I am trying to set use IPsec to transport (not tunnel) between an XP client and Monowall.  Because
the Monowall GUI does not allow setting this up I am trying to to use setkey to establish the
policy. When I enter the setkey commands (see below) in the monowall exec.php page I get the listed
reply.  When I check the status.php there is no entries in the SPD or SAD, just like the commands
did not take.

/usr/sbin/setkey -FP
         (returns $ /usr/sbin/setkey -FP)

/usr/sbin/setkey -F
         (returns $ /usr/sbin/setkey -F)

/usr/sbin/setkey -c spdadd 1.2.3.4/32 5.6.7.8/32 any -P out
         (returns $ /usr/sbin/setkey -c spdadd 1.2.3.4/32 5.6.7.8/32 any -P out)

/usr/sbin/setkey -c ipsec esp/transport/1.2.3.4-5.6.7.8/require
         (returns $ /usr/sbin/setkey -c ipsec esp/transport/1.2.3.4-5.6.7.8/require)

/usr/sbin/setkey -c spdadd 5.6.7.8/32 1.2.3.4/32 any -P in
         (returns $ /usr/sbin/setkey -c spdadd 5.6.7.8/32 1.2.3.4/32 any -P in)

/usr/sbin/setkey -c ipsec esp/transport/5.6.7.8-1.2.3.4/require
         (returns $ /usr/sbin/setkey -c ipsec esp/transport/5.6.7.8-1.2.3.4/require)

note:
  I replace 1.2.3.4 in the example with 192.168.2.1 (the ip of the WLAN nic)
  I replace 5.6.7.8 in the example with 192.168.2.98 (the ip of the XP client) 

I have tried adding " ; " to the end of each command and the results are the same.

I would appreciate any help on setting up the transport policy without using the GUI.  Thanks, Bob.


		
---------------------------------
Yahoo! Photos
 Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.