https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPsec-Problem-between-Libreswan-4-12-and-Check-Point-Gateway/m-p/199796#M9926 <P>This is most likely going to require TAC assistance and gathering the following debug:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk62482" target="_blank">https://support.checkpoint.com/results/sk/sk62482</A>&nbsp;</P> Tue, 05 Dec 2023 19:41:23 GMT PhoneBoy 2023-12-05T19:41:23Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPsec-Problem-between-Libreswan-4-12-and-Check-Point-Gateway/m-p/199771#M9925 <P>Hello everyone,</P><P>&nbsp;</P><P>&nbsp;</P><P>I'm having trouble keeping an IPSec tunnel online, in Linux the ESP packets are dropped and it's necessary to restart the tunnel to get it working again.<BR />My libreswan is on version 4.12 and the SMB Spark 1800 appliance is on R81.10.08.</P><P>Can Someone help me?</P><P>Below is tcpdump done on Linux:</P><P><SPAN>11:48:24.687794 ens192 In &nbsp;IP 1xx.xxx.xxx.3 &gt; 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xd6), length 100<BR />11:48:29.680462 ens192 In &nbsp;IP 1xx.xxx.xxx.3 &gt; 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xd7), length 100<BR />11:48:34.687092 ens192 In &nbsp;IP 1xx.xxx.xxx.3 &gt; 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xd8), length 100<BR />11:48:39.686347 ens192 In &nbsp;IP 1xx.xxx.xxx.3 &gt; 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xd9), length 100<BR />11:48:44.692785 ens192 In &nbsp;IP 1xx.xxx.xxx.3 &gt; 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xda), length 100</SPAN></P><P>&nbsp;</P><P><SPAN>Linux config:</SPAN></P><P>&nbsp;</P><P><SPAN>conn x0<BR />&nbsp; &nbsp; &nbsp; &nbsp; ike=aes-sha-modp1536<BR />&nbsp; &nbsp; &nbsp; &nbsp; keyexchange=ike<BR />&nbsp; &nbsp; &nbsp; &nbsp; ikev2=no<BR />&nbsp; &nbsp; &nbsp; &nbsp; aggrmode=no<BR />&nbsp; &nbsp; &nbsp; &nbsp; keyingtries=3<BR />&nbsp; &nbsp; &nbsp; &nbsp; type=tunnel<BR />&nbsp; &nbsp; &nbsp; &nbsp; authby=secret<BR />&nbsp; &nbsp; &nbsp; &nbsp; leftid=1xx.xxx.xxx.15<BR />&nbsp; &nbsp; &nbsp; &nbsp; left=%defaultroute<BR />&nbsp; &nbsp; &nbsp; &nbsp; esp=aes-sha<BR />&nbsp; &nbsp; &nbsp; &nbsp; ikelifetime=8h<BR />&nbsp; &nbsp; &nbsp; &nbsp; salifetime=1h<BR />&nbsp; &nbsp; &nbsp; &nbsp; auto=start<BR />&nbsp; &nbsp; &nbsp; &nbsp; pfs=no<BR /><BR />conn x1<BR />&nbsp; &nbsp; &nbsp; &nbsp; also=x0<BR />&nbsp; &nbsp; &nbsp; &nbsp; leftsubnet=xxx.xxx.xx.xxx/xx<BR />&nbsp; &nbsp; &nbsp; &nbsp; rightsubnet=xxx.xxx.xx.xxx/xx<BR />&nbsp; &nbsp; &nbsp; &nbsp; right=1xx.xxx.xxx.3<BR /></SPAN></P><P>&nbsp;</P><P><SPAN>Config Check Point Gw in attach</SPAN></P><DIV class="">&nbsp;</DIV><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Dec 2023 15:38:10 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPsec-Problem-between-Libreswan-4-12-and-Check-Point-Gateway/m-p/199771#M9925 Frank_Aguilieri 2023-12-05T15:38:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPsec-Problem-between-Libreswan-4-12-and-Check-Point-Gateway/m-p/199796#M9926 <P>This is most likely going to require TAC assistance and gathering the following debug:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk62482" target="_blank">https://support.checkpoint.com/results/sk/sk62482</A>&nbsp;</P> Tue, 05 Dec 2023 19:41:23 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPsec-Problem-between-Libreswan-4-12-and-Check-Point-Gateway/m-p/199796#M9926 PhoneBoy 2023-12-05T19:41:23Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPsec-Problem-between-Libreswan-4-12-and-Check-Point-Gateway/m-p/199801#M9927 <P>Thanks&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;</P> Tue, 05 Dec 2023 20:04:18 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPsec-Problem-between-Libreswan-4-12-and-Check-Point-Gateway/m-p/199801#M9927 Frank_Aguilieri 2023-12-05T20:04:18Z