cp_client CLI connects but fails to configure IPv4 and routing automatically (Check Point VPN)

Problem Summary:

I'm attempting to use the open-source cp_client CLI (from cpvpn) to connect to a Check Point VPN server. The VPN connection works perfectly with the official Check Point Endpoint Security GUI client, but I encounter issues using the CLI tool (cp_client). The CLI client establishes a connection and receives an IPv4 address from the VPN server but fails to automatically assign this IPv4 address to the VPN interface or correctly set up routes.

Detailed Technical Description:

Successful scenario (Check Point GUI Client)

When connecting via the official Check Point Endpoint Security GUI client:

  • The VPN interface (utun7) receives and configures an IPv4 address automatically:

    inet 192.168.120.25 --> 192.168.120.24 netmask 0xffffff00

  • The client automatically sets up routing, including:

    10.100.0.0/16 via 192.168.120.24
10.103.0.0/24
10.104.0.0/24
10.110.0.0/24 via 192.168.120.24

  • DNS servers are also set automatically:

    10.100.0.101
10.100.0.107

Issue with cp_client CLI:

Using the CLI (cp_client) shows these issues:

  • The connection is established, and the log output indicates that the VPN server assigned IPv4 address 192.168.120.32. However, the IPv4 is never automatically assigned to the VPN interface (utun0). Only an IPv6 address appears:

    utun0: flags=8051 mtu 1350
    inet6 fe80::6879:3529:1f19:9713%utun0

  • Manual assignment of the IPv4 address and manual routing doesn't successfully enable communication through the VPN.

Manual Steps Attempted (without success):

  • Manually assigning the IPv4:

    sudo ifconfig utun0 inet 192.168.120.29 192.168.120.24 netmask 255.255.255.0 mtu 1350 up

  • Manually adding routes:

    sudo route add -net 10.100.0.0/16 192.168.120.24
sudo route add -net 10.110.0.0/24 192.168.120.24

  • Using the cp_client with explicit transport mode and interface:

    sudo cp_client -S ./script.sh -u user --passwd-on-stdin example.server.com

Despite these steps, no successful IP-level communication is established.

Potential Root Cause:

I suspect the cp_client might not be correctly handling tunnel establishment details such as:

  • Proper IPv4 assignment to VPN interfaces
  • Correct MTU settings (the GUI client uses MTU 1350, which I've explicitly set in the CLI)
  • Encryption or authentication parameters that the GUI client negotiates automatically

Environment Details:

  • OS: macOS (M4 MacBook Pro, latest macOS version)
  • VPN Server: Check Point (official GUI client works perfectly)
  • CLI Client: cpvpn (cp_client)

Help Needed:

  • Guidance on why cp_client doesn't automatically apply IPv4 configuration to the VPN interface
  • Clarification on additional settings or steps needed to match the official Check Point GUI client behavior
  • Any compatibility details between Check Point VPN servers and third-party clients like cp_client
  • To write the -S script.sh correctly to make all work

Any help or direction is appreciated. Thanks!