svn commit: r51161 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Tue Oct 31 12:41:13 UTC 2017
Author: ryusuke
Date: Tue Oct 31 12:41:12 2017
New Revision: 51161
URL: https://svnweb.freebsd.org/changeset/doc/51161
Log:
- Merge the following from the English version:
r32503 -> r32597 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Tue Oct 31 12:27:38 2017 (r51160)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Tue Oct 31 12:41:12 2017 (r51161)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r32503
+ Original revision: r32597
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -3367,9 +3367,7 @@ Connection closed by foreign host.</screen>
</authorgroup>
</info>
- <para>¤³¤ÎÀá¤Ç¤Ï¡¢FreeBSD ¤È
- <application>µsoft.windows; 2000/XP</application>
- ¤«¤é¤Ê¤ë´Ä¶¤Ë¤ª¤¤¤Æ¡¢IPsec ¤òÀßÄꤷ¡¢ÍøÍѤ¹¤ë²áÄø¤òÄ̤¸¤Æ¡¢
+ <para>¤³¤ÎÀá¤Ç¤Ï¡¢IPsec ¤òÀßÄꤹ¤ë²áÄø¤òÄ̤·¤Æ¡¢
IPsec ¤ò»È¤Ã¤¿°ÂÁ´¤ÊÄÌ¿®¤Î¼Â¸½ÊýË¡¤Ë¤Ä¤¤¤Æ²òÀ⤷¤Þ¤¹¡£
IPsec ¤òÀßÄꤹ¤ë¤¿¤á¤Ë¤Ï¡¢
¥«¥¹¥¿¥à¥«¡¼¥Í¥ë¤Î¹½ÃÛÊýË¡¤ò¤è¤¯ÃΤäƤ¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹
@@ -3384,45 +3382,6 @@ Connection closed by foreign host.</screen>
<link xlink:href="http://www.kame.net/">KAME</link>
¼ÂÁõ¤ò¥Ù¡¼¥¹¤È¤·¤Æ¤¤¤Þ¤¹¡£</para>
- <note>
- <para>FreeBSD ¤Ë¤Ï <quote>hardware
- accelerated</quote> IPsec ¥¹¥¿¥Ã¥¯¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
- ¤³¤ì¤Ï¡¢<quote>Fast IPsec</quote> ¤È¤·¤ÆÃΤé¤ì¤Æ¤¤¤ë¤â¤Î¤Ç¡¢
- OpenBSD ¤«¤é°Ü¿¢¤µ¤ì¤Þ¤·¤¿¡£
- IPsec ¤Î¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤òºÇŬ²½¤¹¤ë¤¿¤á¤Ë¡¢(ÍøÍѤǤ¤ë¾ì¹ç¤Ë¤Ï)
- &man.crypto.4; ¥µ¥Ö¥·¥¹¥Æ¥à¤ò·Ðͳ¤·¤Æ¡¢
- °Å¹æ¥Ï¡¼¥É¥¦¥§¥¢¤ò»ÈÍѤ·¤Þ¤¹¡£
- ¤³¤Î¥µ¥Ö¥·¥¹¥Æ¥à¤Ï¿·¤·¤¤¤Î¤Ç¡¢¤Þ¤À IPsec ¤Î KAME
- ÈǤÇÍøÍѲÄǽ¤Êµ¡Ç½¤Î¤¹¤Ù¤Æ¤ËÂбþ¤·¤Æ¤¤¤ë¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
- ¤·¤«¤·¤Ê¤¬¤é¡¢hardware-accelerated IPsec ¤ò͸ú¤Ë¤¹¤ë¤¿¤á¤Ë¤Ï¡¢
- ¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤Ë°Ê²¼¤Î¥«¡¼¥Í¥ë¥ª¥×¥·¥ç¥ó¤òÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <indexterm>
- <primary>¥«¡¼¥Í¥ë¥ª¥×¥·¥ç¥ó</primary>
- <secondary>FAST_IPSEC</secondary>
- </indexterm>
-
- <screen>
-options FAST_IPSEC # new IPsec (cannot define w/ IPSEC)
- </screen>
-
- <para>¸½ºß¤Î»þÅÀ¤Ç¤Ï¡¢<quote>Fast IPsec</quote>
- ¥µ¥Ö¥·¥¹¥Æ¥à¤ò IPsec ¤Î KAME ¼ÂÁõ¤Î¤«¤ï¤ê¤Ë»È¤¦¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£
- ¤è¤ê¿¤¯¤Î¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢&man.fast.ipsec.4;
- ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
- </note>
-
- <note>
- <para>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤¬Å¬ÀÚ¤Ë &man.gif.4;
- ¤âÄÉÀפǤ¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
- ¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¤Ë¤ª¤¤¤Æ¡¢
- <option>IPSEC_FILTERGIF</option> ¤ò͸ú¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <screen>
-options IPSEC_FILTERGIF #filter ipsec packets from a tunnel
- </screen>
- </note>
-
<indexterm>
<primary>IPsec</primary>
<secondary>ESP</secondary>
@@ -3485,14 +3444,9 @@ options IPSEC_FILTERGIF #filter ipsec packets from
<secondary>IPSEC</secondary>
</indexterm>
- <indexterm>
- <primary>¥«¡¼¥Í¥ë¥ª¥×¥·¥ç¥ó</primary>
- <secondary>IPSEC_ESP</secondary>
- </indexterm>
-
<screen>
options IPSEC #IP security
-options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
+device crypto
</screen>
<indexterm>
@@ -3519,8 +3473,10 @@ options IPSEC_DEBUG #debug for IP security
</sect2>
<sect2>
- <title>¥·¥Ê¥ê¥ª: ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ËÀܳ¤·¤Æ¤¤¤ë 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤¬
- 1 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤È¤·¤Æ¿¶¤ëÉñ¤¦</title>
+ <title>¥·¥Ê¥ê¥ª: ²ÈÄí¤È²ñ¼Ò¤Î
+ 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤¬¶¦¤Ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ËÀܳ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¤³¤Î 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ò¡¢<acronym>VPN</acronym> ¤Ë¤è¤Ã¤Æ
+ 1 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤è¤¦¤Ë°·¤¨¤ë¤è¤¦¤Ë¤·¤Þ¤¹¡£</title>
<indexterm>
<primary>VPN</primary>
@@ -3534,7 +3490,7 @@ options IPSEC_DEBUG #debug for IP security
<para>¾¯¤Ê¤¯¤È¤â 2 ¤Ä¤Î¥µ¥¤¥È¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
</listitem>
<listitem>
- <para>¤É¤Á¤é¤ÎºÝ¤È¤âÆâÉô¤Ç IP ¤ò»È¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
+ <para>¤É¤Á¤é¤Î¥µ¥¤¥È¤È¤âÆâÉô¤Ç IP ¤ò»È¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
</listitem>
<listitem>
<para>2 ¤Ä¤Î¥µ¥¤¥È¤Ï¡¢FreeBSD ¤Ç±¿ÍѤµ¤ì¤Æ¤¤¤ë¥²¡¼¥È¥¦¥§¥¤¤òÄ̤·¤Æ¡¢
@@ -3547,841 +3503,311 @@ options IPSEC_DEBUG #debug for IP security
<listitem>
<para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÆâÉô¥¢¥É¥ì¥¹¤Ï¡¢
¥Ñ¥Ö¥ê¥Ã¥¯¤Ç¤â¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤Ç¤â¹½¤¤¤Þ¤»¤ó¡£
- ɬÍפǤ¢¤ì¤Ð¡¢¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç
- NAT ¤òÁö¤é¤»¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£</para>
+ IP ¥¢¥É¥ì¥¹¤Ï¾×Æͤ·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢Î¾Êý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤¬
+ <systemitem class="ipaddress">192.168.1.x</systemitem>
+ ¤ò»È¤Ã¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£</para>
</listitem>
- <listitem>
- <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÆâÉô IP ¥¢¥É¥ì¥¹¤Ï¡¢
- <emphasis>¾×Æͤ·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó</emphasis>¡£
- VPN µ»½Ñ¤È NAT ¤òÍѤ¤¤ë¤³¤È¤Ç¡¢ÍýÏÀŪ¤Ë¤Ï¡¢
- ¤½¤Î¤è¤¦¤Ê¤³¤È¤Ï²Äǽ¤È¹Í¤¨¤Þ¤¹¤¬¡¢
- ¤½¤ÎÀßÄê¤Ï°Ì´¤Ç¤·¤ç¤¦¡£</para>
- </listitem>
</itemizedlist>
-
- <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤ò»î¤ß¤¿ºÝ¤Ë¡¢
- ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ÇƱ¤¸ÈϰϤÎÆâÉô IP
- ¥¢¥É¥ì¥¹¤¬»È¤ï¤ì¤Æ¤¤¤ë¤³¤È¤Ëµ¤¤Å¤¤¤¿¤é
- (¤¿¤È¤¨¤Ð¡¢Î¾Êý¤Ç
- <systemitem class="ipaddress">192.168.1.x</systemitem>
- ¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç)¡¢
- ¤É¤Á¤é¤«¤ÎÈÖ¹æ¤ò¿¶¤ê¤Ê¤ª¤¹É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <para>VPN ¤Îʸ½ñ¤Ç¤Ï¡¢Æ±¤¸ ASCII
- ¥¢¡¼¥È¤ò»È¤¦¤³¤È¤¬¥ë¡¼¥ë¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢
- ¤³¤Îʸ½ñ¤Ç¤âÎã³°¤Ç¤Ï¤Ê¤¯Æ±Íͤ˥¢¥¹¥¡¼¥¢¡¼¥È¤òÍѤ¤¤Þ¤¹¡£</para>
-
- <para>¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥Ý¥í¥¸¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ </sect2>
- <screen>
-Network #1 [ Internal Hosts ] Private Net, 192.168.1.2-254
- [ Win9x/NT/2K ]
- [ UNIX ]
- |
- |
- .---[fxp1]---. Private IP, 192.168.1.1
- | FreeBSD |
- `---[fxp0]---' Public IP, A.B.C.D
- |
- |
- -=-=- Internet -=-=-
- |
- |
- .---[fxp0]---. Public IP, W.X.Y.Z
- | FreeBSD |
- `---[fxp1]---' Private IP, 192.168.2.1
- |
- |
-Network #2 [ Internal Hosts ]
- [ Win9x/NT/2K ] Private Net, 192.168.2.2-254
- [ UNIX ]
- </screen>
+ <sect2>
+ <info><title>&os; ¾å¤Ç IPsec ¤òÀßÄꤹ¤ë¡£</title>
+ <authorgroup>
+ <author>
+ <personname>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ </personname>
+ <affiliation>
+ <address><email>trhodes at FreeBSD.org</email></address>
+ </affiliation>
+ <contrib>´ó¹Æ: </contrib>
+ </author>
+ </authorgroup>
+ </info>
- <para>¤Õ¤¿¤Ä¤Î¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤ËÃíÌܤ·¤Æ¤¯¤À¤µ¤¤¡£
- ¤³¤Îʸ½ñ¤Ç¤Ï¡¢¤³¤ì¤é¤Î IP ¥¢¥É¥ì¥¹¤ò»²¾È¤¹¤ëºÝ¤Ë¤Ï¡¢
- ¤³¤ì¤é¤Îʸ»ú¤òÍѤ¤¤Þ¤¹¡£
- ¤³¤Îʸ½ñ¤ÎÃæ¤Ç¡¢¤³¤ì¤é¤Îʸ»ú¤ò¸«¤¿¤é¡¢
- ¤¢¤Ê¤¿¼«¿È¤Î¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤ËÃÖ¤´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£
- ÆâÉô¤Ç¤Ï¡¢2 ¤Ä¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢Î¾Êý¤È¤â .1
- IP ¥¢¥É¥ì¥¹¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£¤½¤·¤Æ¡¢2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¡¢
- °Û¤Ê¤ë¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤ò»È¤Ã¤Æ¤¤¤Þ¤¹
- (¤½¤ì¤¾¤ì <systemitem class="ipaddress">192.168.1.x</systemitem>
- ¤ª¤è¤Ó <systemitem class="ipaddress">192.168.2.x</systemitem>)¡£
- ¥×¥é¥¤¥Ù¡¼¥È¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤¢¤ë¤¹¤Ù¤Æ¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢
- ¥Ç¥Õ¥©¥ë¥È¥²¡¼¥È¥¦¥§¥¤¤È¤·¤Æ¡¢
- <systemitem class="ipaddress">.1</systemitem>
- ¥³¥ó¥Ô¥å¡¼¥¿¤ò»È¤¦¤è¤¦¤ËÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+ <para>ºÇ½é¤Ë Ports Collection ¤«¤é
+ <filename role="package">security/ipsec-tools</filename>
+ ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤³¤Î¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¥½¥Õ¥È¥¦¥§¥¢ packages ¤Ï¡¢
+ ÀßÄê¤ò¥µ¥Ý¡¼¥È¤¹¤ë¿ô¿¤¯¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤òÄ󶡤·¤Þ¤¹¡£</para>
- <para>°Õ¿Þ¤·¤Æ¤¤¤ë¤³¤È¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¤Î´ÑÅÀ¤«¤é¡¢
- ³Æ¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤¢¤ë¥³¥ó¥Ô¥å¡¼¥¿¤ò¡¢
- (»þÀޥѥ±¥Ã¥È¤ò¥É¥í¥Ã¥×¤¹¤ë¤è¤¦¤Ê¤ä¤ä¤æ¤Ã¤¯¤ê¤Ê¥ë¡¼¥¿¤Ç¤Ï¤¢¤ê¤Þ¤¹¤¬)
- Ʊ¤¸¥ë¡¼¥¿¤ËľÀÜÀܳ¤·¤Æ¤¤¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤Ç¤¹¡£</para>
+ <para>¼¡¤Ë¡¢¥Ñ¥±¥Ã¥È¤ò¥È¥ó¥Í¥ê¥ó¥°¤·¡¢
+ ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤¬Å¬ÀÚ¤ËÄÌ¿®¤¹¤ë¤è¤¦¤Ë¡¢
+ 2 ¤Ä¤Î &man.gif.4; µ¿»÷¥Ç¥Ð¥¤¥¹¤òºîÀ®¤·¤Þ¤¹¡£
+ <systemitem class="username">root</systemitem>
+ ¸¢¸Â¤Ç°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤¿¤À¤·¡¢¼Â¹Ô¤¹¤ëºÝ¤Ë¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ÎÃæ¤Î
+ <replaceable>internal</replaceable> ¤ª¤è¤Ó
+ <replaceable>external</replaceable> ¤ò¡¢
+ ¼ÂºÝ¤ÎÆâÉô¤ª¤è¤Ó³°Éô¤Î¥²¡¼¥È¥¦¥§¥¤¤Î¥¢¥É¥ì¥¹¤ËÃÖ¤´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£</para>
- <para>¤³¤ì¤Ï¡¢¤¿¤È¤¨¤Ð¡¢<systemitem
- class="ipaddress">192.168.1.20</systemitem> ¤È¤¤¤¦¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢
- °Ê²¼¤ò¼Â¹Ô¤Ç¤¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
-
- <programlisting>ping 192.168.2.34</programlisting>
-
- <para>Æ©²áŪ¤Ë¤³¤ì¤ÏÆ°¤¯¤Ï¤º¤Ç¤¹¡£
- &windows; ¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢Â¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥³¥ó¥Ô¥å¡¼¥¿¤ò¡¢
- ¥í¡¼¥«¥ë¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥³¥ó¥Ô¥å¡¼¥¿¤ò¸«¤ë¤Î¤È¤Þ¤Ã¤¿¤¯Æ±¤¸¤è¤¦¤Ë¡¢
- ¸«¤ë¤³¤È¤¬¤Ç¤¡¢¶¦Í¥Õ¥¡¥¤¥ë¤ò¸«¤¿¤ê¤Ç¤¤Þ¤¹¡£</para>
+ <screen>&prompt.root; <userinput>ifconfig gif0 create</userinput></screen>
+ <screen>&prompt.root; <userinput>ifconfig gif0 <replaceable>internal1 internal2</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>ifconfig gif0 tunnel <replaceable>external1 external2</replaceable></userinput></screen>
- <para>¤¹¤Ù¤Æ¤Î¤³¤È¤¬°ÂÁ´¤Ë¹Ô¤ï¤ì¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
- ¤³¤ì¤Ï¡¢2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÄÌ¿®¤¬°Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£</para>
+ <para>¤¿¤È¤¨¤Ð¡¢²ñ¼Ò¤Î <acronym>LAN</acronym> ¤Î¸ø³«
+ <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
+ <systemitem class="ipaddress">172.16.5.4</systemitem>¡¢
+ ¥×¥é¥¤¥Ù¡¼¥È <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
+ <systemitem class="ipaddress">10.246.38.1</systemitem>
+ ¤È¤·¤Þ¤¹¡£¤Þ¤¿²ÈÄí
+ <acronym>LAN</acronym> ¤Î¸ø³« <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
+ <systemitem class="ipaddress">192.168.1.12</systemitem>¡¢
+ ÆâÉô¤Î¥×¥é¥¤¥Ù¡¼¥È <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
+ <systemitem class="ipaddress">10.0.0.5</systemitem>
+ ¤È¤·¤Þ¤¹¡£</para>
- <para>¤³¤ì¤é¤Î 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ë VPN
- ¤ò¹½ÃÛ¤¹¤ë¤Ë¤ÏÊ£¿ô¤Î¥×¥í¥»¥¹¤¬É¬ÍפȤʤê¤Þ¤¹¡£
- ³Æ¥¹¥Æ¡¼¥¸¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ <para>¤³¤ÎÀâÌÀ¤Ç¤Ïʬ¤«¤ê¤Ë¤¯¤¤¤Î¤Ç¡¢°Ê²¼¤Î
+ &man.ifconfig.8; ¥³¥Þ¥ó¥É¤Î½ÐÎÏÎã¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
- <orderedlist>
- <listitem>
- <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ò·Ðͳ¤·¤Æ¡¢
- <quote>virtual</quote>
- ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥ê¥ó¥¯¤òºîÀ®¤·¤Þ¤¹¡£
- ¤½¤ì¤¬Å¬ÀÚ¤ËÆ°¤¤¤Æ¤¤¤ë¤³¤È¤ò &man.ping.8;
- ¤Î¤è¤¦¤Ê¥Ä¡¼¥ë¤ò»È¤Ã¤Æ¡¢»î¸³¤ò¹Ô¤¤¤Þ¤¹¡£</para>
- </listitem>
+ <programlisting>Gateway 1:
+gif0: flags=8051 mtu 1280
+tunnel inet 172.16.5.4 --> 192.168.1.12
+inet6 fe80::2e0:81ff:fe02:5881%gif0 prefixlen 64 scopeid 0x6
+inet 10.246.38.1 --> 10.0.0.5 netmask 0xffffff00
- <listitem>
- <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ç¡¢
- ɬÍפ˱þ¤¸¤ÆÆ©²áŪ¤Ë°Å¹æ²½¡¢
- Éü¹æ²½¤òÊݾڤ¹¤ë¤è¤¦¤Ë¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤òŬÍѤ·¤Þ¤¹¡£
- &man.tcpdump.1; ¤Î¤è¤¦¤Ê¥Ä¡¼¥ë¤ò»È¤Ã¤Æ¡¢
- ÄÌ¿®¤¬°Å¹æ²½¤µ¤ì¤Æ¤¤¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£</para>
- </listitem>
- <listitem>
- <para>FreeBSD ¥²¡¼¥È¥¦¥§¥¤¤Ë¤Æ¡¢&windows; ¤Î¥³¥ó¥Ô¥å¡¼¥¿¤¬ VPN
- ¤òÄ̤·¤Æ¾¤Î¥³¥ó¥Ô¥å¡¼¥¿¤ò¸«¤ë¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤ËÄɲäΥ½¥Õ¥È¥¦¥§¥¢¤òÀßÄꤷ¤Þ¤¹¡£</para>
- </listitem>
- </orderedlist>
+Gateway 2:
- <sect3>
- <title>¥¹¥Æ¥Ã¥× 1: <quote>virtual</quote>
- ¥Í¥Ã¥È¥ï¡¼¥¯¥ê¥ó¥¯¤ÎºîÀ®</title>
+gif0: flags=8051 mtu 1280
+tunnel inet 192.168.1.12 --> 172.16.5.4
+inet 10.0.0.5 --> 10.246.38.1 netmask 0xffffff00
+inet6 fe80::250:bfff:fe3a:c1f%gif0 prefixlen 64 scopeid 0x4</programlisting>
- <para>¥Í¥Ã¥È¥ï¡¼¥¯ #1
- ¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ë¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£
- ¤³¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Î¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤Ï
- <systemitem class="ipaddress">A.B.C.D</systemitem>¡¢
- ¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤Ï
- <systemitem class="ipaddress">192.168.1.1</systemitem> ¤Ç¤¹¡£
- <systemitem class="ipaddress">W.X.Y.Z</systemitem>
- ¤Î IP ¥¢¥É¥ì¥¹¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Î¥×¥é¥¤¥Ù¡¼¥È¥¢¥É¥ì¥¹¤ËÂФ·
- <command>ping 192.168.2.1</command>
- ¤ò¼Â¹Ô¤·¤¿¤È¤·¤Þ¤¹¡£
- ¤³¤Î¥³¥Þ¥ó¥É¤¬À®¸ù¤¹¤ë¤Ë¤Ï²¿¤¬É¬ÍפǤ·¤ç¤¦¤«¡©</para>
+ <para>ÀßÄ꤬´°Î»¤·¤¿¤é¡¢Î¾Êý¤Î¥×¥é¥¤¥Ù¡¼¥È <acronym>IP</acronym> ¤Ï¡¢
+ °Ê²¼¤Î½ÐÎϤΤ褦¤Ë &man.ping.8;
+ ¥³¥Þ¥ó¥É¤ÇÅþã¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Ï¤º¤Ç¤¹¡£</para>
- <orderedlist>
- <listitem>
- <para>¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢¤É¤Î¤è¤¦¤Ë
- <systemitem class="ipaddress">192.168.2.1</systemitem>
- ¤Ë㤹¤ë¤«¤òÃΤäƤ¤¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
- ¸À¤¤´¹¤¨¤ë¤È¡¢
- <systemitem class="ipaddress">192.168.2.1</systemitem>
- ¤Ø¤Î·ÐÏ©¤òÃΤäƤ¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
- </listitem>
- <listitem>
- <para>
- <systemitem class="ipaddress">192.168.x</systemitem>
- ¤Î¤è¤¦¤ÊÈϰϤΥץ饤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤Ï¹¤¤¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ç¤Ï¡¢
- »È¤ï¤ì¤ë¤³¤È¤ÏÁÛÄꤵ¤ì¤Æ¤¤¤Þ¤»¤ó¡£
- ¤½¤Î¤«¤ï¤ê¡¢
- <systemitem class="ipaddress">192.168.2.1</systemitem>
- ¤ËÁ÷¿®¤·¤¿³Æ¥Ñ¥±¥Ã¥È¤Ï¡¢Â¾¤Î¥Ñ¥±¥Ã¥È¤ËÊñ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¤³¤Î¥Ñ¥±¥Ã¥È¤Ï <systemitem class="ipaddress">A.B.C.D</systemitem>
- ¤«¤é¡¢
- <systemitem class="ipaddress">W.X.Y.Z</systemitem>
- ¤Ø¤ÈÁ÷¤é¤ì¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¤³¤Î¥×¥í¥»¥¹¤Ï¡¢
- <firstterm>¥«¥×¥»¥ë²½</firstterm>
- ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£</para>
- </listitem>
- <listitem>
- <para>¤³¤Î¥Ñ¥±¥Ã¥È¤¬
- <systemitem class="ipaddress">W.X.Y.Z</systemitem> ¤ËÆϤ¯¤È¡¢
- <quote>È󥫥ץ»¥ë²½</quote> ¤µ¤ì¡¢
- <systemitem class="ipaddress">192.168.2.1</systemitem>
- ¤ËÁ÷¿®¤µ¤ì¤Þ¤¹¡£</para>
- </listitem>
- </orderedlist>
+ <programlisting>priv-net# ping 10.0.0.5
+PING 10.0.0.5 (10.0.0.5): 56 data bytes
+64 bytes from 10.0.0.5: icmp_seq=0 ttl=64 time=42.786 ms
+64 bytes from 10.0.0.5: icmp_seq=1 ttl=64 time=19.255 ms
+64 bytes from 10.0.0.5: icmp_seq=2 ttl=64 time=20.440 ms
+64 bytes from 10.0.0.5: icmp_seq=3 ttl=64 time=21.036 ms
+--- 10.0.0.5 ping statistics ---
+4 packets transmitted, 4 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 19.255/25.879/42.786/9.782 ms
- <para>¤³¤ì¤Ï¡¢2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ç¡¢ <quote>tunnel</quote>
- ¤¬É¬ÍפȤ¤¤¦¤³¤È¤ò¼¨¤·¤Æ¤¤¤Þ¤¹¡£Æó¤Ä¤Î <quote>¥È¥ó¥Í¥ë¥Þ¥¦¥¹</quote> ¤Ï¡¢
- IP ¥¢¥É¥ì¥¹
- <systemitem class="ipaddress">A.B.C.D</systemitem> ¤È
- <systemitem class="ipaddress">W.X.Y.Z</systemitem>
- ¤Ç¤¹¡£
- ¤½¤·¤Æ¡¢¥È¥ó¥Í¥ë¤Ï¡¢¤³¤ì¤ò¥Ñ¥¹¥¹¥ë¡¼¤¹¤ë¤³¤È¤òµöÍƤ¹¤ë¥×¥é¥¤¥Ù¡¼¥È
- IP ¥¢¥É¥ì¥¹¤Î¥¢¥É¥ì¥¹¤¬»ØÄꤵ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¥È¥ó¥Í¥ë¤Ï¡¢¥Ñ¥Ö¥ê¥Ã¥¯¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ò·Ðͳ¤·¤Æ¡¢
- ¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤ÇÁ÷¿®¤¹¤ë»þ¤Ë»È¤ï¤ì¤Þ¤¹¡£</para>
+corp-net# ping 10.246.38.1
+PING 10.246.38.1 (10.246.38.1): 56 data bytes
+64 bytes from 10.246.38.1: icmp_seq=0 ttl=64 time=28.106 ms
+64 bytes from 10.246.38.1: icmp_seq=1 ttl=64 time=42.917 ms
+64 bytes from 10.246.38.1: icmp_seq=2 ttl=64 time=127.525 ms
+64 bytes from 10.246.38.1: icmp_seq=3 ttl=64 time=119.896 ms
+64 bytes from 10.246.38.1: icmp_seq=4 ttl=64 time=154.524 ms
+--- 10.246.38.1 ping statistics ---
+5 packets transmitted, 5 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 28.106/94.594/154.524/49.814 ms</programlisting>
- <para>¤³¤Î¥È¥ó¥Í¥ë¤Ï¡¢°ìÈÌŪ¤Ê¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤â¤·¤¯¤Ï¡¢FreeBSD ¤Ç¤Ï
- gif ¥Ç¥Ð¥¤¥¹¤ÇºîÀ®¤µ¤ì¤Þ¤¹¡£
- ÁÛÁüÄ̤ꡢ³Æ¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Î gif
- ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ï¡¢4 ¤Ä¤Î IP ¥¢¥É¥ì¥¹¤ÇÀßÄꤵ¤ì¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
- 2 ¤Ä¤Ï¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤Ç¡¢
- 2 ¤Ä¤Ï¥×¥é¥¤¥Ù¡¼¥È¤Î IP ¥¢¥É¥ì¥¹¤Ç¤¹¡£</para>
+ <para>ͽÁÛÄ̤ꡢ¥×¥é¥¤¥Ù¡¼¥È¥¢¥É¥ì¥¹¤ò»È¤Ã¤Æ¡¢
+ ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é <acronym>ICMP</acronym>
+ ¥Ñ¥±¥Ã¥È¤òÁ÷¼õ¿®¤Ç¤¤Þ¤¹¡£
+ ¼¡¤Ë¡¢¤É¤Á¤é¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é¤â¥á¥Ã¥»¡¼¥¸¤òÁ÷¿®¤Ç¤¤ë¤è¤¦¤Ë¡¢
+ ¥Ñ¥±¥Ã¥È¤Î¥ë¡¼¥Æ¥£¥ó¥°¾ðÊó¤ò
+ ξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¤ËÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤ì¤Ï°Ê²¼¤Î¥³¥Þ¥ó¥É¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£</para>
- <para>ξÊý¤Î &os; ¥«¡¼¥Í¥ë¤Ç
- gif ¥Ç¥Ð¥¤¥¹¤Î¥µ¥Ý¡¼¥È¤òÁȤßÆþ¤ì¤Æ¥³¥ó¥Ñ¥¤¥ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- °Ê²¼¤Î¹Ô¤ò²Ã¤¨¤ë¤³¤È¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£</para>
+ <screen>&prompt.root; <userinput>corp-net# route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>corp-net# route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput></screen>
- <programlisting>device gif</programlisting>
+ <screen>&prompt.root; <userinput>priv-net# route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>priv-net# route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen>
- <para>ξÊý¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Î¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤Ë¾åµ¤Î¹Ô¤ò²Ã¤¨¡¢
- ¥³¥ó¥Ñ¥¤¥ë¡¢¥¤¥ó¥¹¥È¡¼¥ë¤·¡¢Ä̾ïÄ̤êºÆµ¯Æ°¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
-
- <para>¥È¥ó¥Í¥ë¤ÎÀßÄê¤Ï 2 ¤Ä¤Î¥×¥í¥»¥¹¤Ç¹Ô¤¤¤Þ¤¹¡£
- ºÇ½é¤Ï¡¢&man.ifconfig.8; ¤ò»È¤Ã¤Æ¡¢
- ³°Éô (¥Ñ¥Ö¥ê¥Ã¥¯) IP ¥¢¥É¥ì¥¹¤òÀßÄꤹ¤ë¤·¤Þ¤¹¡£
- ¤½¤Î¸å¡¢¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤ò
- &man.ifconfig.8; ¤ò»È¤Ã¤ÆÀßÄꤷ¤Þ¤¹¡£</para>
-
- <para>¥Í¥Ã¥È¥ï¡¼¥¯ #1
- ¤Ë¤¢¤ë¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥È¥ó¥Í¥ë¤òºîÀ®¤·¤Þ¤¹¡£</para>
+ <para>¤³¤ì¤Ç¡¢¥Í¥Ã¥È¥ï¡¼¥¯Æâ¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢
+ ¥²¡¼¥È¥¦¥§¥¤¤ª¤è¤Ó¥²¡¼¥È¥¦¥§¥¤¤Î±ü¤Î¥³¥ó¥Ô¥å¡¼¥¿¤«¤éÅþã²Äǽ¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
+ °Ê²¼¤ÎÎã¤Ç¡¢´Êñ¤Ë³Îǧ¤Ç¤¤Þ¤¹¡£</para>
- <screen>&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> create</userinput>
-&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> tunnel <replaceable>A.B.C.D</replaceable> <replaceable>W.X.Y.Z</replaceable></userinput>
-&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> inet <replaceable>192.168.1.1</replaceable> <replaceable>192.168.2.1</replaceable> netmask <replaceable>0xffffffff</replaceable></userinput>
- </screen>
+ <programlisting>corp-net# ping 10.0.0.8
+PING 10.0.0.8 (10.0.0.8): 56 data bytes
+64 bytes from 10.0.0.8: icmp_seq=0 ttl=63 time=92.391 ms
+64 bytes from 10.0.0.8: icmp_seq=1 ttl=63 time=21.870 ms
+64 bytes from 10.0.0.8: icmp_seq=2 ttl=63 time=198.022 ms
+64 bytes from 10.0.0.8: icmp_seq=3 ttl=63 time=22.241 ms
+64 bytes from 10.0.0.8: icmp_seq=4 ttl=63 time=174.705 ms
+--- 10.0.0.8 ping statistics ---
+5 packets transmitted, 5 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 21.870/101.846/198.022/74.001 ms
- <para>¤â¤¦ÊÒÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¡¢
- IP ¥¢¥É¥ì¥¹¤Î½ç¤òµÕ¤Ë¤·¤ÆƱ¤¸¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£</para>
+priv-net# ping 10.246.38.107
+PING 10.246.38.1 (10.246.38.107): 56 data bytes
+64 bytes from 10.246.38.107: icmp_seq=0 ttl=64 time=53.491 ms
+64 bytes from 10.246.38.107: icmp_seq=1 ttl=64 time=23.395 ms
+64 bytes from 10.246.38.107: icmp_seq=2 ttl=64 time=23.865 ms
+64 bytes from 10.246.38.107: icmp_seq=3 ttl=64 time=21.145 ms
+64 bytes from 10.246.38.107: icmp_seq=4 ttl=64 time=36.708 ms
+--- 10.246.38.107 ping statistics ---
+5 packets transmitted, 5 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 21.145/31.721/53.491/12.179 ms</programlisting>
- <screen>&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> create</userinput>
-&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> tunnel <replaceable>W.X.Y.Z</replaceable> <replaceable>A.B.C.D</replaceable></userinput>
-&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> inet <replaceable>192.168.2.1</replaceable> <replaceable>192.168.1.1</replaceable> netmask <replaceable>0xffffffff</replaceable></userinput>
- </screen>
+ <para>¥È¥ó¥Í¥ê¥ó¥°¤ÎÀßÄê¤Ï°Ê¾å¤Î¤è¤¦¤Ë´Êñ¤Ç¤¹¤¬¡¢
+ ¥ê¥ó¥¯¤ò°ÂÁ´¤Ë¤¹¤ë¤Ë¤Ï¡¢¤â¤¦¾¯¤··¡¤ê²¼¤²¤¿ÀßÄ꤬ɬÍפȤʤê¤Þ¤¹¡£
+ °Ê²¼¤ÎÀßÄê¤Ç¤Ï¡¢»öÁ°¶¦Í (<acronym>PSK</acronym>)
+ <acronym>RSA</acronym> ¸°¤ò»È¤¤¤Þ¤¹¡£
+ <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò½ü¤±¤Ð¡¢Î¾Êý¤Î
+ <filename>/usr/local/etc/racoon/racoon.conf</filename>
+ ¥Õ¥¡¥¤¥ë¤ÏƱ¤¸¤Ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
- <para>°Ê²¼¤ò¼Â¹Ô¤·¤Æ¡¢ÀßÄê¤ò³Îǧ¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
-
- <programlisting>ifconfig gif0</programlisting>
-
- <para>¤¿¤È¤¨¤Ð¡¢¥Í¥Ã¥È¥ï¡¼¥¯ #1 ¤Î¥²¡¼¥È¥¦¥§¥¤¤Ë¤ª¤¤¤Æ¤Ï¡¢
- °Ê²¼¤Î¤è¤¦¤Ë³Îǧ¤Ç¤¤Þ¤¹¡£</para>
-
- <screen>&prompt.root; <userinput>ifconfig gif0</userinput>
-gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
- tunnel inet A.B.C.D --> W.X.Y.Z
- inet 192.168.1.1 --> 192.168.2.1 netmask 0xffffffff
- </screen>
+ <programlisting>path pre_shared_key "/usr/local/etc/racoon/psk.txt"; #location of pre-shared key file
+log debug; #log verbosity setting: set to 'notify' when testing and debugging is complete
- <para>½ÐÎϤ«¤é¤ï¤«¤ë¤è¤¦¤Ë¡¢
- ʪÍý¥¢¥É¥ì¥¹
- <systemitem class="ipaddress">A.B.C.D</systemitem> ¤È
- <systemitem class="ipaddress">W.X.Y.Z</systemitem>
- ¤Î´Ö¤Ë¥È¥ó¥Í¥ë¤¬ºîÀ®¤µ¤ì¡¢
- <systemitem class="ipaddress">192.168.1.1</systemitem> ¤È
- <systemitem class="ipaddress">192.168.2.1</systemitem>
- ¤Î´Ö¤ÎÄÌ¿®¤¬¥È¥ó¥Í¥ë¤Çµö²Ä¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
-
- <para>ξÊý¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Î¥ë¡¼¥Æ¥£¥ó¥°¥Æ¡¼¥Ö¥ë¤Ë¥¨¥ó¥È¥ê¤¬Äɲ䵤ì¤Þ¤·¤¿¡£
- <command>netstat -rn</command> ¤Ç³Îǧ¤Ç¤¤Þ¤¹¡£
- ¥Í¥Ã¥È¥ï¡¼¥¯ #1
- ¤Î¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Ç¤Î½ÐÎϤϰʲ¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-
- <screen>&prompt.root; <userinput>netstat -rn</userinput>
-Routing tables
-
-Internet:
-Destination Gateway Flags Refs Use Netif Expire
-...
-192.168.2.1 192.168.1.1 UH 0 0 gif0
-...
- </screen>
+padding # options are not to be changed
+{
+ maximum_length 20;
+ randomize off;
+ strict_check off;
+ exclusive_tail off;
+}
- <para><quote>Flags</quote> ¤ÎÃͤ¬¼¨¤¹¤è¤¦¤Ë¡¢
- ¤³¤ì¤Ï¥Û¥¹¥È¤Î¥ë¡¼¥È¤Ç¡¢
- ³Æ¥²¡¼¥È¥¦¥§¥¤¤Ï¾¤Î¥²¡¼¥È¥¦¥§¥¤¤È¤É¤Î¤è¤¦¤ËÄÌ¿®¤¹¤ì¤ÐÎɤ¤¤«¤òÃΤäƤ¤¤Þ¤¹¤¬¡¢
- ¾¤Î´ØÏ¢¤¹¤ë¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤ÎÄÌ¿®¤òÃΤé¤Ê¤¤¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£
- ¤³¤ÎÌäÂê¤Ï¡¢¤¹¤°¤Ë²ò·è¤µ¤ì¤Þ¤¹¡£</para>
+timer # timing options. change as needed
+{
+ counter 5;
+ interval 20 sec;
+ persend 1;
+# natt_keepalive 15 sec;
+ phase1 30 sec;
+ phase2 15 sec;
+}
- <para>ξÊý¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ç¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òÀßÄꤷ¤Æ¤¤¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
- VPN ¥È¥é¥Õ¥£¥Ã¥¯¤Î¤¿¤á¤Ë¤Ï¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò±ª²ó¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Î¤¹¤Ù¤Æ¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òµö²Ä¤¹¤ë¤«¡¢VPN
- ¤ÎËöü¤ò¤ª¸ß¤¤Êݸ¤ë¤è¤¦¤Ê¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥ë¡¼¥ë¤òÄɲä·¤¿¤¤¤È»×¤¦¤Ç¤·¤ç¤¦¡£</para>
+listen # address [port] that racoon will listening on
+{
+ isakmp 172.16.5.4 [500];
+ isakmp_natt 172.16.5.4 [4500];
+}
- <para>¤¹¤Ù¤Æ¤Î VPN
- ¤ò·Ðͳ¤¹¤ë¥È¥é¥Õ¥£¥Ã¥¯¤òµöÍƤ¹¤ë¤è¤¦¤Ê¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òÀßÄꤹ¤ë¤È¡¢
- ¥Æ¥¹¥È¤òÂ礤¯´Êά²½¤Ç¤¤Þ¤¹¡£
- ¸å¤Ç¤¤¤Ä¤Ç¤â¡¢¥»¥¥å¥ê¥Æ¥£¤ò¶¯²½¤Ç¤¤Þ¤¹¡£
- ¤â¤·¡¢¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç &man.ipfw.8; ¤òÍѤ¤¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢
- °Ê²¼¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤Ç¡¢
- ¾¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥ë¡¼¥ë¤Ë±Æ¶Á¤¹¤ë¤³¤È¤Ê¤¯¡¢
- VPN ¤ÎËöü¤Î´Ö¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òµö²Ä¤·¤Þ¤¹¡£</para>
+remote 192.168.1.12 [500]
+{
+ exchange_mode main,aggressive;
+ doi ipsec_doi;
+ situation identity_only;
+ my_identifier address 172.16.5.4;
+ peers_identifier address 192.168.1.12;
+ lifetime time 8 hour;
+ passive off;
+ proposal_check obey;
+# nat_traversal off;
+ generate_policy off;
- <programlisting>ipfw add 1 allow ip from any to any via gif0</programlisting>
+ proposal {
+ encryption_algorithm blowfish;
+ hash_algorithm md5;
+ authentication_method pre_shared_key;
+ lifetime time 30 sec;
+ dh_group 1;
+ }
+}
- <para>ξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¤³¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+sainfo (address 10.246.38.0/24 any address 10.0.0.0/24 any) # address $network/$netmask $type address $network/$netmask $type ( $type being any or esp)
+{ # $network must be the two internal networks you are joining.
+ pfs_group 1;
+ lifetime time 36000 sec;
+ encryption_algorithm blowfish,3des,des;
+ authentication_algorithm hmac_md5,hmac_sha1;
+ compression_algorithm deflate;
+}</programlisting>
- <para>³Æ¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¾¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤ËÂФ·¤Æ¡¢
- ping ¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ì¤Ð½½Ê¬¤Ç¤¹¡£
- <systemitem class="ipaddress">192.168.1.1</systemitem>
- ¤Ë¤ª¤¤¤Æ¡¢°Ê²¼¤ò¼Â¹Ô¤¬²Äǽ¤Ç</para>
-
- <programlisting>ping 192.168.2.1</programlisting>
-
- <para>¤½¤·¤Æ¡¢¥ì¥¹¥Ý¥ó¥¹¤ò¼õ¤±¼è¤ì¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- Ʊ¤¸¤³¤È¤ò¾¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¼Â¹Ô¤Ç¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <para>¤·¤«¤·¤Ê¤¬¤é¡¢³Æ¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÆâÉô¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ë¥¢¥¯¥»¥¹¤Ï¤Þ¤À¤Ç¤¤Þ¤»¤ó¡£
- ¤³¤ì¤Ï¡¢
- ¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤¬¤ª¸ß¤¤¤Ë¥¢¥¯¥»¥¹¤¹¤ëÊýË¡¤òÃΤäƤ¤¤ë¤¬¡¢
- ³Æ¥²¡¼¥È¥¦¥§¥¤¤Î±ü¤Ë¤¢¤ë¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¥¢¥¯¥»¥¹¤¹¤ëÊýË¡¤òÃΤé¤Ê¤¤¤È¤¤¤¦¡¢
- ¥ë¡¼¥Æ¥£¥ó¥°¤Ëµ¯°ø¤·¤Æ¤¤¤Þ¤¹¡£</para>
+ <para>¾å¤ÎÎã¤Çɽ¼¨¤µ¤ì¤Æ¤¤¤ë¥ª¥×¥·¥ç¥ó¤ä¡¢
+ ¤¹¤Ù¤Æ¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ä¤¤¤ÆÀâÌÀ¤¹¤ë¤³¤È¤Ï¡¢ËÜʸ½ñ¤ÎÈϰϤòĶ¤¨¤Æ¤¤¤Þ¤¹¡£
+ <application>racoon</application> ¤ÎÀßÄê¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤Ë¤Ï¡¢
+ ´ØÏ¢¤¹¤ë¤¿¤¯¤µ¤ó¤Î¾ðÊ󤬽ñ¤«¤ì¤Æ¤¤¤Þ¤¹¡£</para>
- <para>¤³¤ÎÌäÂê¤ò²ò·è¤¹¤ë¤Ë¤Ï¡¢
- ÀÅŪ¥ë¡¼¥È¤ò³Æ¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤ËÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¤³¤Î¤¿¤á¤ËºÇ½é¤Î¥²¡¼¥È¥¦¥§¥¤¤Ç¹Ô¤¦¥³¥Þ¥ó¥É¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ <para>&os; ¤ª¤è¤Ó <application>racoon</application>
+ ¤¬¥Û¥¹¥È´Ö¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥È¥é¥Õ¥£¥Ã¥¯¤ò°Å¹æ²½¡¢
+ Éü¹æ²½¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+ <acronym>SPD</acronym> ¥Ý¥ê¥·¤ÎÀßÄ꤬ɬÍפǤ¹¡£</para>
- <programlisting>route add 192.168.2.0 192.168.2.1 netmask 0xffffff00
- </programlisting>
+ <para>¤³¤Î¥Ý¥ê¥·¤Ï¡¢
+ °Ê²¼¤Î¤è¤¦¤Ê´Êñ¤Ê¥·¥§¥ë¥¹¥¯¥ê¥×¥È¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
+ °Ê²¼¤Ï²ñ¼Ò¤Î¥²¡¼¥È¥¦¥§¥¤¤ÎÎã¤Ç¤¹¡£
+ ¤³¤Î¥Õ¥¡¥¤¥ë¤ò¥·¥¹¥Æ¥à¤Î½é´ü²½Ãæ¤Ë»È¤ï¤ì¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+ <filename>/usr/local/etc/racoon/setkey.conf</filename>
+ ¤ËÊݸ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
- <para>¤³¤Î¥³¥Þ¥ó¥É¤Î°ÕÌ£¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯
- <quote><systemitem class="ipaddress">192.168.2.0</systemitem>
- ¤Î¥Û¥¹¥È¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤Ë¤Ï¡¢¥Ñ¥±¥Ã¥È¤ò
- <systemitem class="ipaddress">192.168.2.1</systemitem>
- ¤Î¥Û¥¹¥È¤ËÁ÷¤ë</quote> ¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£
- ¤â¤¦ÊÒÊý¤Î¥²¡¼¥È¥¦¥§¥¤¤Ç¤Ï¡¢Æ±ÍͤΥ³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¤½¤Î¾ì¹ç¤Ë¤Ï¡¢¤«¤ï¤ê¤Ë¡¢
- <systemitem class="ipaddress">192.168.1.x</systemitem>
- ¥¢¥É¥ì¥¹¤ò»È¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
+<programlisting>flush;
+spdflush;
+# To the home network
+spdadd 10.246.38.0/24 10.0.0.0/24 any -P out ipsec esp/tunnel/172.16.5.4-192.168.1.12/use;
+spdadd 10.0.0.0/24 10.246.38.0/24 any -P in ipsec esp/tunnel/192.168.1.12-172.16.5.4/use;</programlisting>
- <para>¤³¤ì¤Ç¡¢ÊÒÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¥Û¥¹¥È¤«¤é¤Î IP ¥È¥é¥Õ¥£¥Ã¥¯¤Ï¡¢
- ¤â¤¦ÊÒÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¥Û¥¹¥È¤ËÆϤ¯¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ <para>ÀßÄê¥Õ¥¡¥¤¥ë¤òŬÀÚ¤ËÃÖ¤¯¤È¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤Ë¤è¤ê¡¢
+ ξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¾å¤Ç <application>racoon</application>
+ ¤òµ¯Æ°¤Ç¤¤Þ¤¹¡£</para>
- <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Î
- <quote>virtual</quote> ¤ª¤è¤Ó
- <quote>network</quote> ¤Ë¤Ä¤¤¤Æ¹½ÃۤǤ¤¿¤Î¤Ç¡¢
- VPN ¤Ë¤Ä¤¤¤Æ¡¢2/3 ¤¬¹½ÃÛ¤µ¤ì¤Þ¤·¤¿¡£»Ä¤ê¤Ï private ¤Ç¤¹¡£
- &man.ping.8; ¤ª¤è¤Ó &man.tcpdump.1; ¤ò»È¤Ã¤Æ»î¸³¤Ç¤¤Þ¤¹¡£
- ¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Ë¥í¥°¥¤¥ó¤·¤Æ°Ê²¼¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
-
- <programlisting>tcpdump dst host 192.168.2.1</programlisting>
+ <screen>&prompt.root; <userinput>/usr/local/sbin/racoon -F -f /usr/local/etc/racoon/racoon.conf -l /var/log/racoon.log</userinput></screen>
- <para>Ʊ¤¸¥Û¥¹¥È¤Î¾¤Î¥í¥°¥¤¥ó¥»¥Ã¥·¥ç¥ó¤Ç¡¢
- °Ê²¼¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+ <para>½ÐÎϤϰʲ¼¤Î¤è¤¦¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£</para>
- <programlisting>ping 192.168.2.1</programlisting>
+ <programlisting>corp-net# /usr/local/sbin/racoon -F -f /usr/local/etc/racoon/racoon.conf
+Foreground mode.
+2006-01-30 01:35:47: INFO: begin Identity Protection mode.
+2006-01-30 01:35:48: INFO: received Vendor ID: KAME/racoon
+2006-01-30 01:35:55: INFO: received Vendor ID: KAME/racoon
+n2006-01-30 01:36:04: INFO: ISAKMP-SA established 172.16.5.4[500]-192.168.1.12[500] spi:623b9b3bd2492452:7deab82d54ff704a
+2006-01-30 01:36:05: INFO: initiate new phase 2 negotiation: 172.16.5.4[0]192.168.1.12[0]
+2006-01-30 01:36:09: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.12[0]->172.16.5.4[0] spi=28496098(0x1b2d0e2)
+2006-01-30 01:36:09: INFO: IPsec-SA established: ESP/Tunnel 172.16.5.4[0]->192.168.1.12[0] spi=47784998(0x2d92426)
+2006-01-30 01:36:13: INFO: respond new phase 2 negotiation: 172.16.5.4[0]192.168.1.12[0]
+2006-01-30 01:36:18: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.12[0]->172.16.5.4[0] spi=124397467(0x76a279b)
+2006-01-30 01:36:18: INFO: IPsec-SA established: ESP/Tunnel 172.16.5.4[0]->192.168.1.12[0] spi=175852902(0xa7b4d66)</programlisting>
- <para>°Ê²¼¤Î¤è¤¦¤Ê½ÐÎϤ¬É½¼¨¤µ¤ì¤Þ¤¹¡£</para>
-
- <programlisting>
-16:10:24.018080 192.168.1.1 > 192.168.2.1: icmp: echo request
-16:10:24.018109 192.168.1.1 > 192.168.2.1: icmp: echo reply
-16:10:25.018814 192.168.1.1 > 192.168.2.1: icmp: echo request
-16:10:25.018847 192.168.1.1 > 192.168.2.1: icmp: echo reply
-16:10:26.028896 192.168.1.1 > 192.168.2.1: icmp: echo request
-16:10:26.029112 192.168.1.1 > 192.168.2.1: icmp: echo reply
- </programlisting>
+ <para>¥È¥ó¥Í¥ê¥ó¥°¤¬Å¬Àڤ˹Ԥï¤ì¤Æ¤¤¤ë¤«¤É¤¦¤«¤ò³Îǧ¤¹¤ë¤¿¤á¡¢
+ Ê̤Υ³¥ó¥½¡¼¥ë¾å¤Ç &man.tcpdump.1; ¤ò»È¤¤¡¢
+ °Ê²¼¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤Ç¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÄÌ¿®¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤¿¤À¤·¡¢°Ê²¼¤ÎÎã¤Î <literal>em0</literal> ¤ÎÉôʬ¤Ï¡¢
+ ɬÍפ˱þ¤¸¤Æ»ÈÍѤ·¤Æ¤¤¤ë¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ËÃÖ¤´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£</para>
- <para>¤³¤Î½ÐÎϤ«¤é¤ï¤«¤ë¤è¤¦¤Ë¡¢ICMP ¥á¥Ã¥»¡¼¥¸¤¬Ìá¤ê¡¢
- Éü¹æ²½¤µ¤ì¤Þ¤¹¡£
- &man.tcpdump.1; ¤Ë <option>-s</option> ¥Ñ¥é¥á¡¼¥¿¤òÍѤ¤¤ë¤È¡¢
- ¥Ñ¥±¥Ã¥È¤«¤é¿¤¯¤Î¥Ç¡¼¥¿¤òÊᤨ¡¢
- ¤è¤ê¿¤¯¤Î¾ðÊó¤òÆÀ¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
+ <screen>&prompt.root; <userinput>tcpdump -i em0 host <replaceable>172.16.5.4 and dst 192.168.1.12</replaceable></userinput></screen>
- <para>ÌÀ¤é¤«¤Ë¤³¤ì¤Ï¡¢¼õ¤±Æþ¤ì¤é¤ì¤ë¤â¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
- ¼¡¤ÎÀá¤Ç¤Ï¡¢2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Î¥ê¥ó¥¯¤Ë¤Ä¤¤¤Æ¡¢
- ¤¹¤Ù¤Æ¤ÎÄÌ¿®¤¬¼«Æ°Åª¤Ë°Å¹æ²½¤µ¤ì¤ë¤è¤¦¤Ë°ÂÁ´¤Ë¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£</para>
+ <para>°Ê²¼¤Î¤è¤¦¤Ê¥Ç¡¼¥¿¤¬¥³¥ó¥½¡¼¥ë¤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£
+ ¤â¤·¡¢É½¼¨¤µ¤ì¤Ê¤¤¾ì¹ç¤Ï¡¢ÀßÄê¤Ë²¿¤«ÌäÂ꤬¤¢¤ë¤Î¤Ç¡¢
+ ɽ¼¨¤µ¤ì¤ë¥Ç¡¼¥¿¤ò»È¤Ã¤Æ¥Ç¥Ð¥Ã¥°¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
- <itemizedlist>
- <title>¤Þ¤È¤á</title>
- <listitem>
- <para>ξÊý¤Î¥«¡¼¥Í¥ë¤ò <quote>device gif</quote>
- ¤Ç¹½ÃÛ¤·¤Þ¤¹¡£</para>
- </listitem>
- <listitem>
- <para>¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È #1 ¤Î <filename>/etc/rc.conf</filename>
- ¤òÊÔ½¸¤·¤Æ¡¢°Ê²¼¤Î¹Ô¤ò (ɬÍפ˱þ¤¸¤Æ IP ¥¢¥É¥ì¥¹¤òÊѹ¹¤·¤Æ)
- Äɲä·¤Þ¤¹¡£</para>
- <programlisting>gif_interfaces="gif0"
-gifconfig_gif0="A.B.C.D W.X.Y.Z"
-ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff"
-static_routes="vpn"
-route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00"
- </programlisting>
- </listitem>
- <listitem>
- <para>ξÊý¤Î¥Û¥¹¥È¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥¹¥¯¥ê¥×¥È
- (<filename>/etc/rc.firewall</filename> ¤Ê¤É)
- ¤òÊÔ½¸¤·¤Æ°Ê²¼¤òÄɲä·¤Þ¤¹¡£</para>
+ <programlisting>01:47:32.021683 IP corporatenetwork.com > 192.168.1.12.privatenetwork.com: ESP(spi=0x02acbf9f,seq=0xa)
+01:47:33.022442 IP corporatenetwork.com > 192.168.1.12.privatenetwork.com: ESP(spi=0x02acbf9f,seq=0xb)
+01:47:34.024218 IP corporatenetwork.com > 192.168.1.12.privatenetwork.com: ESP(spi=0x02acbf9f,seq=0xc)</programlisting>
- <programlisting>ipfw add 1 allow ip from any to any via gif0</programlisting>
- </listitem>
- <listitem>
- <para>ƱÍͤÎÊѹ¹¤ò¡¢¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È #2 ¤Î
- <filename>/etc/rc.conf</filename>
- ¤Ë¤ª¤¤¤Æ¤â¹Ô¤¤¤Þ¤¹¡£
- ¤³¤³¤Ç¡¢IP ¥¢¥É¥ì¥¹¤Î½çÈ֤ϵդˤ·¤Þ¤¹¡£</para>
- </listitem>
- </itemizedlist>
- </sect3>
+ <para>¤³¤ì¤Ç 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¡¢
+ 1 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤è¤¦¤ËÍøÍѤǤ¤Þ¤¹¡£
+ ¿¤¯¤Î¾ì¹ç¡¢
+ ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ë¤è¤êÊݸ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢
+ ξÊý¤òή¤ì¤ëÄÌ¿®¤òµö²Ä¤¹¤ë¤Ë¤Ï¡¢
+ ¥Ñ¥±¥Ã¥È¤¬Î¾Êý¤ò¹Ô¤Íè¤Ç¤¤ë¤è¤¦¤Ë¥ë¡¼¥ë¤òÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ &man.ipfw.8; ¤ò»È¤Ã¤¿¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¾ì¹ç¤Ï¡¢
+ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤Ë¡¢°Ê²¼¤Î¹Ô¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
- <sect3>
- <title>¥¹¥Æ¥Ã¥× 2: ¥ê¥ó¥¯¤ò°ÂÁ´¤Ë¤¹¤ë¡£</title>
+ <programlisting>ipfw add 00201 allow log esp from any to any
+ipfw add 00202 allow log ah from any to any
+ipfw add 00203 allow log ipencap from any to any
+ipfw add 00204 allow log usp from any 500 to any</programlisting>
- <para>¥ê¥ó¥¯¤ò°ÂÁ´¤Ë¤¹¤ë¤¿¤á¤Ë¡¢IPsec ¤òÍѤ¤¤Þ¤¹¡£
- IPsec ¤Ï¡¢2 ¤Ä¤Î¥Û¥¹¥È¤¬°Å¹æ¸°¤Ë¹ç°Õ¤·¡¢
- ¤½¤Î¸°¤ò 2
- ¤Ä¤Î¥Û¥¹¥È¤Î´Ö¤Ç¥Ç¡¼¥¿¤ò°Å¹æ²½¤¹¤ë¤Î¤ËÍѤ¤¤ë¥á¥«¥Ë¥º¥à¤òÄ󶡤·¤Þ¤¹¡£</para>
+ <note>
+ <para>¥ë¡¼¥ëÈÖ¹æ¤Ï¡¢
+ ¸½ºß¤Î¥Û¥¹¥È¤ÎÀßÄê¤Ë¤è¤Ã¤Æ¤ÏÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£</para>
+ </note>
- <para>¤³¤³¤Ç¤Ï¡¢ÀßÄê¤ò¹Ô¤¦¾å¤Ç¹Íθ¤¹¤Ù¤Îΰ褬 2 ¤Ä¤¢¤ê¤Þ¤¹¡£</para>
+ <para>&man.pf.4; ¤Þ¤¿¤Ï &man.ipf.8; ¤ò»ÈÍѤ·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
+ °Ê²¼¤Î¥ë¡¼¥ë¤Ç¾å¼ê¤¯¤¤¤¯¤Ç¤·¤ç¤¦¡£</para>
- <orderedlist>
- <listitem>
- <para>2 ¤Ä¤Î¥Û¥¹¥È¤Ç¡¢
- ÍѤ¤¤ë°Å¹æ¥á¥«¥Ë¥º¥à¤Ë¹ç°Õ¤¹¤ë¥á¥«¥Ë¥º¥à¤¬É¬ÍפǤ¹¡£
- 2 ¤Ä¤Î¥Û¥¹¥È¤¬°ìÅÙ¤³¤Î¥á¥«¥Ë¥º¥à¤Ë¹ç°Õ¤·¤¿¤é¡¢
- ¤³¤ì¤é¤Î´Ö¤Ç <quote>¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó</quote>
- ¤¬³ÎΩ¤µ¤ì¤¿¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
- </listitem>
- <listitem>
- <para>¤É¤Î¥È¥é¥Õ¥£¥Ã¥¯¤ò°Å¹æ²½¤¹¤ë¤«¤òÆÃÄꤹ¤ë¥á¥«¥Ë¥º¥à¤¬É¬ÍפȤʤê¤Þ¤¹¡£
- ³°¸þ¤¤Î¥È¥é¥Õ¥£¥Ã¥¯¤Î¤¹¤Ù¤Æ¤ò°Å¹æ²½¤¹¤ëɬÍפϤʤ¤¤Î¤ÏÌÀ¤é¤«¤Ç¤¹¡£
- -- VPN ¤Ë´Ø·¸¤¹¤ë¥È¥é¥Õ¥£¥Ã¥¯¤Î¤ß¤ò°Å¹æ²½¤¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Þ¤¹¡£
- ¤É¤Î¥È¥é¥Õ¥£¥Ã¥¯¤ò°Å¹æ¤¹¤Ù¤¤«¤ò·è¤á¤ë¤¿¤á¤ËƳÆþ¤µ¤ì¤ë¥ë¡¼¥ë¤ò
- <quote>¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·</quote> ¤È¸Æ¤Ó¤Þ¤¹¡£</para>
- </listitem>
- </orderedlist>
+ <programlisting>pass in quick proto esp from any to any
+pass in quick proto ah from any to any
+pass in quick proto ipencap from any to any
+pass in quick proto udp from any port = 500 to any port = 500
+pass in quick on gif0 from any to any
+pass out quick proto esp from any to any
+pass out quick proto ah from any to any
+pass out quick proto ipencap from any to any
+pass out quick proto udp from any port = 500 to any port = 500
+pass out quick on gif0 from any to any</programlisting>
- <para>¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤ª¤è¤Ó¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤ÎξÊý¤Ï¡¢
- ¥«¡¼¥Í¥ë¤Ë¤è¤ê´ÉÍý¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤½¤·¤Æ¡¢¥æ¡¼¥¶¥é¥ó¥É¥×¥í¥°¥é¥à¤Ë¤è¤ê¡¢
- Êѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
- ¤·¤«¤·¤Ê¤¬¤é¡¢¤³¤ì¤ò¹Ô¤¦Á°¤Ë¡¢¥«¡¼¥Í¥ë¤ò IPsec ¤ª¤è¤Ó
- Encapsulated Security Payload (ESP) ¥×¥í¥È¥³¥ë¤ËÂбþ¤¹¤ë¤è¤¦¤Ë¡¢
- ÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¤³¤ì¤Ï¡¢¥«¡¼¥Í¥ë¤ò°Ê²¼¤Î¤è¤¦¤ËÀßÄꤹ¤ë¤³¤È¤Ç²Äǽ¤Ç¤¹¡£</para>
+ <para>ºÇ¸å¤Ë¡¢¥·¥¹¥Æ¥à¤Î½é´ü²½Ãæ¤Ë <acronym>VPN</acronym>
+ ¤¬µ¯Æ°¤¹¤ë¤è¤¦¤Ë¡¢°Ê²¼¤Î¹Ô¤ò
+ <filename>/etc/rc.conf</filename> ¤ËÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
- <indexterm>
- <primary>kernel options</primary>
- <secondary>IPSEC</secondary>
- </indexterm>
-
- <programlisting>options IPSEC
-options IPSEC_ESP
- </programlisting>
-
- <para>¤½¤·¤ÆºÆ¹½ÃÛ¤·¡¢ºÆ¥¤¥ó¥¹¥È¡¼¥ë¤ò¹Ô¤Ã¤Æ¡¢ºÆµ¯Æ°¤·¤Æ¤¯¤À¤µ¤¤¡£
- ¤³¤ì¤ÏξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Î¥«¡¼¥Í¥ë¤Ç¹Ô¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <indexterm>
- <primary>IKE</primary>
- </indexterm>
-
- <para>¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤ÎÀßÄê¤Ë´Ø¤·¤Æ¤¤¤¦¤È¡¢
- 2 ¤Ä¤ÎÁªÂò»è¤¬¤¢¤ê¤Þ¤¹¡£
- 1 ¤ÄÌܤϡ¢2 ¤Ä¤Î¥Û¥¹¥È´Ö¤ÎÀßÄê¤ò¼êÆ°¤ÇÀßÄꤹ¤ëÊýË¡¤Ç¡¢
- °Å¹æ¥¢¥ë¥´¥ê¥º¥à¡¢°Å¹æ¸°¤Ê¤É¤òÁªÂò¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¤â¤¦ 1 ¤Ä¤Ï¡¢¤³¤ì¤é¤ò¤¢¤Ê¤¿¤ËÂå¤ï¤ê¹Ô¤¦
- Internet Key Exchange ¥×¥í¥È¥³¥ë (IKE)
- ¤ò¼ÂÁõ¤·¤Æ¤¤¤ë¥Ç¡¼¥â¥ó¤òÍѤ¤¤ë¤³¤È¤Ç¤¹¡£</para>
-
- <para>¸å¼Ô¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£¤È¤Ë¤«¤¯¡¢ÀßÄ꤬¤è¤ê´Êñ¤Ç¤¹¡£</para>
-
- <indexterm>
- <primary><command>setkey</command></primary>
- </indexterm>
-
- <para>&man.setkey.8; ¤òÍѤ¤ÆÀ¤ë¤³¤È¤Ç¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤òÀßÄꤷ¤¿¤ê¡¢
- ɽ¼¨¤Ç¤¤Þ¤¹¡£
- &man.route.8; ¤¬¥«¡¼¥Í¥ë¥ë¡¼¥Æ¥£¥ó¥°¥Æ¡¼¥Ö¥ë¤Ë´Ø¤·¤Æ¤¤¤ë¤Î¤ÈƱÍͤˡ¢
- <command>setkey</command>
- ¤Ï¡¢¥«¡¼¥Í¥ë¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¥Æ¡¼¥Ö¥ë¤Ë´ØÏ¢¤·¤Æ¤¤¤Þ¤¹¡£
- <command>setkey</command> ¤Ï¡¢
- ¸½ºß¤Î¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤âɽ¼¨¤Ç¤¡¢
- Îà¿ä¤ò¤µ¤é¤Ë¿Ê¤á¤ë¤È¡¢¤½¤ÎÅÀ¤Ë¤ª¤¤¤Æ¡¢
- <command>netstat -r</command> ¤ÈƱ¼ï¤Ç¤¹¡£</para>
-
- <para>FreeBSD
- ¤Ç¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤ò´ÉÍý¤¹¤ë¥Ç¡¼¥â¥ó¤Ï¿ô¿¤¯¤¢¤ê¤Þ¤¹¡£
- ¤³¤Îʸ½ñ¤Ç¤Ï¡¢¤½¤ÎÃæ¤Î°ì¤Ä¤Î <application>racoon</application>
- ¤Î»È¤¤Êý¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£
- <application>racoon</application> ¤Ï¡¢&os; Ports Collection ¤Î
- <filename role="package">security/ipsec-tools</filename>
- ¤«¤é¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤¤Þ¤¹¡£</para>
-
- <indexterm>
- <primary>racoon</primary>
- </indexterm>
-
- <para><application>racoon</application> ¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
- ξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Ç¼Â¹Ô¤µ¤ì¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¤½¤ì¤¾¤ì¤Î¥Û¥¹¥È¤Ç¡¢¤â¤¦°ì¤Ä¤Î VPN ¤Îü¤Î IP ¥¢¥É¥ì¥¹¤ª¤è¤Ó
- (¤¢¤Ê¤¿¤¬ÁªÂò¤·¤¿¤â¤Î¤Ç¡¢Î¾Êý¤Î¥²¡¼¥È¥¦¥§¥¤¤ÇƱ¤¸É¬ÍפΤ¢¤ë)
- ÈëÌ©¸°¤ÇÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <para>2 ¤Ä¤Î¥Ç¡¼¥â¥ó¤Ï¡¢¸ß¤¤¤Ë¥³¥ó¥¿¥¯¥È¤·¡¢
- (ÀßÄꤷ¤¿ÈëÌ©¸°¤òÍѤ¤¤Æ) ¤À¤ì¤¬Áê¼ê¤Ç¤¢¤ë¤«¤ò³Îǧ¤·¤Þ¤¹¡£
- ¥Ç¡¼¥â¥ó¤Ï¤½¤Î¸å¡¢¿·¤·¤¤ÈëÌ©¸°¤òÀ¸À®¤·¡¢
- VPN ¾å¤Î¥È¥é¥Õ¥£¥Ã¥¯¤Î°Å¹æ²½¤Î¤¿¤á¤ËÍѤ¤¤Þ¤¹¡£
- ¹¶·â¼Ô¤¬¤³¤ì¤é¤Î¸°¤Î (ÍýÏÀŪ¤Ë¤Ï¡¢ÉÔ²Äǽ¤Ç¤¹¤¬)
- 1 ¤Ä¤ò¥¯¥é¥Ã¥¯¤·¤Æ¤â¡¢¤½¤ì°Ê¾å¤Ç¤¤Ê¤¤¤è¤¦¤Ë¡¢
- ¤³¤ÎÈëÌ©¸°¤òÄê´üŪ¤ËÊѹ¹¤·¤Þ¤¹¡£
- -- Èà¤é¤¬¥«¥®¤ò¥¯¥é¥Ã¥¯¤·¤¿¤È¤¤Ë¤Ï¡¢
- 2 ¤Ä¤Î¥Ç¡¼¥â¥ó¤Ï¾¤Î¸°¤òÁªÂò¤·¤Æ¤¤¤ë¤³¤È¤Ç¤·¤ç¤¦¡£</para>
-
- <para><application>racoon</application> ¤ÎÀßÄê¤Ï¡¢
- <filename>${PREFIX}/etc/racoon</filename> ¤Ç¹Ô¤ï¤ì¤Þ¤¹¡£
- ¤³¤³¤Ë¤Ï¡¢ÀßÄê¥Õ¥¡¥¤¥ë¤¬ÃÖ¤«¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢
- ¤½¤ì¤Û¤É¿¤¯Êѹ¹¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£
- ¤ª¤½¤é¤¯¤¢¤Ê¤¿¤¬Êѹ¹¤¹¤Ù¤ <application>racoon</application>
- ¤ÎÀßÄê¤Î¾¤ÎÉôʬ¤Ï¡¢
- <quote>pre-shared key</quote> ¤Ç¤¹¡£</para>
-
- <para>¥Ç¥Õ¥©¥ë¥È¤Î <application>racoon</application> ¤ÎÀßÄê¤Ç¤Ï¡¢
- ¤³¤ì¤Ï¡¢<filename>${PREFIX}/etc/racoon/psk.txt</filename>
- ¥Õ¥¡¥¤¥ë¤Ë¤¢¤ë¤È²¾Äꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
- pre-shared key ¤Ï¡¢VPN ¥ê¥ó¥¯¤ò·Ðͳ¤¹¤ë¥È¥é¥Õ¥£¥Ã¥¯¤Î°Å¹æ²½¤Ë¤Ï¡¢
- <emphasis>ÍѤ¤¤é¤ì¤Þ¤»¤ó</emphasis>¡£
- ¸°´ÉÍý¥Ç¡¼¥â¥ó¤¬¤ª¸ß¤¤¤ò¿®Íꤹ¤ë¤¿¤á¤Î¥È¡¼¥¯¥ó¤Ç¤¹¡£</para>
-
- <para><filename>psk.txt</filename> ¤Ï¡¢
- ¤¢¤Ê¤¿¤¬¼è¤ê°·¤¦³Æ¥ê¥â¡¼¥È¤Î¥µ¥¤¥È¤Ë´ØÏ¢¤¹¤ë¹Ô¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£
- ¤³¤ÎÎã¤Ç¤Ï¡¢¤É¤³¤Ë 2 ¤Ä¤Î¥µ¥¤¥È¤¬¤¢¤ë¤Î¤«¡¢
- ³Æ <filename>psk.txt</filename> ¥Õ¥¡¥¤¥ë¤Ï¡¢°ì¹Ô¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹
- (¤Ê¤¼¤Ê¤é¤Ð¡¢³Æ VPN ¤Îü¤Ï¡¢Â¾¤Îü¤Î¤ß¤ò¼è¤ê°·¤¦¤¿¤á)¡£</para>
-
- <para>¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Î #1 ¤Ç¤Ï¡¢
- ¤³¤Î¹Ô¤Ï°Ê²¼¤Î¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡£</para>
-
- <programlisting>W.X.Y.Z secret</programlisting>
-
- <para>¤³¤ì¤Ï¡¢¥ê¥â¡¼¥Èü¤Î <emphasis>¸ø³«</emphasis> IP ¥¢¥É¥ì¥¹¡¢¶õÇò¡¢
- °ÂÁ´¤òÄ󶡤¹¤ë¤¿¤á¤Î¥Æ¥¥¹¥Èʸ»ú¤Ç¤¹¡£
- ÌÀ¤é¤«¤Ë¡¢<quote>secret</quote> ¤ò¤¢¤Ê¤¿¤Î¸°¤Ë»È¤¦¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
- ¥Ñ¥¹¥ï¡¼¥É¤ËÂФ¹¤ëÄ̾ï¤Îµ¬Â§¤Ë½¾¤Ã¤Æ¤¯¤À¤µ¤¤¡£</para>
-
- <para>¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È #2 ¤Ç¤Ï¡¢¤³¤Î¹Ô¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-
- <programlisting>A.B.C.D secret</programlisting>
-
- <para>¤³¤ì¤Ï¡¢¥ê¥â¡¼¥Èü¤Î¸ø³« IP ¥¢¥É¥ì¥¹¤ÈÀè¤Û¤É¤ÈƱ¤¸ÈëÌ©¸°¤Ç¤¹¡£
- <application>racoon</application>
- ¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë <filename>psk.txt</filename> ¤Î¥â¡¼¥É¤Ï¡¢
- <literal>0600</literal>
- (i.e., <systemitem class="username">root</systemitem> ¤Î¤ß¤¬
- read/write ¤Ç¤¤Þ¤¹) ¤È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
-
- <para>ξÊý¤Î¥Û¥¹¥È¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç
- <application>racoon</application> ¤òÁö¤é¤»¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£IKE
- ¥È¥é¥Õ¥£¥Ã¥¯¤òµö²Ä¤¹¤ë¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥ë¡¼¥ë¤òÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- IKE ¥È¥é¥Õ¥£¥Ã¥¯¤Ï¡¢UDP ¾å¤Ç ISAKMP (Internet Security Association
- Key Management Protocol) port ¤ËÂФ·¤Æ¼Â¹Ô¤µ¤ì¤ë¤â¤Î¤Ç¤¹¡£
- ¤³¤Î¥ë¡¼¥ë¤Ï¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥ë¡¼¥ë¥»¥Ã¥È¤Î¶Ë¤á¤ÆºÇ½é¤Ëµ½Ò¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <programlisting>ipfw add 1 allow udp from A.B.C.D to W.X.Y.Z isakmp
-ipfw add 1 allow udp from W.X.Y.Z to A.B.C.D isakmp
- </programlisting>
-
- <para>°ìÅÙ <application>racoon</application> ¤òÁö¤é¤»¤¿¤é¡¢
- ÊÒÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤«¤é¡¢Â¾¤Î¥Û¥¹¥È¤Ø ping ¤ò¼Â¹Ô¤Ç¤¤Þ¤¹¡£
- Àܳ¤Ï¡¢¤Þ¤À°Å¹æ²½¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¤¬¡¢<application>racoon</application>
- ¤Ï¤½¤Î¸å 2 ¤Ä¤Î¥Û¥¹¥È´Ö¤Î¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤òÀßÄꤷ¤Þ¤¹¡£
- ¤³¤ì¤Ï»þ´Ö¤òÍפ·¡¢
- ping ¥³¥Þ¥ó¥É¤¬È¿±þ¤¹¤ëÁ°¤Ë¾¯¤·»þ´Ö¤ÎÃÙ¤ì¤È¤·¤Æǧ¼±¤Ç¤¤ë¤Ç¤·¤ç¤¦¡£</para>
-
- <para>°ìÅÙ¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤¬³ÎΩ¤µ¤ì¤¿¤é¡¢
- &man.setkey.8; ¤ò»È¤Ã¤Æ³Îǧ¤Ç¤¤Þ¤¹¡£
- ¤É¤Á¤é¤«¤Î¥Û¥¹¥È¤Ç°Ê²¼¤Î¤è¤¦¤Ë¼Â¹Ô¤·¤Æ¡¢
- ¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¾ðÊó¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
-
- <programlisting>setkey -D</programlisting>
-
- <para>°Ê¾å¤ÇÌäÂê¤ÎȾʬ¤¬½ª¤ï¤ê¤Þ¤·¤¿¡£
- ¤â¤¦È¾Ê¬¤Ï¡¢¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤ÎÀßÄê¤Ç¤¹¡£</para>
-
- <para>ŬÀڤʥ»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤òºîÀ®¤¹¤ë¤Ë¤Ï¡¢
- ¤³¤ì¤Þ¤Ç¤Ë¤É¤Î¤è¤¦¤ËÀßÄꤵ¤ì¤Æ¤¤¤ë¤«¤ò³Îǧ¤¹¤ë¤³¤È¤¬É¬ÍפȤʤê¤Þ¤¹¡£
- ¤³¤ÎµÄÏÀ¤Ï¡¢Î¾Êý¤Î¥ê¥ó¥¯¤Îü¤Ç¹Ô¤ï¤ì¤Þ¤¹¡£</para>
-
- <para>Á÷¿®¤µ¤ì¤¿³Æ IP ¥Ñ¥±¥Ã¥È¤Ë¤Ï¡¢¥Ø¥Ã¥À¤¬¤¢¤ê¡¢
- ¥Ñ¥±¥Ã¥È¤Ë´Ø¤¹¤ë¥Ç¡¼¥¿¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£
- ¥Ø¥Ã¥À¤Ë¤Ï¥½¡¼¥¹¤ª¤è¤Ó¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¤ÎξÊý¤Î
- IP ¥¢¥É¥ì¥¹¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
- ²æ¡¹¤Ï¤¹¤Ç¤ËÃΤäƤ¤¤ë¤è¤¦¤Ë¡¢¸ø³«¥¤¥ó¥¿¡¼¥Í¥Ã¥È¾å¤Ç¤Ï¡¢
- <systemitem class="ipaddress">192.168.x.y</systemitem>
- ¤È¤¤¤Ã¤¿ÈϰϤΥץ饤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤Ï»È¤ï¤ì¤Þ¤»¤ó¡£
- ¤½¤Î¤«¤ï¤ê¡¢ºÇ½é¤Ë¾¤Î¥Ñ¥±¥Ã¥ÈÆâ¤Ë¥«¥×¥»¥ë²½¤µ¤ì¤Þ¤¹¡£
- ¤³¤Î¥Ñ¥±¥Ã¥È¤Ï¡¢¥×¥é¥¤¥Ù¡¼¥È¥¢¥É¥ì¥¹¤Î¤«¤ï¤ê¤Ë¡¢
- ¸ø³«¥½¡¼¥¹¤ª¤è¤Ó¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¤Î IP ¥¢¥É¥ì¥¹¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
-
- <para>¤½¤Î¤¿¤á¡¢³°¸þ¤¤Î¥Ñ¥±¥Ã¥È¤Ï°Ê²¼¤Î¤è¤¦¤Ë»Ï¤Þ¤ê¤Þ¤¹¡£</para>
-
- <screen>
- .----------------------.
- | Src: 192.168.1.1 |
- | Dst: 192.168.2.1 |
- | <other header info> |
- +----------------------+
- | <packet data> |
- `----------------------'</screen>
-
- <para>¤½¤Î¸å¡¢Â¾¤Î¥Ñ¥±¥Ã¥È¤ÎÃæ¤Ë°Ê²¼¤Î¤è¤¦¤Ë¥«¥×¥»¥ë²½¤µ¤ì¤Þ¤¹¡£</para>
-
- <screen>
- .--------------------------.
- | Src: A.B.C.D |
- | Dst: W.X.Y.Z |
- | <other header info> |
- +--------------------------+
- | .----------------------. |
- | | Src: 192.168.1.1 | |
- | | Dst: 192.168.2.1 | |
- | | <other header info> | |
- | +----------------------+ |
- | | <packet data> | |
- | `----------------------' |
- `--------------------------'</screen>
-
- <para>¤³¤Î¥«¥×¥»¥ë²½¤Ï gif
- ¥Ç¥Ð¥¤¥¹¤Ë¤è¤ê¹Ô¤ï¤ì¤Þ¤¹¡£³Îǧ¤Ç¤¤ë¤è¤¦¤Ë¡¢
- ¥Ñ¥±¥Ã¥È¤Ï³°Â¦¤ËËÜÍè¤Î IP ¥¢¥É¥ì¥¹¤ò»ý¤Ã¤Æ¤ª¤ê¡¢
- ¥ª¥ê¥¸¥Ê¥ë¥Ñ¥±¥Ã¥È¤Ï¡¢
- ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ë³°¸þ¤¤ËÁ÷¤é¤ì¤ë¥Ñ¥±¥Ã¥È¤ÎÃæ¤Ë¥Ç¡¼¥¿¤È¤·¤Æ¥é¥Ã¥×¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
-
- <para>ÌÀ¤é¤«¤Ë¡¢VPN
- ´Ö¤Î¤¹¤Ù¤Æ¤Î¥È¥é¥Õ¥£¥Ã¥¯¤¬°Å¹æ²½¤µ¤ì¤ë¤³¤È¤¬É¬ÍפȤʤê¤Þ¤¹¡£
- ¸ÀÍդˤ¹¤ë¤È°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-
- <para><quote>¤â¤·¥Ñ¥±¥Ã¥È¤¬
- <systemitem class="ipaddress">A.B.C.D</systemitem>
- ¤«¤é¡¢
- <systemitem class="ipaddress">W.X.Y.Z</systemitem>
- ¤Ø¤ÈÁ÷¤é¤ì¤ë¤È¤¹¤ë¤È¡¢
- ɬÍפʥ»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤ò»È¤Ã¤Æ°Å¹æ²½¤µ¤ì¤Þ¤¹¡£</quote></para>
-
- <para><quote>¤â¤·¥Ñ¥±¥Ã¥È¤¬¡¢
- <systemitem class="ipaddress">W.X.Y.Z</systemitem>
- ¤«¤éÆϤ¡¢
- <systemitem class="ipaddress">A.B.C.D</systemitem>
- ¤Ø¤ÈÁ÷¤é¤ì¤ë¾ì¹ç¤Ë¤Ï¡¢
- ɬÍפʥ»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤òÍѤ¤¤ÆÉü¹æ²½¤µ¤ì¤Þ¤¹¡£</quote></para>
-
- <para>¤³¤ì¤ÏÀµ²ò¤Ë¶á¤¤¤Î¤Ç¤¹¤¬¡¢¶Ë¤á¤ÆÀµ¤·¤¤¤È¤¤¤¦¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
- ¤â¤·¤³¤ì¤ò¹Ô¤Ã¤¿¤È¤¹¤ë¤È¡¢
- <systemitem class="ipaddress">W.X.Y.Z</systemitem>
- ¤Ø¤Î¥È¥é¥Õ¥£¥Ã¥¯¡¢¤Þ¤¿¤Ï¡¢¤³¤³¤«¤é¤Î¥È¥é¥Õ¥£¥Ã¥¯¤Î¤¹¤Ù¤Æ¤¬¡¢
- VPN ¤Ç¤Ï¤Ê¤¤¥È¥é¥Ã¥¯¤Þ¤Ç°Å¹æ²½¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
- ¤³¤ì¤Ï¤¢¤Ê¤¿¤¬¹Ô¤¤¤¿¤¤¤³¤È¤È¤Ï¤Þ¤Ã¤¿¤¯°ã¤¤¤Þ¤¹¡£
- ŬÀڤʥݥꥷ¤Ï°Ê²¼¤Î¤è¤¦¤Ê¤â¤Î¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-
- <para><quote><systemitem class="ipaddress">A.B.C.D</systemitem>
- ¤«¤é¥Ñ¥±¥Ã¥È¤¬½Ð¤¿¤È¤·¤Æ¡¢
- ¤½¤Î¥Ñ¥±¥Ã¥È¤¬Â¾¤Î¥Ñ¥±¥Ã¥È¤ò¥«¥×¥»¥ë²½¤·¡¢
- <systemitem class="ipaddress">W.X.Y.Z</systemitem>
- ¤Ø¤ÈÁ÷¤é¤ì¤ë¤È¤¹¤ë¤È¡¢
- ¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤òÍѤ¤¤Æ°Å¹æ²½¤·¤Þ¤¹¡£</quote></para>
-
- <para><quote>¤â¤·¡¢¥Ñ¥±¥Ã¥È¤¬¡¢<systemitem
- class="ipaddress">W.X.Y.Z</systemitem> ¤«¤éÆϤ¡¢
- ¤½¤Î¥Ñ¥±¥Ã¥È¤¬Â¾¤Î¥Ñ¥±¥Ã¥È¤ò¥«¥×¥»¥ë²½¤·¡¢<systemitem
- class="ipaddress">A.B.C.D</systemitem> ¤Ø¤ÈÁ÷¤é¤ì¤ë¾ì¹ç¤Ë¤Ï¡¢
- ɬÍפʥ»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤ò»È¤Ã¤ÆÉü¹æ²½¤µ¤ì¤Þ¤¹¡£</quote></para>
-
- <para>Èù̯¤ÊÊѹ¹¤Ç¤¹¤¬¡¢É¬ÍפÊÊѹ¹¤Ç¤¹¡£</para>
-
- <para>¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤Ï¡¢Æ±¤¸¤¯ &man.setkey.8;
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list