[strongSwan] checkpoint interoperability problem
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jan 16 19:00:00 CET 2018
Hi,
> The forceencaps=yes has been setup because the checkpoint was replying with udp datagrams instead of ESP packets for an unknown reason.
That's definitively a bug in the checkpoint device. It has to propose UDP encapsulation if it wants to use it.
The explanation for their weird strongSwan work around also sounds like bullshit to me.
IMO their appliances are just crap. Or at least the IPsec related software on them.
Kind regards
Noel
On 15.01.2018 15:26, Marco Berizzi wrote:
> Hello everyone.
>
> Just for record: in agreement with the customer switching to IKEv2 and enabling forceencaps=yes have resolved the interoperability problem.
>
> The forceencaps=yes has been setup because the checkpoint was replying with udp datagrams instead of ESP packets for an unknown reason.
>
> Checkpoint customer is running R77.30
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180116/2c2b9ab7/attachment.sig>
More information about the Users
mailing list