Hi, > The forceencaps=yes has been setup because the checkpoint was replying with > udp datagrams instead of ESP packets for an unknown reason.
That's definitively a bug in the checkpoint device. It has to propose UDP encapsulation if it wants to use it. The explanation for their weird strongSwan work around also sounds like bullshit to me. IMO their appliances are just crap. Or at least the IPsec related software on them. Kind regards Noel On 15.01.2018 15:26, Marco Berizzi wrote: > Hello everyone. > > Just for record: in agreement with the customer switching to IKEv2 and > enabling forceencaps=yes have resolved the interoperability problem. > > The forceencaps=yes has been setup because the checkpoint was replying with > udp datagrams instead of ESP packets for an unknown reason. > > Checkpoint customer is running R77.30
signature.asc
Description: OpenPGP digital signature
