Maybe it can be useful for others: basically the solution was using on pfsense side the larges possibile 10.128.0.0/16 network offered from the remote peer (checkpoint).
I did not understand well IKEv2 traffic selectors. See https://wiki.strongswan.org/issues/2484 Enrico. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
