Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Frank_Aguilieri
Participant

IPsec Problem between Libreswan 4.12 and Check Point Gateway

Hello everyone,

 

 

I'm having trouble keeping an IPSec tunnel online, in Linux the ESP packets are dropped and it's necessary to restart the tunnel to get it working again.
My libreswan is on version 4.12 and the SMB Spark 1800 appliance is on R81.10.08.

Can Someone help me?

Below is tcpdump done on Linux:

11:48:24.687794 ens192 In  IP 1xx.xxx.xxx.3 > 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xd6), length 100
11:48:29.680462 ens192 In  IP 1xx.xxx.xxx.3 > 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xd7), length 100
11:48:34.687092 ens192 In  IP 1xx.xxx.xxx.3 > 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xd8), length 100
11:48:39.686347 ens192 In  IP 1xx.xxx.xxx.3 > 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xd9), length 100
11:48:44.692785 ens192 In  IP 1xx.xxx.xxx.3 > 1xx.xxx.xxx.15: ESP(spi=0x1c25b9af,seq=0xda), length 100

 

Linux config:

 

conn x0
        ike=aes-sha-modp1536
        keyexchange=ike
        ikev2=no
        aggrmode=no
        keyingtries=3
        type=tunnel
        authby=secret
        leftid=1xx.xxx.xxx.15
        left=%defaultroute
        esp=aes-sha
        ikelifetime=8h
        salifetime=1h
        auto=start
        pfs=no

conn x1
        also=x0
        leftsubnet=xxx.xxx.xx.xxx/xx
        rightsubnet=xxx.xxx.xx.xxx/xx
        right=1xx.xxx.xxx.3

 

Config Check Point Gw in attach

 

 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

This is most likely going to require TAC assistance and gathering the following debug: https://support.checkpoint.com/results/sk/sk62482 

Frank_Aguilieri
Participant

Thanks @PhoneBoy 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events