so guys, now i can start tunnel, the tunnel is UP.<br><br><br>i can see the ping , and the reply in my interface<br><span style="color: rgb(0, 153, 0);">14:57:32.259182 IP <a href="http://acobr190.acotelbr.com.br">acobr190.acotelbr.com.br
</a> > <a href="http://chattv01.m4u.com.br">chattv01.m4u.com.br</a>: ICMP echo request, id 33104, seq 832, length 64</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">14:57:32.259194 IP <a href="http://chattv01.m4u.com.br">
chattv01.m4u.com.br</a> > <a href="http://acobr190.acotelbr.com.br">acobr190.acotelbr.com.br</a>: ICMP echo reply, id 33104, seq 832, length 64</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">
14:57:33.203657 IP <a href="http://acobr190.acotelbr.com.br">acobr190.acotelbr.com.br</a> > <a href="http://chattv01.m4u.com.br">chattv01.m4u.com.br</a>: ICMP echo request, id 33104, seq 833, length 64</span><br style="color: rgb(0, 153, 0);">
<span style="color: rgb(0, 153, 0);">14:57:33.203668 IP <a href="http://chattv01.m4u.com.br">chattv01.m4u.com.br</a> > <a href="http://acobr190.acotelbr.com.br">acobr190.acotelbr.com.br</a>: ICMP echo reply, id 33104, seq 833, length 64
</span><br><br><br>but, in shell i dont see the ping and in /var/log/messages, i get a flood of <br><br><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: initiating Main Mode
</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</span><br style="color: rgb(153, 51, 0);">
<span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: STATE_MAIN_I2: sent MI2, expecting MR2</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: received Vendor ID payload [Cisco-Unity]</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: received Vendor ID payload [Dead Peer Detection]
</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: ignoring unknown Vendor ID payload [4bf4d2809c90ddc44ad8ebca2c03a199]</span>
<br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: I did not send a certificate because I do not have one.</span><br style="color: rgb(153, 51, 0);">
<span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: STATE_MAIN_I3: sent MI3, expecting MR3</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: Main mode peer ID is ID_IPV4_ADDR: '
<a href="http://200.184.147.253"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.184.147.253" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.184.147.253</a>'</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #9: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#8}</span><br style="color: rgb(153, 51, 0);">
<span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: ignoring informational payload, type IPSEC_INITIAL_CONTACT</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: received and ignored informational message</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #9: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #9: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2</span><br style="color: rgb(153, 51, 0);">
<span style="color: rgb(153, 51, 0);">Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #9: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xd1dde979 <0x7ff638d3 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:05 chattv01 pluto[5087]: "acotel-m4u" #8: cannot respond to IPsec SA request because no connection is known for <a href="http://200.150.149.0/24===200.150.149.196...200.184.147.253===200.184.147.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.150.149.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious:
200.150.149.0/24===200.150.149.196...200.184.147.253===200.184.147.0/24</a></span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:05 chattv01 pluto[5087]: "acotel-m4u" #8: sending encrypted notification INVALID_ID_INFORMATION to
<a href="http://200.184.147.253:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.184.147.253:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.184.147.253:500</a></span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:08 chattv01 pluto[5087]: "acotel-m4u" #8: cannot respond to IPsec SA request because no connection is known for
<a href="http://200.150.149.0/24===200.150.149.196...200.184.147.253===200.184.147.190/32"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.150.149.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.150.149.0/24===200.150.149.196...200.184.147.253===200.184.147.190/32</a></span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">
Apr 19 15:01:08 chattv01 pluto[5087]: "acotel-m4u" #8: sending encrypted notification INVALID_ID_INFORMATION to <a href="http://200.184.147.253:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.184.147.253:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.184.147.253:500</a></span><br style="color: rgb(153, 51, 0);">
<br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:20 chattv01 pluto[5087]: "acotel-m4u" #8: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb0c315e2 (perhaps this is a duplicated packet)
</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:20 chattv01 pluto[5087]: "acotel-m4u" #8: sending encrypted notification INVALID_MESSAGE_ID to <a href="http://200.184.147.253:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.184.147.253:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious:
200.184.147.253:500</a></span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:23 chattv01 pluto[5087]: "acotel-m4u" #8: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb857cbff (perhaps this is a duplicated packet)
</span><br style="color: rgb(153, 51, 0);"><span style="color: rgb(153, 51, 0);">Apr 19 15:01:23 chattv01 pluto[5087]: "acotel-m4u" #8: sending encrypted notification INVALID_MESSAGE_ID to <a href="http://200.184.147.253:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.184.147.253:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious:
200.184.147.253:500</a><br><br><br><span style="color: rgb(0, 0, 0);">Any hint??</span><br style="color: rgb(0, 0, 0);"><br style="color: rgb(0, 0, 0);"><br style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">
my ipsec.conf is:</span><br><br><br><span style="color: rgb(0, 153, 0);"># /etc/ipsec.conf - OpenSWAN IPSec configuration file</span><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">
#The version information is needed for OpenSWAN</span><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">version 2.0</span><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);">
<span style="color: rgb(0, 153, 0);"># basic configuration</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">config setup</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">
interfaces=%defaultroute</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> klipsdebug=none</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> plutodebug=none
</span><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"># Add connections here</span><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);">
<span style="color: rgb(0, 153, 0);">conn %default</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> esp=3des-md5-96</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">
authby=secret</span><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">conn acotel-m4u</span>
<br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> type=tunnel</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> left=<a href="http://200.184.147.253"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.184.147.253" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.184.147.253
</a></span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> leftnexthop=<a href="http://200.184.147.254"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.184.147.254" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.184.147.254</a></span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">
leftsubnet=<a href="http://200.184.147.22/32"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.184.147.22" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.184.147.22/32</a></span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> ikelifetime=86400</span><br style="color: rgb(0, 153, 0);">
<span style="color: rgb(0, 153, 0);"> right=<a href="http://200.150.149.196"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.150.149.196" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.150.149.196</a></span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> rightnexthop=<a href="http://200.150.149.193"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.150.149.193" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious:
200.150.149.193</a></span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> rightsubnet=<a href="http://200.150.149.196/32"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "200.150.149.196" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 200.150.149.196/32</a></span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);">
keyexchange=ike</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> pfs=no</span><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"> auto=start</span><br style="color: rgb(0, 153, 0);">
<br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><br style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 153, 0);"># Disable Opportunistic Encryption</span><br style="color: rgb(0, 153, 0);">
<span style="color: rgb(0, 153, 0);">include /etc/ipsec.d/examples/no_oe.conf</span><br><br></span><br><br><br>-- <br>Sergio Bazilio<br> Analista de Operações<br><br>