svn commit: r49685 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Sat Nov 19 15:37:05 UTC 2016
Author: ryusuke
Date: Sat Nov 19 15:37:03 2016
New Revision: 49685
URL: https://svnweb.freebsd.org/changeset/doc/49685
Log:
- Merge the following from the English version:
r17170 -> r17645 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Nov 17 22:03:05 2016 (r49684)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Sat Nov 19 15:37:03 2016 (r49685)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r17170
+ Original revision: r17645
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -62,7 +62,8 @@
</listitem>
<listitem>
- <para>IPsec ¤ÎÀßÄêÊýË¡</para>
+ <para>IPsec ¤ª¤è¤Ó FreeBSD/Windows ¥³¥ó¥Ô¥å¡¼¥¿¤Î´Ö¤Ç VPN
+ ¤ÎÀßÄêÊýË¡</para>
</listitem>
<listitem>
@@ -1124,9 +1125,10 @@
<para>¿·µ¬¥Ñ¥¹¥ï¡¼¥É¤¬¤É¤Á¤é¤Î¥Ñ¥¹¥ï¡¼¥É·Á¼°¤Ë¤Ê¤ë¤«¤Ï¡¢
<filename>/etc/login.conf</filename> ¤ÎÃæ¤Î
- <quote>passwd_format</quote> ¥í¥°¥¤¥ó¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤Ë¤è¤Ã¤ÆÀ©¸æ¤µ¤ì¤Þ¤¹¡£
- ¤½¤ÎÃͤȤ·¤Æ¤Ï¡¢<quote>des</quote>¡¢
- <quote>md5</quote> ¤Þ¤¿¤Ï <quote>blf</quote> ¤òÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
+ <literal>passwd_format</literal>
+ ¥í¥°¥¤¥ó¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤Ë¤è¤Ã¤ÆÀ©¸æ¤µ¤ì¤Þ¤¹¡£
+ ¤½¤ÎÃͤȤ·¤Æ¤Ï¡¢<literal>des</literal>, <literal>md5</literal>
+ ¤Þ¤¿¤Ï <literal>blf</literal> ¤òÀßÄꤹ¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
¥í¥°¥¤¥ó¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤Ë´Ø¤¹¤ë¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ï¡¢
&man.login.conf.5; ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
@@ -3151,7 +3153,7 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat A
FreeBSD ¤Î OpenSSL ÇÛÉۤ˴ޤޤì¤Æ¤¤¤Þ¤¹¤¬¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥³¥ó¥Ñ
¥¤¥ë¤µ¤ì¤Þ¤»¤ó¡£¤â¤· IDEA ¤ò»È¤¤¤¿¤¤¤Ê¤é¡¢¤½¤·¤Æ¤¢¤Ê¤¿¤¬¤½¤Î¥é¥¤
¥»¥ó¥¹¾ò¹à¤Ë¹çÃפ¹¤ë¤Ê¤é¡¢<filename>/etc/make.conf</filename>
- ¤ÎÃæ¤Î <literal>MAKE_IDEA</literal> ¥¹¥¤¥Ã¥Á¤ò͸ú¤Ë¤·¤Æ¡¢
+ ¤ÎÃæ¤Î MAKE_IDEA ¥¹¥¤¥Ã¥Á¤ò͸ú¤Ë¤·¤Æ¡¢
<command>make world</command> ¤Ç¥½¡¼¥¹¤ò¥ê¥Ó¥ë¥É¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
<para>¸½ºß¤Ï RSA ¥¢¥ë¥´¥ê¥º¥à¤Ï¥¢¥á¥ê¥«¤È¤½¤Î¾¤Î¹ñ¤Ç¼«Í³¤ËÍøÍѤÇ
@@ -3166,7 +3168,8 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat A
<title>¥½¡¼¥¹¥³¡¼¥É¤Î¥¤¥ó¥¹¥È¡¼¥ë</title>
<para>OpenSSL ¤Ï <literal>src-crypto</literal> ¤È
- <literal>src-secure</literal> cvsup ¥³¥ì¥¯¥·¥ç¥ó¤Î°ìÉô¤Ç¤¹¡£
+ <literal>src-secure</literal>
+ <application>CVSup</application> ¥³¥ì¥¯¥·¥ç¥ó¤Î°ìÉô¤Ç¤¹¡£
FreeBSD ¤Î¥½¡¼¥¹¥³¡¼¥É¤Î¼èÆÀ¤È¹¹¿·¤Î¾ÜºÙ¤Ï¡¢
<link linkend="mirrors">FreeBSD
¤ÎÆþ¼ê</link>¤Î¹à¤ò»²¾È¤·¤Æ²¼¤µ¤¤¡£</para>
@@ -3174,351 +3177,968 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat A
</sect1>
<sect1 xml:id="ipsec">
- <info><title>IPsec</title>
+ <info><title>VPN over IPsec</title>
<authorgroup>
- <author><personname><firstname>Yoshinobu</firstname><surname>Inoue</surname></personname><contrib>´ó¹Æ: </contrib></author>
- <!-- 5 Mar 2000 -->
+ <author>
+ <personname>
+ <firstname>Nik</firstname>
+ <surname>Clayton</surname>
+ </personname>
+ <affiliation>
+ <address><email>nik at FreeBSD.org</email></address>
+ </affiliation>
+ <contrib>¼¹É®: </contrib>
+ </author>
</authorgroup>
</info>
-
- <indexterm><primary>IPsec</primary></indexterm>
- <indexterm>
- <primary>¥»¥¥å¥ê¥Æ¥£</primary>
- <secondary>IPsec</secondary>
- </indexterm>
-
- <para><emphasis>Ìõ: &a.jp.hino;, 14 March
- 2001.</emphasis></para>
-
- <note>
- <title>½ªÃ¼Ê¸»ú</title>
- <para>¤³¤ÎÀá¤Î¡¢¤Þ¤¿Â¾¤ÎÀá¤òÄ̤·¤Æ¡¢ËöÈø¤Ë <quote>^D</quote>
- ¤¬ÃÖ¤«¤ì¤Æ¤¤¤ëÎ㤬¤¢¤ë¤³¤È¤Ëµ¤¤Å¤«¤ì¤ë¤Ç¤·¤ç¤¦¡£
- ¤³¤ì¤Ï¡¢<keycap>Control</keycap> ¥¡¼¤ò²¡¤·¤Ê¤¬¤é
- <keycap>D</keycap> ¥¡¼¤ò²¡¤¹¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£
- ¤Û¤«¤Ë¤è¤¯»È¤ï¤ì¤ëʸ»ú¤Ï <quote>^C</quote>
- ¤Ç¡¢<keycap>Control</keycap>¡¡¥¡¼¤ò²¡¤·¤Ê¤¬¤é
- <keycap>C</keycap> ¤ò²¡¤¹¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£</para>
- </note>
-
- <tip>
- <para>FreeBSD ¤Î IPsec ¼ÂÁõ¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤¿ HOWTO ¤Ï¡¢Â¾¤Ë
- <uri xlink:href="http://www.daemonnews.org/200101/ipsec-howto.html">http://www.daemonnews.org/200101/ipsec-howto.html</uri>
- ¤È <uri xlink:href="http://www.freebsddiary.org/ipsec.php">http://www.freebsddiary.org/ipsec.php</uri>
- ¤¬¤¢¤ê¤Þ¤¹¡£</para>
- </tip>
-
- <para>IPsec µ¡¹½¤Ï¡¢IP Áؤȥ½¥±¥Ã¥ÈÁؤËÂФ·¤Æ°ÂÁ´¤ÊÄÌ¿®¤òÄ󶡤·¤Þ¤¹¡£
- ¤³¤ÎÀá¤Ç¤Ï¤½¤Î»È¤¤Êý¤òÀâÌÀ¤·¤Þ¤¹¡£¼ÂÁõ¤Î¾ÜºÙ¤Ë´Ø¤·¤Æ¤Ï <link xlink:href="../../../en_US.ISO8859-1/books/developers-handbook/ipv6.html">The
- Developers' Handbook</link> ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
- <!-- si006:2001/08/11 - developers handbook is not translated yet. -->
- </para>
-
- <para>¸½ºß¤Î IPsec ¤Î¼ÂÁõ¤Ï¡¢
- ¥È¥é¥ó¥¹¥Ý¡¼¥È¥â¡¼¥É¤È¥È¥ó¥Í¥ë¥â¡¼¥É¤ÎξÊý¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£
- ¤·¤«¤·¡¢¥È¥ó¥Í¥ë¥â¡¼¥É¤Ë¤Ï¤¤¤¯¤Ä¤«¤ÎÀ©¸Â»ö¹à¤¬¤¢¤ê¤Þ¤¹¡£
- <link xlink:href="http://www.kame.net/newsletter/"></link>
- ¤Ë¤Ï¤è¤êÁí¹çŪ¤ÊÎ㤬ºÜ¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
-
- <para>¤³¤³¤Ç½Ò¤Ù¤ëµ¡Ç½¤òÍøÍѤ¹¤ë¤Ë¤Ï¡¢°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤ò¥«¡¼¥Í¥ë¥³
- ¥ó¥Ñ¥¤¥ë»þ¤Ë»ØÄꤹ¤ëɬÍפ¬¤¢¤ë¤³¤È¤Ë¤´Ãí°Õ¤¯¤À¤µ¤¤¡£</para>
-
- <programlisting>options IPSEC #IP security
-options IPSEC_ESP #IP security (crypto; define w/IPSEC)</programlisting>
+ <para>¤³¤Î¾Ï¤Ç¤Ï¡¢FreeBSD ¥²¡¼¥È¥¦¥§¥¤¤ò»È¤Ã¤Æ¡¢
+ ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ë¤è¤Ã¤Æʬ¤±¤é¤ì¤¿¡¢Æó¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ë
+ VPN ¤òºîÀ®¤·¤Þ¤¹¡£</para>
<sect2>
- <title>IPv4 ¤Ë¤ª¤±¤ë¥È¥é¥ó¥¹¥Ý¡¼¥È¥â¡¼¥É¤ÎÎã</title>
-
- <para>¥Û¥¹¥È A (<systemitem class="ipaddress">10.2.3.4</systemitem>)
- ¤È¥Û¥¹¥È B (<systemitem class="ipaddress">10.6.7.8</systemitem>)
- ¤È¤Î´Ö¤Ë°ÂÁ´¤Ê¥Á¥ã¥Í¥ë¤òÇÛÃÖ¤¹¤ë¤¿¤á¤Ë¡¢
- ¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤òÀßÄꤷ¤Þ¤·¤ç¤¦¡£
- ¤³¤³¤Ç¤Ï¡¢¾¯¤·¹þ¤ßÆþ¤Ã¤¿Îã¤ò¼¨¤·¤Þ¤¹¡£¥Û¥¹¥È A ¤«¤é¥Û¥¹¥ÈB
- ¤Ø¤Ï old AH ¤Î¤ß¤ò»È¤¤¤Þ¤¹¡£¥Û¥¹¥È B ¤«¤é¥Û¥¹¥È A ¤Ø¤Ï
- new AH ¤È new ESP ¤òÁȤ߹ç¤ï¤»¤Þ¤¹¡£</para>
-
- <para>¤³¤³¤Ç <quote>AH</quote>/<quote>new AH</quote>/<quote>ESP</quote>/<quote>new ESP</quote>
- ¤ËÂбþ¤¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò·è¤á¤Ê¤¤¤È¤¤¤±¤Þ¤»¤ó¡£
- ¥¢¥ë¥´¥ê¥º¥à¤Î̾Á°¤òÃΤë¤Ë¤Ï¡¢
- &man.setkey.8; ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò¤´Í÷¤¯¤À¤µ¤¤¡£¤³¤³¤Ç¤Ï¡¢AH ¤Ë
- MD5 ¤ò¡¢new AH ¤Ë¤Ï new-HMAC-SHA1 ¤ò¡¢new ESP ¤Ë¤Ï 8 ¥Ð¥¤¥È IV
- ¤Î new-DES-expIV ¤òÁª¤Ó¤Þ¤·¤¿¡£</para>
-
- <para>¸°Ä¹¤Ï¤½¤ì¤¾¤ì¤Î¥¢¥ë¥´¥ê¥º¥à¤ËÂ礤¯°Í¸¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢
- MD5 ¤Ç¤Ï¸°Ä¹¤Ï 16 ¥Ð¥¤¥È¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¤·¡¢new-HMAC-SHA1
- ¤Ç¤Ï 20 ¥Ð¥¤¥È¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¤·¡¢new-DES-expIV ¤Ç¤Ï
- 8 ¥Ð¥¤¥È¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£¤³¤³¤Ç¤Ï¤½¤ì¤¾¤ì
- <quote>MYSECRETMYSECRET</quote>,
- <quote>KAMEKAMEKAMEKAMEKAME</quote>,
- <quote>PASSWORD</quote> ¤È¤·¤Þ¤¹¡£</para>
-
- <para>¼¡¤Ë¡¢¤½¤ì¤¾¤ì¤Î¥×¥í¥È¥³¥ë¤ËÂФ·¤Æ SPI
- (¥»¥¥å¥ê¥Æ¥£¥Ñ¥é¥á¡¼¥¿¥¤¥ó¥Ç¥Ã¥¯¥¹: Security Parameter Index)
- ¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£3 ¼ïÎà¤Î¥»¥¥å¥ê¥Æ¥£¥Ø¥Ã¥À
- (¥Û¥¹¥È A ¤«¤é¥Û¥¹¥È B ¤Ë 1 ¤Ä¡¢¥Û¥¹¥È B ¤«¤é ¥Û¥¹¥È A ¤Ë 2 ¤Ä)
- ¤òÀ¸À®¤¹¤ë¤Î¤Ç¡¢¤³¤Î°ÂÁ´¤Ê¥Á¥ã¥Í¥ë¤Ë¤Ï 3 ¤Ä¤Î SPI
- ¤¬É¬Íפˤʤ뤳¤È¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£¤µ¤é¤Ë¡¢SPI ¤Ï
- 256 °Ê¾å¤Ç¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤³¤È¤Ë¤âÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£
- ¤³¤³¤Ç¤Ï¤½¤ì¤¾¤ì 1000, 2000, 3000 ¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£</para>
-
- <screen>
- (1)
- ¥Û¥¹¥È A ------> ¥Û¥¹¥È B
-
- (1)PROTO=AH
- ALG=MD5(RFC1826)
- KEY=MYSECRETMYSECRET
- SPI=1000
-
- (2.1)
- ¥Û¥¹¥È A <------ ¥Û¥¹¥È B
- <------
- (2.2)
-
- (2.1)
- PROTO=AH
- ALG=new-HMAC-SHA1(new AH)
- KEY=KAMEKAMEKAMEKAMEKAME
- SPI=2000
-
- (2.2)
- PROTO=ESP
- ALG=new-DES-expIV(new ESP)
- IV length = 8
- KEY=PASSWORD
- SPI=3000
-</screen>
+ <info><title>IPsec ¤òÍý²ò¤¹¤ë</title>
+ <authorgroup>
+ <author>
+ <personname>
+ <firstname>Hiten M.</firstname>
+ <surname>Pandya</surname>
+ </personname>
+ <affiliation>
+ <address><email>hmp at FreeBSD.org</email></address>
+ </affiliation>
+ <contrib>¼¹É®: </contrib>
+ </author>
+ </authorgroup>
+ </info>
+
+ <para>¤³¤ÎÀá¤Ç¤Ï¡¢FreeBSD ¤È
+ <application>Microsoft Windows 2000/XP</application>
+ ¤«¤é¤Ê¤ë´Ä¶¤Ë¤ª¤¤¤Æ¡¢IPsec ¤òÀßÄꤷ¡¢ÍøÍѤ¹¤ë²áÄø¤òÄ̤¸¤Æ¡¢
+ IPsec ¤ò»È¤Ã¤¿°ÂÁ´¤ÊÄÌ¿®¤Î¼Â¸½ÊýË¡¤Ë¤Ä¤¤¤Æ²òÀ⤷¤Þ¤¹¡£
+ IPsec ¤òÀßÄꤹ¤ë¤¿¤á¤Ë¤Ï¡¢
+ ¥«¥¹¥¿¥à¥«¡¼¥Í¥ë¤Î¹½ÃÛÊýË¡¤ò¤è¤¯ÃΤäƤ¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹
+ (<xref linkend="kernelconfig"/> ¤ò¤´Í÷¤¯¤À¤µ¤¤)¡£</para>
+
+ <para><emphasis>IPsec</emphasis> ¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥×¥í¥È¥³¥ë (IP)
+ ¥ì¥¤¥ä¤Î¥È¥Ã¥×¤Ë¤¢¤ë¥×¥í¥È¥³¥ë¤Ç¤¹¡£
+ Æó¤Ä¤â¤·¤¯¤Ï¤½¤ì°Ê¾å¤Î¥Û¥¹¥È´Ö¤Ç°ÂÁ´¤ËÄÌ¿®¤¹¤ë¤³¤È¤ò²Äǽ¤Ë¤·¤Þ¤¹
+ (¤½¤Î¤¿¤á¡¢Ì¾Á°¤Ë sec ¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹)¡£
+ FreeBSD ¤Î IPsec <quote>¥Í¥Ã¥È¥ï¡¼¥¯¥¹¥¿¥Ã¥¯</quote> ¤Ï¡¢
+ IPv4 ¤ª¤è¤Ó IPv6 ¤ÎξÊý¤Î¥×¥í¥È¥³¥ë¥Õ¥¡¥ß¥ê¤ËÂбþ¤·¤Æ¤¤¤ë
+ <link xlink:href="http://www.kame.net/">KAME</link>
+ ¼ÂÁõ¤ò¥Ù¡¼¥¹¤È¤·¤Æ¤¤¤Þ¤¹¡£</para>
- <para>¼¡¤Ë¡¢¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤òÀßÄꤷ¤Þ¤·¤ç¤¦¡£¥Û¥¹¥È
- A ¤È¥Û¥¹¥È B ¤ÎξÊý¤Ç¡¢&man.setkey.8; ¤ò¼Â¹Ô¤·¤Þ¤¹¡£</para>
+ <note>
+ <para>FreeBSD 5.0 ¤Ç¤Ï <quote>hardware
+ accelerated</quote> IPsec ¥¹¥¿¥Ã¥¯¤¬Äɲ䵤ì¤Þ¤·¤¿¡£
+ ¤³¤ì¤Ï¡¢<quote>Fast IPsec</quote> ¤È¤·¤ÆÃΤé¤ì¤Æ¤¤¤ë¤â¤Î¤Ç¡¢
+ OpenBSD ¤«¤é°Ü¿¢¤µ¤ì¤Þ¤·¤¿¡£
+ IPsec ¤Î¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤òºÇŬ²½¤¹¤ë¤¿¤á¤Ë¡¢(ÍøÍѤǤ¤ë¾ì¹ç¤Ë¤Ï)
+ &man.crypto.4; ¥µ¥Ö¥·¥¹¥Æ¥à¤ò·Ðͳ¤·¤Æ¡¢
+ °Å¹æ¥Ï¡¼¥É¥¦¥§¥¢¤ò»ÈÍѤ·¤Þ¤¹¡£
+ ¤³¤Î¥µ¥Ö¥·¥¹¥Æ¥à¤Ï¿·¤·¤¤¤Î¤Ç¡¢¤Þ¤À IPsec ¤Î KAME
+ ÈǤÇÍøÍѲÄǽ¤Êµ¡Ç½¤Î¤¹¤Ù¤Æ¤ËÂбþ¤·¤Æ¤¤¤ë¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ ¤·¤«¤·¤Ê¤¬¤é¡¢hardware-accelerated IPsec ¤ò͸ú¤Ë¤¹¤ë¤¿¤á¤Ë¤Ï¡¢
+ ¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤Ë°Ê²¼¤Î¥«¡¼¥Í¥ë¥ª¥×¥·¥ç¥ó¤òÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <screen>
+options FAST_IPSEC # new IPsec (cannot define w/ IPSEC)
+ </screen>
+
+ <para>¸½ºß¤Î»þÅÀ¤Ç¤Ï¡¢<quote>Fast IPsec</quote>
+ ¥µ¥Ö¥·¥¹¥Æ¥à¤ò IPsec ¤Î KAME ¼ÂÁõ¤Î¤«¤ï¤ê¤Ë»È¤¦¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£
+ ¤è¤ê¿¤¯¤Î¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢&man.fast.ipsec.4;
+ ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+ </note>
- <screen>&prompt.root; <userinput>setkey -c
- add 10.2.3.4 10.6.7.8 ah-old 1000 -m transport -A keyed-md5 "MYSECRETMYSECRET" ;
- add 10.6.7.8 10.2.3.4 ah 2000 -m transport -A hmac-sha1 "KAMEKAMEKAMEKAMEKAME" ;
- add 10.6.7.8 10.2.3.4 esp 3000 -m transport -E des-cbc "PASSWORD" ;
- ^D</userinput></screen>
-
- <para>¼ÂºÝ¤Ë¤Ï¡¢¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤Î¥¨¥ó¥È¥ê¤¬ÄêµÁ¤µ¤ì¤ë¤Þ¤Ç¤Ï
- IPsec ¤Ë¤è¤ëÄÌ¿®¤Ï¹Ô¤ï¤ì¤Þ¤»¤ó¡£
- ¤³¤ÎÎã¤Î¾ì¹ç¡¢Î¾Êý¤Î¥Û¥¹¥È¤òÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ <para>IPsec ¤ÏÆó¤Ä¤Î¥µ¥Ö¥×¥í¥È¥³¥ë¤«¤é¹½À®¤µ¤ì¤Þ¤¹¡£</para>
+ <itemizedlist>
+ <listitem>
+ <para><emphasis>Encapsulated Security Payload
+ (ESP)</emphasis> ¤Ï¡¢(Blowfish, 3DES ¤Î¤è¤¦¤Ê)
+ ÂоΰŹ楢¥ë¥´¥ê¥º¥à¤ò»È¤Ã¤Æ¥Ç¡¼¥¿¤ò°Å¹æ²½¤¹¤ë¤³¤È¤Ç¡¢
+ ¥µ¡¼¥É¥Ñ¡¼¥Æ¥£¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤«¤é
+ IP ¥Ñ¥±¥Ã¥È¥Ç¡¼¥¿¤òÊݸ¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Authentication Header (AH)</emphasis>,
+ ¤Ï¡¢°Å¹æ¥Á¥§¥Ã¥¯¥µ¥à¤ò·×»»¤·¡¢IP
+ ¥Ñ¥±¥Ã¥È¤Î¥Ø¥Ã¥É¥Õ¥£¡¼¥ë¥É¤ò°ÂÁ´¤Ê¥Ï¥Ã¥·¥å´Ø¿ô¤Ç¥Ï¥Ã¥·¥å²½¤¹¤ë¤³¤È¤Ç¡¢
+ IP ¥Ñ¥±¥Ã¥È¥Ø¥Ã¥À¤ò¥µ¡¼¥É¥Ñ¡¼¥Æ¥£¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ä¤Ê¤ê¤¹¤Þ¤·¤«¤é¼é¤ê¤Þ¤¹¡£
+ ¥Ï¥Ã¥·¥å¤ò´Þ¤àÄɲäΥإåÀ¤¬Äɲ䵤졢
+ ¥Ñ¥±¥Ã¥È¾ðÊó¤Î¸¡¾Ú¤¬²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ </listitem>
+ </itemizedlist>
+
+ <para><acronym>ESP</acronym> ¤ª¤è¤Ó <acronym>AH</acronym>
+ ¤Ï¡¢»ÈÍѤ¹¤ë´Ä¶¤Ë¹ç¤ï¤»¤Æ¡¢
+ °ì½ï¤Ë»È¤¦¤³¤È¤âÊÌ¡¹¤Ë»È¤¦¤³¤È¤â¤Ç¤¤Þ¤¹¡£</para>
+
+ <para>IPsec ¤Ï¡¢Ä¾ÀÜÆó¤Ä¤Î¥Û¥¹¥È´Ö¤Î¥È¥é¥Õ¥£¥Ã¥¯¤ò°Å¹æ²½¤¹¤ë
+ <emphasis>Transport Mode</emphasis>¡¢¤â¤·¤¯¤Ï¡¢
+ 2 ¤Ä¤Î¶¦Æ±¤¹¤ë¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ç°ÂÁ´¤ËÄÌ¿®¤¹¤ë¤³¤È¤ò²Äǽ¤Ë¤¹¤ë¤è¤¦¤Ë¡¢
+ 2 ¤Ä¤Î¥µ¥Ö¥Í¥Ã¥È´Ö¤Ë <quote>virtual tunnels</quote> ¤ò¹½ÃÛ¤¹¤ë
+ <emphasis>Tunnel Mode</emphasis> ¤Î¤É¤Á¤é¤Ç¤âÍѤ¤¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
+ ¸å¼Ô¤Ï¤è¤ê°ìÈÌŪ¤Ë¤Ï¡¢
+ <emphasis>Virtual Private Network (VPN)</emphasis>
+ ¤È¤·¤ÆÃΤé¤ì¤Æ¤¤¤Þ¤¹¡£
+ FreeBSD ¤Ç¤Î IPsec ¥µ¥Ö¥·¥¹¥Æ¥à¤Ë´Ø¤¹¤ë¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ &man.ipsec.4; ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+
+ <para>¥«¡¼¥Í¥ë¤Ë IPsec ¤Î¥µ¥Ý¡¼¥È¤òÄɲ乤ë¤Ë¤Ï¡¢
+ ¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤Ë°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
+
<screen>
-A ¤Ç:
+options IPSEC #IP security
+options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
+ </screen>
-&prompt.root; <userinput>setkey -c
- spdadd 10.2.3.4 10.6.7.8 any -P out ipsec
- ah/transport/10.2.3.4-10.6.7.8/require ;
- ^D</userinput>
-
-B ¤Ç:
-
-&prompt.root; <userinput>setkey -c
- spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
- esp/transport/10.6.7.8-10.2.3.4/require ;
- spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
- ah/transport/10.6.7.8-10.2.3.4/require ;
- ^D</userinput>
-
-
- ¥Û¥¹¥È A -------------------------------------> ¥Û¥¹¥È B
- 10.2.3.4 10.6.7.8
- | |
- ========== old AH keyed-md5 ==========>
+ <para>IPsec ¤Î¥Ç¥Ð¥Ã¥°¥µ¥Ý¡¼¥È¤¬É¬ÍפǤ¢¤ì¤Ð¡¢
+ °Ê²¼¤Î¥«¡¼¥Í¥ë¥ª¥×¥·¥ç¥ó¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
- <========= new AH hmac-sha1 ===========
- <========= new ESP des-cbc ============
-</screen>
+ <screen>
+options IPSEC_DEBUG #debug for IP security
+ </screen>
</sect2>
<sect2>
- <title>IPv6 ¤Ë¤ª¤±¤ë¥È¥é¥ó¥¹¥Ý¡¼¥È¥â¡¼¥É¤ÎÎã</title>
-
- <para>IPv6 ¤ò»È¤Ã¤¿¤â¤¦°ì¤Ä¤ÎÎã¡£</para>
+ <title>ÌäÂêÅÀ</title>
+
+ <para>VPN ¤Î¹½À®¤Ë¤Ä¤¤¤Æ¤Îɸ½à¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ VPN ¤Ï¡¢¿ô¿¤¯¤Îµ»½Ñ¤È¶¦¤Ë¼ÂÁõ¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£
+ ¤½¤Î³Æµ»½Ñ¤Ë¤Ï¡¢¤½¤ì¼«¿È¤ÎĹ½ê¤Èû½ê¤¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤Îʸ½ñ¤Ç¤Ï¡¢Â¿¤¯¤Î¥·¥Ê¥ê¥ª¤Ë¤Ä¤¤¤Æ¼¨¤·¡¢
+ ³Æ¥·¥Ê¥ê¥ª¤ËÂФ·¤Æ¡¢VPN ¤ò¼ÂÁõ¤¹¤ëÀïά¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£</para>
+ </sect2>
- <para>¥Û¥¹¥È-A ¤È¥Û¥¹¥È-B ´Ö¤Î TCP ¥Ý¡¼¥ÈÈÖ¹æ 110 ÈÖ¤ÎÄÌ¿®¤Ë¤Ï¡¢
- ESP ¥È¥é¥ó¥¹¥Ý¡¼¥È¥â¡¼¥É¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£</para>
+ <sect2>
+ <title>¥·¥Ê¥ê¥ª #1:
+ ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ËÀܳ¤·¤Æ¤¤¤ë 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤¬
+ 1 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤È¤·¤Æ¿¶¤ëÉñ¤¦</title>
+
+ <para>¤³¤ì¤Ï¡¢»ä¤¬ºÇ½é¤Ë VPN ¤òÄ´¤Ù»Ï¤á¤ë¸¶°ø¤È¤Ê¤Ã¤¿¥·¥Ê¥ê¥ª¤Ç¤¹¡£
+ Á°Äó¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¹¡£</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>¾¯¤Ê¤¯¤È¤â 2 ¤Ä¤Î¥µ¥¤¥È¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>¤É¤Á¤é¤ÎºÝ¤È¤âÆâÉô¤Ç IP ¤ò»È¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>2 ¤Ä¤Î¥µ¥¤¥È¤Ï¡¢FreeBSD ¤Ç±¿ÍѤµ¤ì¤Æ¤¤¤ë¥²¡¼¥È¥¦¥§¥¤¤òÄ̤·¤Æ¡¢
+ ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ËÀܳ¤·¤Æ¤¤¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>¤½¤ì¤¾¤ì¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥²¡¼¥È¥¦¥§¥¤¤Ï¡¢
+ ¾¯¤Ê¤¯¤È¤â°ì¤Ä¤Î¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÆâÉô¥¢¥É¥ì¥¹¤Ï¡¢
+ ¥Ñ¥Ö¥ê¥Ã¥¯¤Ç¤â¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤Ç¤â¹½¤¤¤Þ¤»¤ó¡£
+ ɬÍפǤ¢¤ì¤Ð¡¢¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç
+ NAT ¤òÁö¤é¤»¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÆâÉô IP ¥¢¥É¥ì¥¹¤Ï¡¢
+ <emphasis>¾×Æͤ·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó</emphasis>¡£
+ VPN µ»½Ñ¤È NAT ¤òÍѤ¤¤ë¤³¤È¤Ç¡¢ÍýÏÀŪ¤Ë¤Ï¡¢
+ ¤½¤Î¤è¤¦¤Ê¤³¤È¤Ï²Äǽ¤È¹Í¤¨¤Þ¤¹¤¬¡¢
+ ¤½¤ÎÀßÄê¤Ï°Ì´¤Ç¤·¤ç¤¦¡£</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤ò»î¤ß¤¿ºÝ¤Ë¡¢
+ ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ÇƱ¤¸ÈϰϤÎÆâÉô IP
+ ¥¢¥É¥ì¥¹¤¬»È¤ï¤ì¤Æ¤¤¤ë¤³¤È¤Ëµ¤¤Å¤¤¤¿¤é
+ (¤¿¤È¤¨¤Ð¡¢Î¾Êý¤Ç
+ <systemitem class="ipaddress">192.168.1.x</systemitem>
+ ¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç)¡¢
+ ¤É¤Á¤é¤«¤ÎÈÖ¹æ¤ò¿¶¤ê¤Ê¤ª¤¹É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <para>VPN ¤Îʸ½ñ¤Ç¤Ï¡¢Æ±¤¸ ASCII
+ ¥¢¡¼¥È¤ò»È¤¦¤³¤È¤¬¥ë¡¼¥ë¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢
+ ¤³¤Îʸ½ñ¤Ç¤âÎã³°¤Ç¤Ï¤Ê¤¯Æ±Íͤ˥¢¥¹¥¡¼¥¢¡¼¥È¤òÍѤ¤¤Þ¤¹¡£</para>
+
+ <para>¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥Ý¥í¥¸¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
<screen>
- ============ ESP ============
- | |
- ¥Û¥¹¥È-A ¥Û¥¹¥È-B
- fec0::10 -------------------- fec0::11
-</screen>
+Network #1 [ Internal Hosts ] Private Net, 192.168.1.2-254
+ [ Win9x/NT/2K ]
+ [ Unix ]
+ |
+ |
+ .---[fxp1]---. Private IP, 192.168.1.1
+ | FreeBSD |
+ `---[fxp0]---' Public IP, A.B.C.D
+ |
+ |
+ -=-=- Internet -=-=-
+ |
+ |
+ .---[fxp0]---. Public IP, W.X.Y.Z
+ | FreeBSD |
+ `---[fxp1]---' Private IP, 192.168.2.1
+ |
+ |
+Network #2 [ Internal Hosts ]
+ [ Win9x/NT/2K ] Private Net, 192.168.2.2-254
+ [ Unix ]
+ </screen>
+
+ <para>¤Õ¤¿¤Ä¤Î¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤ËÃíÌܤ·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤³¤Îʸ½ñ¤Ç¤Ï¡¢¤³¤ì¤é¤Î IP ¥¢¥É¥ì¥¹¤ò»²¾È¤¹¤ëºÝ¤Ë¤Ï¡¢
+ ¤³¤ì¤é¤Îʸ»ú¤òÍѤ¤¤Þ¤¹¡£
+ ¤³¤Îʸ½ñ¤ÎÃæ¤Ç¡¢¤³¤ì¤é¤Îʸ»ú¤ò¸«¤¿¤é¡¢
+ ¤¢¤Ê¤¿¼«¿È¤Î¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤ËÃÖ¤´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£
+ ÆâÉô¤Ç¤Ï¡¢2 ¤Ä¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢Î¾Êý¤È¤â .1
+ IP ¥¢¥É¥ì¥¹¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£¤½¤·¤Æ¡¢2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¡¢
+ °Û¤Ê¤ë¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤ò»È¤Ã¤Æ¤¤¤Þ¤¹
+ (¤½¤ì¤¾¤ì <systemitem class="ipaddress">192.168.1.x</systemitem>
+ ¤ª¤è¤Ó <systemitem class="ipaddress">192.168.2.x</systemitem>)¡£
+ ¥×¥é¥¤¥Ù¡¼¥È¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤¢¤ë¤¹¤Ù¤Æ¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢
+ ¥Ç¥Õ¥©¥ë¥È¥²¡¼¥È¥¦¥§¥¤¤È¤·¤Æ¡¢
+ <systemitem class="ipaddress">.1</systemitem>
+ ¥³¥ó¥Ô¥å¡¼¥¿¤ò»È¤¦¤è¤¦¤ËÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <para>°Õ¿Þ¤·¤Æ¤¤¤ë¤³¤È¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¤Î´ÑÅÀ¤«¤é¡¢
+ ³Æ¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤¢¤ë¥³¥ó¥Ô¥å¡¼¥¿¤ò¡¢
+ (»þÀޥѥ±¥Ã¥È¤ò¥É¥í¥Ã¥×¤¹¤ë¤è¤¦¤Ê¤ä¤ä¤æ¤Ã¤¯¤ê¤Ê¥ë¡¼¥¿¤Ç¤Ï¤¢¤ê¤Þ¤¹¤¬)
+ Ʊ¤¸¥ë¡¼¥¿¤ËľÀÜÀܳ¤·¤Æ¤¤¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤Ç¤¹¡£</para>
+
+ <para>¤³¤ì¤Ï¡¢¤¿¤È¤¨¤Ð¡¢<systemitem
+ class="ipaddress">192.168.1.20</systemitem> ¤È¤¤¤¦¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢
+ °Ê²¼¤ò¼Â¹Ô¤Ç¤¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
+
+ <programlisting>ping 192.168.2.34</programlisting>
+
+ <para>Æ©²áŪ¤Ë¤³¤ì¤ÏÆ°¤¯¤Ï¤º¤Ç¤¹¡£
+ Windows ¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢Â¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥³¥ó¥Ô¥å¡¼¥¿¤ò¡¢
+ ¥í¡¼¥«¥ë¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥³¥ó¥Ô¥å¡¼¥¿¤ò¸«¤ë¤Î¤È¤Þ¤Ã¤¿¤¯Æ±¤¸¤è¤¦¤Ë¡¢
+ ¸«¤ë¤³¤È¤¬¤Ç¤¡¢¶¦Í¥Õ¥¡¥¤¥ë¤ò¸«¤¿¤ê¤Ç¤¤Þ¤¹¡£</para>
+
+ <para>¤¹¤Ù¤Æ¤Î¤³¤È¤¬°ÂÁ´¤Ë¹Ô¤ï¤ì¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
+ ¤³¤ì¤Ï¡¢2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÄÌ¿®¤¬°Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <para>¤³¤ì¤é¤Î 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ë VPN
+ ¤ò¹½ÃÛ¤¹¤ë¤Ë¤ÏÊ£¿ô¤Î¥×¥í¥»¥¹¤¬É¬ÍפȤʤê¤Þ¤¹¡£
+ ³Æ¥¹¥Æ¡¼¥¸¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
- <para>°Å¹æ²½¥¢¥ë¥´¥ê¥º¥à¤Ï blowfish-cbc ¤Ç¡¢¤½¤Î¸°¤Ï <quote>kamekame</quote>¡¢
- ǧ¾Ú¥¢¥ë¥´¥ê¥º¥à¤Ï hmac-sha1 ¤Ç¡¢¤½¤Î¸°¤Ï <quote>this is the test
- key</quote> ¤È¤·¤Þ¤¹¡£¥Û¥¹¥È-A ¤ÎÀßÄê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-
- <screen>&prompt.root; <userinput>setkey -c <<EOF
- spdadd fec0::10[any] fec0::11[110] tcp -P out ipsec
- esp/transport/fec0::10-fec0::11/use ;
- spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec
- esp/transport/fec0::11-fec0::10/use ;
- add fec0::10 fec0::11 esp 0x10001
- -m transport
- -E blowfish-cbc "kamekame"
- -A hmac-sha1 "this is the test key" ;
- add fec0::11 fec0::10 esp 0x10002
- -m transport
- -E blowfish-cbc "kamekame"
- -A hmac-sha1 "this is the test key" ;
- EOF</userinput></screen>
-
- <para>¤½¤·¤Æ¥Û¥¹¥È-B ¤ÎÀßÄê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-
- <screen>&prompt.root; <userinput>setkey -c <<EOF
- spdadd fec0::11[110] fec0::10[any] tcp -P out ipsec
- esp/transport/fec0::11-fec0::10/use ;
- spdadd fec0::10[any] fec0::11[110] tcp -P in ipsec
- esp/transport/fec0::10-fec0::11/use ;
- add fec0::10 fec0::11 esp 0x10001 -m transport
- -E blowfish-cbc "kamekame"
- -A hmac-sha1 "this is the test key" ;
- add fec0::11 fec0::10 esp 0x10002 -m transport
- -E blowfish-cbc "kamekame"
- -A hmac-sha1 "this is the test key" ;
- EOF</userinput></screen>
-
- <para>SP ¤ÎÊý¸þ¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+ <orderedlist>
+ <listitem>
+ <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ò·Ðͳ¤·¤Æ¡¢"virtual"
+ ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥ê¥ó¥¯¤òºîÀ®¤·¤Þ¤¹¡£
+ ¤½¤ì¤¬Å¬ÀÚ¤ËÆ°¤¤¤Æ¤¤¤ë¤³¤È¤ò &man.ping.8;
+ ¤Î¤è¤¦¤Ê¥Ä¡¼¥ë¤ò»È¤Ã¤Æ¡¢»î¸³¤ò¹Ô¤¤¤Þ¤¹¡£</para>
+ </listitem>
+
+ <listitem>
+ <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ç¡¢
+ ɬÍפ˱þ¤¸¤ÆÆ©²áŪ¤Ë°Å¹æ²½¡¢
+ Éü¹æ²½¤òÊݾڤ¹¤ë¤è¤¦¤Ë¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤òŬÍѤ·¤Þ¤¹¡£
+ &man.tcpdump.1; ¤Î¤è¤¦¤Ê¥Ä¡¼¥ë¤ò»È¤Ã¤Æ¡¢
+ ÄÌ¿®¤¬°Å¹æ²½¤µ¤ì¤Æ¤¤¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>FreeBSD ¥²¡¼¥È¥¦¥§¥¤¤Ë¤Æ¡¢Windows ¤Î¥³¥ó¥Ô¥å¡¼¥¿¤¬ VPN
+ ¤òÄ̤·¤Æ¾¤Î¥³¥ó¥Ô¥å¡¼¥¿¤ò¸«¤ë¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤ËÄɲäΥ½¥Õ¥È¥¦¥§¥¢¤òÀßÄꤷ¤Þ¤¹¡£</para>
+ </listitem>
+ </orderedlist>
</sect2>
<sect2>
- <title>IPv4 ¤Ë¤ª¤±¤ë¥È¥ó¥Í¥ë¥â¡¼¥É¤ÎÎã</title>
-
- <para>2 Âæ¤Î¥»¥¥å¥ê¥Æ¥£¥²¡¼¥È¥¦¥§¥¤´Ö¤Î¥È¥ó¥Í¥ë¥â¡¼¥É</para>
-
- <para>¥»¥¥å¥ê¥Æ¥£¥×¥í¥È¥³¥ë¤Ï old AH ¥È¥ó¥Í¥ë¥â¡¼¥É¡¢¤¹¤Ê¤ï¤Á
- RFC1826 ¤Ç»ØÄꤵ¤ì¤ë¤â¤Î¤Ç¤¹¡£Ç§¾Ú¥¢¥ë¥´¥ê¥º¥à¤Ï <quote>this is the
- test</quote> ¤ò¸°¤È¤¹¤ë keyed-md5 ¤Ç¤¹¡£</para>
+ <title>¥¹¥Æ¥Ã¥× 1: <quote>virtual</quote>
+ ¥Í¥Ã¥È¥ï¡¼¥¯¥ê¥ó¥¯¤ÎºîÀ®</title>
- <screen>
- ======= AH =======
- | |
- ¥Í¥Ã¥È¥ï¡¼¥¯-A ¥²¡¼¥È¥¦¥§¥¤-A ¥²¡¼¥È¥¦¥§¥¤-B ¥Í¥Ã¥È¥ï¡¼¥¯-B
- 10.0.1.0/24 ---- 172.16.0.1 ----- 172.16.0.2 ---- 10.0.2.0/24
-</screen>
+ <para>¥Í¥Ã¥È¥ï¡¼¥¯ #1
+ ¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ë¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£
+ ¤³¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Î¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤Ï
+ <systemitem class="ipaddress">A.B.C.D</systemitem>¡¢
+ ¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤Ï
+ <systemitem class="ipaddress">192.168.1.1</systemitem> ¤Ç¤¹¡£
+ <systemitem class="ipaddress">W.X.Y.Z</systemitem>
+ ¤Î IP ¥¢¥É¥ì¥¹¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Î¥×¥é¥¤¥Ù¡¼¥È¥¢¥É¥ì¥¹¤ËÂФ·
+ <command>ping 192.168.2.1</command>
+ ¤ò¼Â¹Ô¤·¤¿¤È¤·¤Þ¤¹¡£
+ ¤³¤Î¥³¥Þ¥ó¥É¤¬À®¸ù¤¹¤ë¤Ë¤Ï²¿¤¬É¬ÍפǤ·¤ç¤¦¤«¡©</para>
- <para>¥²¡¼¥È¥¦¥§¥¤-A ¤Ë¤ª¤±¤ëÀßÄê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ <orderedlist>
+ <listitem>
+ <para>¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢¤É¤Î¤è¤¦¤Ë
+ <systemitem class="ipaddress">192.168.2.1</systemitem>
+ ¤Ë㤹¤ë¤«¤òÃΤäƤ¤¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
+ ¸À¤¤´¹¤¨¤ë¤È¡¢
+ <systemitem class="ipaddress">192.168.2.1</systemitem>
+ ¤Ø¤Î·ÐÏ©¤òÃΤäƤ¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem class="ipaddress">192.168.x</systemitem>
+ ¤Î¤è¤¦¤ÊÈϰϤΥץ饤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤Ï¹¤¤¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ç¤Ï¡¢
+ »È¤ï¤ì¤ë¤³¤È¤ÏÁÛÄꤵ¤ì¤Æ¤¤¤Þ¤»¤ó¡£
+ ¤½¤Î¤«¤ï¤ê¡¢
+ <systemitem class="ipaddress">192.168.2.1</systemitem>
+ ¤ËÁ÷¿®¤·¤¿³Æ¥Ñ¥±¥Ã¥È¤Ï¡¢Â¾¤Î¥Ñ¥±¥Ã¥È¤ËÊñ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤Î¥Ñ¥±¥Ã¥È¤Ï <systemitem class="ipaddress">A.B.C.D</systemitem>
+ ¤«¤é¡¢
+ <systemitem class="ipaddress">W.X.Y.Z</systemitem>
+ ¤Ø¤ÈÁ÷¤é¤ì¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤Î¥×¥í¥»¥¹¤Ï¡¢
+ <systemitem class="ipaddress">¥«¥×¥»¥ë²½</systemitem>
+ ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>¤³¤Î¥Ñ¥±¥Ã¥È¤¬
+ <systemitem class="ipaddress">W.X.Y.Z</systemitem> ¤ËÆϤ¯¤È¡¢
+ <quote>È󥫥ץ»¥ë²½</quote> ¤µ¤ì¡¢
+ <systemitem class="ipaddress">192.168.2.1</systemitem>
+ ¤ËÁ÷¿®¤µ¤ì¤Þ¤¹¡£</para>
+ </listitem>
+ </orderedlist>
- <screen>&prompt.root; <userinput>setkey -c <<EOF
- spdadd 10.0.1.0/24 10.0.2.0/24 any -P out ipsec
- ah/tunnel/172.16.0.1-172.16.0.2/require ;
- spdadd 10.0.2.0/24 10.0.1.0/24 any -P in ipsec
- ah/tunnel/172.16.0.2-172.16.0.1/require ;
- add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any
- -A keyed-md5 "this is the test" ;
- add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any
- -A keyed-md5 "this is the test" ;
-
-EOF</userinput></screen>
-
- <para>¾åµ¤ÎÎã¤Î¤è¤¦¤Ë¡¢¤â¤·¥Ý¡¼¥ÈÈÖ¹æ¥Õ¥£¡¼¥ë¥É¤ò½ñ¤«¤Ê¤¤¤È¡¢
- <literal>[any]</literal> ¤ÈƱ¤¸°ÕÌ£¤Ë¤Ê¤ê¤Þ¤¹¡£<literal>-m</literal> ¤Ï»ÈÍѤµ¤ì¤ë SA
- ¤Î¥â¡¼¥É¤ò»ØÄꤷ¤Þ¤¹¡£<literal>-m any</literal>
- ¤Ï¥»¥¥å¥ê¥Æ¥£¥×¥í¥È¥³¥ë¤Î¥â¡¼¥É¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¤ò°ÕÌ£¤·¤Þ¤¹¡£
- ¤³¤Î SA ¤ò¥È¥ó¥Í¥ë¥â¡¼¥É¤È¥È¥é¥ó¥¹¥Ý¡¼¥È¥â¡¼¥É¤ÎξÊý¤Ç»ÈÍѤǤ¤Þ¤¹¡£</para>
-
- <para>¤½¤·¤Æ¥²¡¼¥È¥¦¥§¥¤-B ¤Ç¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-
- <screen>&prompt.root; <userinput>setkey -c <<EOF
- spdadd 10.0.2.0/24 10.0.1.0/24 any -P out ipsec
- ah/tunnel/172.16.0.2-172.16.0.1/require ;
- spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
- ah/tunnel/172.16.0.1-172.16.0.2/require ;
- add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any
- -A keyed-md5 "this is the test" ;
- add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any
- -A keyed-md5 "this is the test" ;
-
-EOF</userinput></screen>
-
- <para>ÆóÂæ¤Î¥»¥¥å¥ê¥Æ¥£¥²¡¼¥È¥¦¥§¥¤´Ö¤Î SA ¤Î«¤ÎºîÀ®</para>
-
- <para>¥²¡¼¥È¥¦¥§¥¤-A ¤È¥²¡¼¥È¥¦¥§¥¤-B ¤Î´Ö¤Ç¤Ï¡¢
- AH ¥È¥é¥ó¥¹¥Ý¡¼¥È¥â¡¼¥É¤È ESP ¥È¥ó¥Í¥ë¥â¡¼¥É¤¬Í׵ᤵ¤ì¤Þ¤¹¡£
- ¤³¤ÎÎã¤Ç¤Ï¡¢¤Þ¤º ESP ¥È¥ó¥Í¥ë¥â¡¼¥É¤¬Å¬ÍѤµ¤ì¡¢¼¡¤Ë
- AH ¥È¥é¥ó¥¹¥Ý¡¼¥È¥â¡¼¥É¤¬Å¬ÍѤµ¤ì¤Þ¤¹¡£</para>
+ <para>¤³¤ì¤Ï¡¢2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Ç¡¢ <quote>tunnel</quote>
+ ¤¬É¬ÍפȤ¤¤¦¤³¤È¤ò¼¨¤·¤Æ¤¤¤Þ¤¹¡£Æó¤Ä¤Î "¥È¥ó¥Í¥ë¥Þ¥¦¥¹" ¤Ï¡¢
+ IP ¥¢¥É¥ì¥¹
+ <systemitem class="ipaddress">A.B.C.D</systemitem> ¤È
+ <systemitem class="ipaddress">W.X.Y.Z</systemitem>
+ ¤Ç¤¹¡£
+ ¤½¤·¤Æ¡¢¥È¥ó¥Í¥ë¤Ï¡¢¤³¤ì¤ò¥Ñ¥¹¥¹¥ë¡¼¤¹¤ë¤³¤È¤òµöÍƤ¹¤ë¥×¥é¥¤¥Ù¡¼¥È
+ IP ¥¢¥É¥ì¥¹¤Î¥¢¥É¥ì¥¹¤¬»ØÄꤵ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¥È¥ó¥Í¥ë¤Ï¡¢¥Ñ¥Ö¥ê¥Ã¥¯¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ò·Ðͳ¤·¤Æ¡¢
+ ¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤ÇÁ÷¿®¤¹¤ë»þ¤Ë»È¤ï¤ì¤Þ¤¹¡£</para>
+
+ <para>¤³¤Î¥È¥ó¥Í¥ë¤Ï¡¢°ìÈÌŪ¤Ê¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤â¤·¤¯¤Ï¡¢FreeBSD ¤Ç¤Ï
+ gif ¥Ç¥Ð¥¤¥¹¤ÇºîÀ®¤µ¤ì¤Þ¤¹¡£
+ ÁÛÁüÄ̤ꡢ³Æ¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Î gif
+ ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ï¡¢4 ¤Ä¤Î IP ¥¢¥É¥ì¥¹¤ÇÀßÄꤵ¤ì¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
+ 2 ¤Ä¤Ï¥Ñ¥Ö¥ê¥Ã¥¯ IP ¥¢¥É¥ì¥¹¤Ç¡¢
+ 2 ¤Ä¤Ï¥×¥é¥¤¥Ù¡¼¥È¤Î IP ¥¢¥É¥ì¥¹¤Ç¤¹¡£</para>
+
+ <para>ξÊý¤Î FreeBSD ¥«¡¼¥Í¥ë¤Ç
+ gif ¥Ç¥Ð¥¤¥¹¤Î¥µ¥Ý¡¼¥È¤òÁȤßÆþ¤ì¤Æ¥³¥ó¥Ñ¥¤¥ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ °Ê²¼¤Î¹Ô¤ò²Ã¤¨¤ë¤³¤È¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£</para>
+
+ <programlisting>pseudo-device gif</programlisting>
+
+ <para>ξÊý¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Î¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤Ë¾åµ¤Î¹Ô¤ò²Ã¤¨¡¢
+ ¥³¥ó¥Ñ¥¤¥ë¡¢¥¤¥ó¥¹¥È¡¼¥ë¤·¡¢Ä̾ïÄ̤êºÆµ¯Æ°¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+
+ <para>¥È¥ó¥Í¥ë¤ÎÀßÄê¤Ï 2 ¤Ä¤Î¥×¥í¥»¥¹¤Ç¹Ô¤¤¤Þ¤¹¡£
+ ºÇ½é¤Ï¡¢&man.gifconfig.8; ¤ò»È¤Ã¤Æ¡¢
+ ³°Éô (¥Ñ¥Ö¥ê¥Ã¥¯) IP ¥¢¥É¥ì¥¹¤òÀßÄꤹ¤ë¤·¤Þ¤¹¡£
+ ¤½¤Î¸å¡¢¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤ò
+ &man.ifconfig.8; ¤ò»È¤Ã¤ÆÀßÄꤷ¤Þ¤¹¡£</para>
+
+ <para>¥Í¥Ã¥È¥ï¡¼¥¯ #1 ¤Ë¤¢¤ë¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç°Ê²¼¤Î
+ 2 ¤Ä¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥È¥ó¥Í¥ë¤òºîÀ®¤·¤Þ¤¹¡£</para>
+
+ <programlisting>gifconfig gif0 A.B.C.D W.X.Y.Z
+ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 0xffffffff
+ </programlisting>
+
+ <para>¤â¤¦ÊÒÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¡¢
+ IP ¥¢¥É¥ì¥¹¤Î½ç¤òµÕ¤Ë¤·¤ÆƱ¤¸¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£</para>
+
+ <programlisting>gifconfig gif0 W.X.Y.Z A.B.C.D
+ifconfig gif0 inet 192.168.2.1 192.168.1.1 netmask 0xffffffff
+ </programlisting>
+
+ <para>°Ê²¼¤ò¼Â¹Ô¤·¤Æ¡¢ÀßÄê¤ò³Îǧ¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+
+ <programlisting>gifconfig gif0</programlisting>
+
+ <para>¤¿¤È¤¨¤Ð¡¢¥Í¥Ã¥È¥ï¡¼¥¯ #1 ¤Î¥²¡¼¥È¥¦¥§¥¤¤Ë¤ª¤¤¤Æ¤Ï¡¢
+ °Ê²¼¤Î¤è¤¦¤Ë³Îǧ¤Ç¤¤Þ¤¹¡£</para>
+
+ <screen>&prompt.root; gifconfig gif0
+gif0: flags=8011<UP,POINTTOPOINT,MULTICAST> mtu 1280
+inet 192.168.1.1 --> 192.168.2.1 netmask 0xffffffff
+physical address inet A.B.C.D --> W.X.Y.Z
+ </screen>
+
+ <para>½ÐÎϤ«¤é¤ï¤«¤ë¤è¤¦¤Ë¡¢
+ ʪÍý¥¢¥É¥ì¥¹
+ <systemitem class="ipaddress">A.B.C.D</systemitem> ¤È
+ <systemitem class="ipaddress">W.X.Y.Z</systemitem>
+ ¤Î´Ö¤Ë¥È¥ó¥Í¥ë¤¬ºîÀ®¤µ¤ì¡¢
+ <systemitem class="ipaddress">192.168.1.1</systemitem> ¤È
+ <systemitem class="ipaddress">192.168.2.1</systemitem>
+ ¤Î´Ö¤ÎÄÌ¿®¤¬¥È¥ó¥Í¥ë¤Çµö²Ä¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <para>ξÊý¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Î¥ë¡¼¥Æ¥£¥ó¥°¥Æ¡¼¥Ö¥ë¤Ë¥¨¥ó¥È¥ê¤¬Äɲ䵤ì¤Þ¤·¤¿¡£
+ "netstat -rn" ¤Ç³Îǧ¤Ç¤¤Þ¤¹¡£
+ ¥Í¥Ã¥È¥ï¡¼¥¯ #1
+ ¤Î¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Ç¤Î½ÐÎϤϰʲ¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+
+ <screen>&prompt.root; netstat -rn
+Routing tables
+
+Internet:
+Destination Gateway Flags Refs Use Netif Expire
+...
+192.168.2.1 192.168.1.1 UH 0 0 gif0
+...
+ </screen>
+
+ <para><quote>Flags</quote> ¤ÎÃͤ¬¼¨¤¹¤è¤¦¤Ë¡¢
+ ¤³¤ì¤Ï¥Û¥¹¥È¤Î¥ë¡¼¥È¤Ç¡¢
+ ³Æ¥²¡¼¥È¥¦¥§¥¤¤Ï¾¤Î¥²¡¼¥È¥¦¥§¥¤¤È¤É¤Î¤è¤¦¤ËÄÌ¿®¤¹¤ì¤ÐÎɤ¤¤«¤òÃΤäƤ¤¤Þ¤¹¤¬¡¢
+ ¾¤Î´ØÏ¢¤¹¤ë¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤ÎÄÌ¿®¤òÃΤé¤Ê¤¤¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£
+ ¤³¤ÎÌäÂê¤Ï¡¢¤¹¤°¤Ë²ò·è¤µ¤ì¤Þ¤¹¡£</para>
+
+ <para>ξÊý¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ç¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òÀßÄꤷ¤Æ¤¤¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
+ VPN ¥È¥é¥Õ¥£¥Ã¥¯¤Î¤¿¤á¤Ë¤Ï¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò±ª²ó¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Î¤¹¤Ù¤Æ¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òµö²Ä¤¹¤ë¤«¡¢VPN
+ ¤ÎËöü¤ò¤ª¸ß¤¤Êݸ¤ë¤è¤¦¤Ê¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥ë¡¼¥ë¤òÄɲä·¤¿¤¤¤È»×¤¦¤Ç¤·¤ç¤¦¡£</para>
+
+ <para>¤¹¤Ù¤Æ¤Î VPN
+ ¤ò·Ðͳ¤¹¤ë¥È¥é¥Õ¥£¥Ã¥¯¤òµöÍƤ¹¤ë¤è¤¦¤Ê¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òÀßÄꤹ¤ë¤È¡¢
+ ¥Æ¥¹¥È¤òÂ礤¯´Êά²½¤Ç¤¤Þ¤¹¡£
+ ¸å¤Ç¤¤¤Ä¤Ç¤â¡¢¥»¥¥å¥ê¥Æ¥£¤ò¶¯²½¤Ç¤¤Þ¤¹¡£
+ ¤â¤·¡¢¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç ipfw (8) ¤òÍѤ¤¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢
+ °Ê²¼¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤Ç¡¢
+ ¾¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥ë¡¼¥ë¤Ë±Æ¶Á¤¹¤ë¤³¤È¤Ê¤¯¡¢
+ VPN ¤ÎËöü¤Î´Ö¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òµö²Ä¤·¤Þ¤¹¡£</para>
+
+ <programlisting>ipfw add 1 allow ip from any to any via gif0</programlisting>
+
+ <para>ξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¤³¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <para>³Æ¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¾¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤ËÂФ·¤Æ¡¢
+ ping ¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ì¤Ð½½Ê¬¤Ç¤¹¡£
+ <systemitem class="ipaddress">192.168.1.1</systemitem>
+ ¤Ë¤ª¤¤¤Æ¡¢°Ê²¼¤ò¼Â¹Ô¤¬²Äǽ¤Ç</para>
+
+ <programlisting>ping 192.168.2.1</programlisting>
+
+ <para>¤½¤·¤Æ¡¢¥ì¥¹¥Ý¥ó¥¹¤ò¼õ¤±¼è¤ì¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ Ʊ¤¸¤³¤È¤ò¾¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¼Â¹Ô¤Ç¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <para>¤·¤«¤·¤Ê¤¬¤é¡¢³Æ¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÆâÉô¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ë¥¢¥¯¥»¥¹¤Ï¤Þ¤À¤Ç¤¤Þ¤»¤ó¡£
+ ¤³¤ì¤Ï¡¢
+ ¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤¬¤ª¸ß¤¤¤Ë¥¢¥¯¥»¥¹¤¹¤ëÊýË¡¤òÃΤäƤ¤¤ë¤¬¡¢
+ ³Æ¥²¡¼¥È¥¦¥§¥¤¤Î±ü¤Ë¤¢¤ë¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¥¢¥¯¥»¥¹¤¹¤ëÊýË¡¤òÃΤé¤Ê¤¤¤È¤¤¤¦¡¢
+ ¥ë¡¼¥Æ¥£¥ó¥°¤Ëµ¯°ø¤·¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <para>¤³¤ÎÌäÂê¤ò²ò·è¤¹¤ë¤Ë¤Ï¡¢
+ ÀÅŪ¥ë¡¼¥È¤ò³Æ¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤ËÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤Î¤¿¤á¤ËºÇ½é¤Î¥²¡¼¥È¥¦¥§¥¤¤Ç¹Ô¤¦¥³¥Þ¥ó¥É¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+
+ <programlisting>route add 192.168.2.0 192.168.2.1 netmask 0xffffff00
+ </programlisting>
+
+ <para>¤³¤Î¥³¥Þ¥ó¥É¤Î°ÕÌ£¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯
+ <quote><systemitem class="ipaddress">192.168.2.0</systemitem>
+ ¤Î¥Û¥¹¥È¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤Ë¤Ï¡¢¥Ñ¥±¥Ã¥È¤ò
+ <systemitem class="ipaddress">192.168.2.1</systemitem>
+ ¤Î¥Û¥¹¥È¤ËÁ÷¤ë</quote> ¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£
+ ¤â¤¦ÊÒÊý¤Î¥²¡¼¥È¥¦¥§¥¤¤Ç¤Ï¡¢Æ±ÍͤΥ³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤½¤Î¾ì¹ç¤Ë¤Ï¡¢¤«¤ï¤ê¤Ë¡¢
+ <systemitem class="ipaddress">192.168.1.x</systemitem>
+ ¥¢¥É¥ì¥¹¤ò»È¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <para>¤³¤ì¤Ç¡¢ÊÒÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¥Û¥¹¥È¤«¤é¤Î IP ¥È¥é¥Õ¥£¥Ã¥¯¤Ï¡¢
+ ¤â¤¦ÊÒÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¥Û¥¹¥È¤ËÆϤ¯¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+
+ <para>2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Î
+ <quote>virtual</quote> ¤ª¤è¤Ó
+ <quote>network</quote> ¤Ë¤Ä¤¤¤Æ¹½ÃۤǤ¤¿¤Î¤Ç¡¢
+ VPN ¤Ë¤Ä¤¤¤Æ¡¢2/3 ¤¬¹½ÃÛ¤µ¤ì¤Þ¤·¤¿¡£»Ä¤ê¤Ï private ¤Ç¤¹¡£
+ &man.ping.8; ¤ª¤è¤Ó &man.tcpdump.1; ¤ò»È¤Ã¤Æ»î¸³¤Ç¤¤Þ¤¹¡£
+ ¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Ë¥í¥°¥¤¥ó¤·¤Æ°Ê²¼¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+
+ <programlisting>tcpdump dst host 192.168.2.1</programlisting>
+
+ <para>Ʊ¤¸¥Û¥¹¥È¤Î¾¤Î¥í¥°¥¤¥ó¥»¥Ã¥·¥ç¥ó¤Ç¡¢
+ °Ê²¼¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+
+ <programlisting>ping 192.168.2.1</programlisting>
+
+ <para>°Ê²¼¤Î¤è¤¦¤Ê½ÐÎϤ¬É½¼¨¤µ¤ì¤Þ¤¹¡£</para>
+
+ <programlisting>
+16:10:24.018080 192.168.1.1 > 192.168.2.1: icmp: echo request
+16:10:24.018109 192.168.1.1 > 192.168.2.1: icmp: echo reply
+16:10:25.018814 192.168.1.1 > 192.168.2.1: icmp: echo request
+16:10:25.018847 192.168.1.1 > 192.168.2.1: icmp: echo reply
+16:10:26.028896 192.168.1.1 > 192.168.2.1: icmp: echo request
+16:10:26.029112 192.168.1.1 > 192.168.2.1: icmp: echo reply
+ </programlisting>
+
+ <para>¤³¤Î½ÐÎϤ«¤é¤ï¤«¤ë¤è¤¦¤Ë¡¢ICMP ¥á¥Ã¥»¡¼¥¸¤¬Ìá¤ê¡¢
+ Éü¹æ²½¤µ¤ì¤Þ¤¹¡£
+ &man.tcpdump.1; ¤Ë <option>-s</option> ¥Ñ¥é¥á¡¼¥¿¤òÍѤ¤¤ë¤È¡¢
+ ¥Ñ¥±¥Ã¥È¤«¤é¿¤¯¤Î¥Ç¡¼¥¿¤òÊᤨ¡¢
+ ¤è¤ê¿¤¯¤Î¾ðÊó¤òÆÀ¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
+
+ <para>ÌÀ¤é¤«¤Ë¤³¤ì¤Ï¡¢¼õ¤±Æþ¤ì¤é¤ì¤ë¤â¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ ¼¡¤ÎÀá¤Ç¤Ï¡¢2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯´Ö¤Î¥ê¥ó¥¯¤Ë¤Ä¤¤¤Æ¡¢
+ ¤¹¤Ù¤Æ¤ÎÄÌ¿®¤¬¼«Æ°Åª¤Ë°Å¹æ²½¤µ¤ì¤ë¤è¤¦¤Ë°ÂÁ´¤Ë¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£</para>
- <screen>
- ========== AH =========
- | ======= ESP ===== |
- | | | |
- ¥Í¥Ã¥È¥ï¡¼¥¯-A ¥²¡¼¥È¥¦¥§¥¤-A ¥²¡¼¥È¥¦¥§¥¤-B ¥Í¥Ã¥È¥ï¡¼¥¯-B
- fec0:0:0:1::/64 --- fec0:0:0:1::1 ---- fec0:0:0:2::1 --- fec0:0:0:2::/64
-</screen>
+ <itemizedlist>
+ <title>¤Þ¤È¤á</title>
+ <listitem>
+ <para>ξÊý¤Î¥«¡¼¥Í¥ë¤ò <quote>pseudo-device
+ gif</quote> ¤Ç¹½ÃÛ¤·¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È #1 ¤Î <filename>/etc/rc.conf</filename>
+ ¤òÊÔ½¸¤·¤Æ¡¢°Ê²¼¤Î¹Ô¤ò (ɬÍפ˱þ¤¸¤Æ IP ¥¢¥É¥ì¥¹¤òÊѹ¹¤·¤Æ)
+ Äɲä·¤Þ¤¹¡£</para>
+ <programlisting>gifconfig_gif0="A.B.C.D W.X.Y.Z"
+ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff"
+static_routes="vpn"
+route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00"
+ </programlisting>
+ </listitem>
+ <listitem>
+ <para>ξÊý¤Î¥Û¥¹¥È¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥¹¥¯¥ê¥×¥È
+ (<filename>/etc/rc.firewall</filename> ¤Ê¤É)
+ ¤òÊÔ½¸¤·¤Æ°Ê²¼¤òÄɲä·¤Þ¤¹¡£</para>
+
+ <programlisting>ipfw add 1 allow ip from any to any via gif0</programlisting>
+ </listitem>
+ <listitem>
+ <para>ƱÍͤÎÊѹ¹¤ò¡¢¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È #2 ¤Î
+ <filename>/etc/rc.conf</filename>
+ ¤Ë¤ª¤¤¤Æ¤â¹Ô¤¤¤Þ¤¹¡£
+ ¤³¤³¤Ç¡¢IP ¥¢¥É¥ì¥¹¤Î½çÈ֤ϵդˤ·¤Þ¤¹¡£</para>
+ </listitem>
+ </itemizedlist>
</sect2>
<sect2>
- <title>IPv6 ¤Ë¤ª¤±¤ë¥È¥ó¥Í¥ë¥â¡¼¥É¤ÎÎã</title>
-
- <para>°Å¹æ²½¥¢¥ë¥´¥ê¥º¥à¤Ï 3des-cbc, ESP ¤Îǧ¾Ú¥¢¥ë¥´¥ê¥º¥à¤Ï
- hmac-sha1 ¤È¤·¤Þ¤¹¡£AH ¤Îǧ¾Ú¥¢¥ë¥´¥ê¥º¥à¤Ï hmac-md5 ¤È¤·¤Þ¤¹¡£
- ¥²¡¼¥È¥¦¥§¥¤-A ¤Ç¤ÎÀßÄê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-
- <screen>&prompt.root; <userinput>setkey -c <<EOF
- spdadd fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out ipsec
- esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require
- ah/transport/fec0:0:0:1::1-fec0:0:0:2::1/require ;
- spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
- esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require
- ah/transport/fec0:0:0:2::1-fec0:0:0:1::1/require ;
- add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10001 -m tunnel
- -E 3des-cbc "kamekame12341234kame1234"
- -A hmac-sha1 "this is the test key" ;
- add fec0:0:0:1::1 fec0:0:0:2::1 ah 0x10001 -m transport
- -A hmac-md5 "this is the test" ;
- add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10001 -m tunnel
- -E 3des-cbc "kamekame12341234kame1234"
- -A hmac-sha1 "this is the test key" ;
- add fec0:0:0:2::1 fec0:0:0:1::1 ah 0x10001 -m transport
- -A hmac-md5 "this is the test" ;
-
- EOF</userinput></screen>
-
- <para>°Û¤Ê¤ëÄÌ¿®Ã¼¤Ç¤Î SA ¤ÎºîÀ®</para>
-
- <para>¥Û¥¹¥È-A ¤È¥²¡¼¥È¥¦¥§¥¤-A ¤Î´Ö¤Ç¤Ï
- ESP ¥È¥ó¥Í¥ë¥â¡¼¥É¤¬Í׵ᤵ¤ì¤Æ¤¤¤Þ¤¹¡£°Å¹æ²½¥¢¥ë¥´¥ê¥º¥à¤Ï
- cast128-cbc ¤Ç¡¢ESP ¤Îǧ¾Ú¥¢¥ë¥´¥ê¥º¥à¤Ï hmac-sha1
- ¤Ç¤¹¡£¥Û¥¹¥È-A ¤È¥Û¥¹¥È-B ¤È¤Î´Ö¤Ç¤Ï
- ESP ¥È¥é¥ó¥¹¥Ý¡¼¥È¥â¡¼¥É¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
- °Å¹æ²½¥¢¥ë¥´¥ê¥º¥à¤Ï rc5-cbc ¤Ç¡¢ESP
- ¤Îǧ¾Ú¥¢¥ë¥´¥ê¥º¥à¤Ï hmac-md5 ¤Ç¤¹¡£</para>
+ <title>¥¹¥Æ¥Ã¥× 2: ¥ê¥ó¥¯¤ò°ÂÁ´¤Ë¤¹¤ë¡£</title>
- <screen>
- ================== ESP =================
- | ======= ESP ======= |
- | | | |
- ¥Û¥¹¥È-A ¥²¡¼¥È¥¦¥§¥¤-A ¥Û¥¹¥È-B
- fec0:0:0:1::1 ---- fec0:0:0:2::1 ---- fec0:0:0:2::2
-</screen>
+ <para>¥ê¥ó¥¯¤ò°ÂÁ´¤Ë¤¹¤ë¤¿¤á¤Ë¡¢IPSec ¤òÍѤ¤¤Þ¤¹¡£
+ IPSec ¤Ï¡¢2 ¤Ä¤Î¥Û¥¹¥È¤¬°Å¹æ¸°¤Ë¹ç°Õ¤·¡¢
+ ¤½¤Î¸°¤ò 2
+ ¤Ä¤Î¥Û¥¹¥È¤Î´Ö¤Ç¥Ç¡¼¥¿¤ò°Å¹æ²½¤¹¤ë¤Î¤ËÍѤ¤¤ë¥á¥«¥Ë¥º¥à¤òÄ󶡤·¤Þ¤¹¡£</para>
- <para>¥Û¥¹¥È-A ¤Ç¤ÎÀßÄê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ <para>¤³¤³¤Ç¤Ï¡¢ÀßÄê¤ò¹Ô¤¦¾å¤Ç¹Íθ¤¹¤Ù¤Îΰ褬 2 ¤Ä¤¢¤ê¤Þ¤¹¡£</para>
- <screen>&prompt.root; <userinput>setkey -c <<EOF
- spdadd fec0:0:0:1::1[any] fec0:0:0:2::2[80] tcp -P out ipsec
- esp/transport/fec0:0:0:1::1-fec0:0:0:2::2/use
- esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require ;
- spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in ipsec
- esp/transport/fec0:0:0:2::2-fec0:0:0:l::1/use
- esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ;
- add fec0:0:0:1::1 fec0:0:0:2::2 esp 0x10001
- -m transport
- -E cast128-cbc "12341234"
- -A hmac-sha1 "this is the test key" ;
- add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10002
- -E rc5-cbc "kamekame"
- -A hmac-md5 "this is the test" ;
- add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003
- -m transport
- -E cast128-cbc "12341234"
- -A hmac-sha1 "this is the test key" ;
- add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004
- -E rc5-cbc "kamekame"
- -A hmac-md5 "this is the test" ;
+ <orderedlist>
+ <listitem>
+ <para>2 ¤Ä¤Î¥Û¥¹¥È¤Ç¡¢
+ ÍѤ¤¤ë°Å¹æ¥á¥«¥Ë¥º¥à¤Ë¹ç°Õ¤¹¤ë¥á¥«¥Ë¥º¥à¤¬É¬ÍפǤ¹¡£
+ 2 ¤Ä¤Î¥Û¥¹¥È¤¬°ìÅÙ¤³¤Î¥á¥«¥Ë¥º¥à¤Ë¹ç°Õ¤·¤¿¤é¡¢
+ ¤³¤ì¤é¤Î´Ö¤Ç "¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó"
+ ¤¬³ÎΩ¤µ¤ì¤¿¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ </listitem>
+ <listitem>
+ <para>¤É¤Î¥È¥é¥Õ¥£¥Ã¥¯¤ò°Å¹æ²½¤¹¤ë¤«¤òÆÃÄꤹ¤ë¥á¥«¥Ë¥º¥à¤¬É¬ÍפȤʤê¤Þ¤¹¡£
+ ³°¸þ¤¤Î¥È¥é¥Õ¥£¥Ã¥¯¤Î¤¹¤Ù¤Æ¤ò°Å¹æ²½¤¹¤ëɬÍפϤʤ¤¤Î¤ÏÌÀ¤é¤«¤Ç¤¹¡£
+ -- VPN ¤Ë´Ø·¸¤¹¤ë¥È¥é¥Õ¥£¥Ã¥¯¤Î¤ß¤ò°Å¹æ²½¤¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Þ¤¹¡£
+ ¤É¤Î¥È¥é¥Õ¥£¥Ã¥¯¤ò°Å¹æ¤¹¤Ù¤¤«¤ò·è¤á¤ë¤¿¤á¤ËƳÆþ¤µ¤ì¤ë¥ë¡¼¥ë¤ò
+ <quote>¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·</quote> ¤È¸Æ¤Ó¤Þ¤¹¡£</para>
+ </listitem>
+ </orderedlist>
+
+ <para>¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤ª¤è¤Ó¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤ÎξÊý¤Ï¡¢
+ ¥«¡¼¥Í¥ë¤Ë¤è¤ê´ÉÍý¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤½¤·¤Æ¡¢¥æ¡¼¥¶¥é¥ó¥É¥×¥í¥°¥é¥à¤Ë¤è¤ê¡¢
+ Êѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
+ ¤·¤«¤·¤Ê¤¬¤é¡¢¤³¤ì¤ò¹Ô¤¦Á°¤Ë¡¢¥«¡¼¥Í¥ë¤ò IPSec ¤ª¤è¤Ó
+ Encapsulated Security Payload (ESP) ¥×¥í¥È¥³¥ë¤ËÂбþ¤¹¤ë¤è¤¦¤Ë¡¢
+ ÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤ì¤Ï¡¢¥«¡¼¥Í¥ë¤ò°Ê²¼¤Î¤è¤¦¤ËÀßÄꤹ¤ë¤³¤È¤Ç²Äǽ¤Ç¤¹¡£</para>
+
+ <programlisting>options IPSEC
+options IPSEC_ESP
+ </programlisting>
+
+ <para>¤½¤·¤ÆºÆ¹½ÃÛ¤·¡¢ºÆ¥¤¥ó¥¹¥È¡¼¥ë¤ò¹Ô¤Ã¤Æ¡¢ºÆµ¯Æ°¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤³¤ì¤ÏξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Î¥«¡¼¥Í¥ë¤Ç¹Ô¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <para>¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤ÎÀßÄê¤Ë´Ø¤·¤Æ¤¤¤¦¤È¡¢
+ 2 ¤Ä¤ÎÁªÂò»è¤¬¤¢¤ê¤Þ¤¹¡£
+ 1 ¤ÄÌܤϡ¢2 ¤Ä¤Î¥Û¥¹¥È´Ö¤ÎÀßÄê¤ò¼êÆ°¤ÇÀßÄꤹ¤ëÊýË¡¤Ç¡¢
+ °Å¹æ¥¢¥ë¥´¥ê¥º¥à¡¢°Å¹æ¸°¤Ê¤É¤òÁªÂò¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤â¤¦ 1 ¤Ä¤Ï¡¢¤³¤ì¤é¤ò¤¢¤Ê¤¿¤ËÂå¤ï¤ê¹Ô¤¦
+ Internet Key Exchange protocol (IKE)
+ ¤ò¼ÂÁõ¤·¤Æ¤¤¤ë¥Ç¡¼¥â¥ó¤òÍѤ¤¤ë¤³¤È¤Ç¤¹¡£</para>
+
+ <para>¸å¼Ô¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£¤È¤Ë¤«¤¯¡¢ÀßÄ꤬¤è¤ê´Êñ¤Ç¤¹¡£</para>
+
+ <para>&man.setkey.8; ¤òÍѤ¤ÆÀ¤ë¤³¤È¤Ç¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤òÀßÄꤷ¤¿¤ê¡¢
+ ɽ¼¨¤Ç¤¤Þ¤¹¡£
+ &man.route.8; ¤¬¥«¡¼¥Í¥ë¥ë¡¼¥Æ¥£¥ó¥°¥Æ¡¼¥Ö¥ë¤Ë´Ø¤·¤Æ¤¤¤ë¤Î¤ÈƱÍͤˡ¢
+ <command>setkey</command>
+ ¤Ï¡¢¥«¡¼¥Í¥ë¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¥Æ¡¼¥Ö¥ë¤Ë´ØÏ¢¤·¤Æ¤¤¤Þ¤¹¡£
+ <command>setkey</command> ¤Ï¡¢
+ ¸½ºß¤Î¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤âɽ¼¨¤Ç¤¡¢
+ Îà¿ä¤ò¤µ¤é¤Ë¿Ê¤á¤ë¤È¡¢¤½¤ÎÅÀ¤Ë¤ª¤¤¤Æ¡¢
+ <command>netstat -r</command> ¤ÈƱ¼ï¤Ç¤¹¡£</para>
+
+ <para>FreeBSD
+ ¤Ç¥»¥¥å¥ê¥Æ¥£¥¢¥½¥·¥¨¡¼¥·¥ç¥ó¤ò´ÉÍý¤¹¤ë¥Ç¡¼¥â¥ó¤Ï¿ô¿¤¯¤¢¤ê¤Þ¤¹¡£
+ ¤³¤Îʸ½ñ¤Ç¤Ï¡¢¤½¤ÎÃæ¤Î°ì¤Ä¤Î racoon ¤Î»È¤¤Êý¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£
+ racoom ¤Ï¡¢FreeBSD Ports Collection ¤Î security ¥«¥Æ¥´¥ê¤Ë¤¢¤ê¤Þ¤¹¡£
+ Ä̾ï¤ÎÊýË¡¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤¬¤Ç¤¤Þ¤¹¡£</para>
+
+ <para>racoon ¤Ï¡¢Î¾Êý¤Î¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È¤Ç¼Â¹Ô¤µ¤ì¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤½¤ì¤¾¤ì¤Î¥Û¥¹¥È¤Ç¡¢¤â¤¦°ì¤Ä¤Î VPN ¤Îü¤Î IP ¥¢¥É¥ì¥¹¤ª¤è¤Ó
+ (¤¢¤Ê¤¿¤¬ÁªÂò¤·¤¿¤â¤Î¤Ç¡¢Î¾Êý¤Î¥²¡¼¥È¥¦¥§¥¤¤ÇƱ¤¸É¬ÍפΤ¢¤ë)
+ ÈëÌ©¸°¤ÇÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <para>2 ¤Ä¤Î¥Ç¡¼¥â¥ó¤Ï¡¢¸ß¤¤¤Ë¥³¥ó¥¿¥¯¥È¤·¡¢
+ (ÀßÄꤷ¤¿ÈëÌ©¸°¤òÍѤ¤¤Æ) ¤À¤ì¤¬Áê¼ê¤Ç¤¢¤ë¤«¤ò³Îǧ¤·¤Þ¤¹¡£
+ ¥Ç¡¼¥â¥ó¤Ï¤½¤Î¸å¡¢¿·¤·¤¤ÈëÌ©¸°¤òÀ¸À®¤·¡¢
+ VPN ¾å¤Î¥È¥é¥Õ¥£¥Ã¥¯¤Î°Å¹æ²½¤Î¤¿¤á¤ËÍѤ¤¤Þ¤¹¡£
+ ¹¶·â¼Ô¤¬¤³¤ì¤é¤Î¸°¤Î (ÍýÏÀŪ¤Ë¤Ï¡¢ÉÔ²Äǽ¤Ç¤¹¤¬)
+ 1 ¤Ä¤ò¥¯¥é¥Ã¥¯¤·¤Æ¤â¡¢¤½¤ì°Ê¾å¤Ç¤¤Ê¤¤¤è¤¦¤Ë¡¢
+ ¤³¤ÎÈëÌ©¸°¤òÄê´üŪ¤ËÊѹ¹¤·¤Þ¤¹¡£
+ -- Èà¤é¤¬¥«¥®¤ò¥¯¥é¥Ã¥¯¤·¤¿¤È¤¤Ë¤Ï¡¢
+ 2 ¤Ä¤Î¥Ç¡¼¥â¥ó¤Ï¾¤Î¸°¤òÁªÂò¤·¤Æ¤¤¤ë¤³¤È¤Ç¤·¤ç¤¦¡£</para>
+
+ <para>racoon's ¤ÎÀßÄê¤Ï¡¢
+ <filename>${PREFIX}/etc/racoon</filename> ¤Ç¹Ô¤ï¤ì¤Þ¤¹¡£
+ ¤³¤³¤Ë¤Ï¡¢ÀßÄê¥Õ¥¡¥¤¥ë¤¬ÃÖ¤«¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢
+ ¤½¤ì¤Û¤É¿¤¯Êѹ¹¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£
+ ¤ª¤½¤é¤¯¤¢¤Ê¤¿¤¬Êѹ¹¤¹¤Ù¤ racoon ¤ÎÀßÄê¤Î¾¤ÎÉôʬ¤Ï¡¢
+ 'pre-shared key' ¤Ç¤¹¡£</para>
+
+ <para>¥Ç¥Õ¥©¥ë¥È¤Î racoon ¤ÎÀßÄê¤Ç¤Ï¡¢¤³¤ì¤Ï¡¢
+ ${PREFIX}/etc/racoon/psk.txt ¥Õ¥¡¥¤¥ë¤Ë¤¢¤ë¤È²¾Äꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
+ pre-shared key ¤Ï¡¢VPN ¥ê¥ó¥¯¤ò·Ðͳ¤¹¤ë¥È¥é¥Õ¥£¥Ã¥¯¤Î°Å¹æ²½¤Ë¤Ï¡¢
+ *ÍѤ¤¤é¤ì¤Þ¤»¤ó*¡£
+ ¸°´ÉÍý¥Ç¡¼¥â¥ó¤¬¤ª¸ß¤¤¤ò¿®Íꤹ¤ë¤¿¤á¤Î¥È¡¼¥¯¥ó¤Ç¤¹¡£</para>
+
+ <para><filename>psk.txt</filename> ¤Ï¡¢
+ ¤¢¤Ê¤¿¤¬¼è¤ê°·¤¦³Æ¥ê¥â¡¼¥È¤Î¥µ¥¤¥È¤Ë´ØÏ¢¤¹¤ë¹Ô¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list