Hi,

has anyone ever had success with setting up transport mode associations
from anonymous clients with isakmpd?

I'm using 1.6.1_RC1 and the isakmpd-20021118 from pkgsrc.  The clients are
authenticated through X.509 certificates.

Things go pretty well until the SAs and SPDs have to be set up.
When the client requests a transport mode association the kernel
ends up using a tunnel mode SPD of the follownng form:

$client[any] $gw[any] any
        in ipsec
        esp/tunnel/$client-$gw/use
        created: Feb 21 12:30:55 2003  lastused: Feb 21 12:31:27 2003
        lifetime: 0(s) validtime: 0(s)
        spid=10 seq=1 pid=2795
        refcnt=2
$gw[any] $client[any] any
        out ipsec
        esp/tunnel/$gw-$client/require
        created: Feb 21 12:30:55 2003  lastused: Feb 21 12:31:50 2003
        lifetime: 0(s) validtime: 0(s)
        spid=9 seq=0 pid=2795
        refcnt=2

--chris