handshake packets exchanged during a handshake procedure for the transport protocol. 6. The method of claim 1 , wherein the one or more first packets comprise packets received via the first connection. 7. The method of claim 1 , wherein the first connection comprises a virtual private network (VPN) connection between the gateway and the first connection endpoint. 8. The method of claim 7 , comprising: before adding the user information to the packet header, removing encapsulation of the one or more first packets for the VPN connection. 9. The method of claim 1 , further comprising: implementing microsegmentation within the network environment based on the user information in the packet header. 10. The method of claim 9 , wherein implementing the microsegmentation comprises: enforcing policies at one or more packet network interfaces within the network environment. 11. An apparatus for passing information about a user into a network environment from a gateway to the network environment, the apparatus comprising: one or more computer readable storage media; a processing system operatively coupled with the one or more computer readable storage media; and program instructions stored on the one or more computer readable storage media for a network traffic optimizer that, when read and executed by the processing system, direct the processing system to: establish a first connection between the gateway and a first connection endpoint outside of the network environment, wherein the first connection is established based on authentication of user information received from the first connection endpoint; add the user information to a packet header of one or more packets carrying a request to establish a second connection between the gateway and a second connection endpoint within the network environment; and transfer the one or more packets towards the second connection endpoint. 12. The apparatus of claim 11 , wherein the one or more first packets comply with Internet Protocol version 4 and wherein to add the user information to the packet header, the program instructions direct the processing system to: include the user information to an option type field of the packet header. 13. The apparatus of claim 11 , wherein the one or more first packets comply with Internet Protocol version 6 and wherein to add the user information to the packet header, the program instructions direct the processing system to: include the user information to an extension header of the packet header. 14. The apparatus of claim 11 , wherein the program instructions further direct the processing system to: establish a second connection within the network environment using a transport protocol. 15. The apparatus of claim 14 , wherein the one or more first packets comprise handshake packets exchanged during a handshake procedure for the transport protocol. 16. The apparatus of claim 11 , wherein the one or more first packets comprise packets received via the first connection. 17. The apparatus of claim 11 , wherein the first connection comprises a virtual private network (VPN) connection between the gateway and the first connection endpoint. 18. The apparatus of claim 17 , wherein the program instructions further direct the processing system to: remove encapsulation of the one or more first packets for the VPN connection before adding the user information to the packet header. 19. The apparatus of claim 11 , wherein the program instructions further direct the processing system to: implement microsegmentation within the network environment based on the user information in the packet header, wherein the microsegmentation includes enforcing policies at one or more packet network interfaces within the network environment. 20. One or more computer readable storage media having program instructions stored thereon for passing information about a user into a network environment from a gateway to the network environment, the program instructions, when read and executed by a processing system, direct the processing system to: receive user information from a first connection endpoint outside of the network environment; in response to authorizing the user based on the user information, establish a first connection with the first connection endpoint; add the user information to a packet header of one or more first packets associated with the first connection; and transfer the one or more first packets into the network environment.