svn commit: r51445 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Sun Feb 25 00:19:06 UTC 2018
Author: ryusuke
Date: Sun Feb 25 00:19:05 2018
New Revision: 51445
URL: https://svnweb.freebsd.org/changeset/doc/51445
Log:
- Merge the following from the English version:
r42266 -> r42267 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Sat Feb 24 08:34:51 2018 (r51444)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Sun Feb 25 00:19:05 2018 (r51445)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r42266
+ Original revision: r42267
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -2705,61 +2705,63 @@ device crypto</screen>
</listitem>
</itemizedlist>
- <sect3>
- <info><title>&os; ¾å¤Ç IPsec ¤òÀßÄꤹ¤ë¡£</title>
- <authorgroup>
- <author>
- <personname>
- <firstname>Tom</firstname>
- <surname>Rhodes</surname>
- </personname>
- <affiliation>
- <address><email>trhodes at FreeBSD.org</email></address>
- </affiliation>
- <contrib>´ó¹Æ: </contrib>
- </author>
- </authorgroup>
- </info>
+ <sect3>
+ <info>
+ <title>&os; ¾å¤Ç IPsec ¤òÀßÄꤹ¤ë¡£</title>
+ <authorgroup>
+ <author>
+ <personname>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ </personname>
+ <affiliation>
+ <address><email>trhodes at FreeBSD.org</email></address>
+ </affiliation>
+ <contrib>´ó¹Æ: </contrib>
+ </author>
+ </authorgroup>
+ </info>
- <para>ºÇ½é¤Ë Ports Collection ¤«¤é
- <filename role="package">security/ipsec-tools</filename>
- ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¯¤À¤µ¤¤¡£
- ¤³¤Î¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
- ÀßÄê¤ò¥µ¥Ý¡¼¥È¤¹¤ë¿ô¿¤¯¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤òÄ󶡤·¤Þ¤¹¡£</para>
+ <para>ºÇ½é¤Ë Ports Collection ¤«¤é
+ <filename role="package">security/ipsec-tools</filename>
+ ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤³¤Î¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
+ ÀßÄê¤ò¥µ¥Ý¡¼¥È¤¹¤ë¿ô¿¤¯¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤òÄ󶡤·¤Þ¤¹¡£</para>
- <para>¼¡¤Ë¡¢¥Ñ¥±¥Ã¥È¤ò¥È¥ó¥Í¥ê¥ó¥°¤·¡¢
- ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤¬Å¬ÀÚ¤ËÄÌ¿®¤¹¤ë¤è¤¦¤Ë¡¢
- 2 ¤Ä¤Î &man.gif.4; µ¿»÷¥Ç¥Ð¥¤¥¹¤òºîÀ®¤·¤Þ¤¹¡£
- <systemitem class="username">root</systemitem>
- ¸¢¸Â¤Ç°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£
- ¤¿¤À¤·¡¢¼Â¹Ô¤¹¤ëºÝ¤Ë¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ÎÃæ¤Î
- <replaceable>internal</replaceable> ¤ª¤è¤Ó
- <replaceable>external</replaceable> ¤ò¡¢
- 2 ¤Ä¤Î¥²¡¼¥È¥¦¥§¥¤¤ÎÆâÉô¤ª¤è¤Ó³°Éô¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î¼ÂºÝ¤Î
- IP ¥¢¥É¥ì¥¹¤ËÃÖ¤´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£</para>
+ <para>¼¡¤Ë¡¢¥Ñ¥±¥Ã¥È¤ò¥È¥ó¥Í¥ê¥ó¥°¤·¡¢
+ ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤¬Å¬ÀÚ¤ËÄÌ¿®¤¹¤ë¤è¤¦¤Ë¡¢
+ 2 ¤Ä¤Î &man.gif.4; µ¿»÷¥Ç¥Ð¥¤¥¹¤òºîÀ®¤·¤Þ¤¹¡£
+ <systemitem class="username">root</systemitem>
+ ¸¢¸Â¤Ç°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤¿¤À¤·¡¢¼Â¹Ô¤¹¤ëºÝ¤Ë¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤ÎÃæ¤Î
+ <replaceable>internal</replaceable> ¤ª¤è¤Ó
+ <replaceable>external</replaceable> ¤ò¡¢
+ 2 ¤Ä¤Î¥²¡¼¥È¥¦¥§¥¤¤ÎÆâÉô¤ª¤è¤Ó³°Éô¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î¼ÂºÝ¤Î
+ IP ¥¢¥É¥ì¥¹¤ËÃÖ¤´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£</para>
- <screen>&prompt.root; <userinput>ifconfig gif0 create</userinput></screen>
+ <screen>&prompt.root; <userinput>ifconfig gif0 create</userinput></screen>
- <screen>&prompt.root; <userinput>ifconfig gif0 <replaceable>internal1 internal2</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>ifconfig gif0 <replaceable>internal1 internal2</replaceable></userinput></screen>
- <screen>&prompt.root; <userinput>ifconfig gif0 tunnel <replaceable>external1 external2</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>ifconfig gif0 tunnel <replaceable>external1 external2</replaceable></userinput></screen>
- <para>¤³¤ÎÎã¤Ç¤Ï¡¢²ñ¼Ò¤Î <acronym>LAN</acronym> ¤Î³°Éô
- <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
- <systemitem class="ipaddress">172.16.5.4</systemitem>¡¢
- ÆâÉô <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
- <systemitem class="ipaddress">10.246.38.1</systemitem>
- ¤È¤·¤Þ¤¹¡£¤Þ¤¿¡¢²ÈÄí
- <acronym>LAN</acronym> ¤Î³°Éô <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
- <systemitem class="ipaddress">192.168.1.12</systemitem>¡¢
- ÆâÉô¤Î¥×¥é¥¤¥Ù¡¼¥È <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
- <systemitem class="ipaddress">10.0.0.5</systemitem>
- ¤È¤·¤Þ¤¹¡£</para>
+ <para>¤³¤ÎÎã¤Ç¤Ï¡¢²ñ¼Ò¤Î <acronym>LAN</acronym> ¤Î³°Éô
+ <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
+ <systemitem class="ipaddress">172.16.5.4</systemitem>¡¢
+ ÆâÉô <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
+ <systemitem class="ipaddress">10.246.38.1</systemitem>
+ ¤È¤·¤Þ¤¹¡£¤Þ¤¿¡¢²ÈÄí
+ <acronym>LAN</acronym> ¤Î³°Éô <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
+ <systemitem class="ipaddress">192.168.1.12</systemitem>¡¢
+ ÆâÉô¤Î¥×¥é¥¤¥Ù¡¼¥È <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò
+ <systemitem class="ipaddress">10.0.0.5</systemitem>
+ ¤È¤·¤Þ¤¹¡£</para>
- <para>¤³¤ÎÀâÌÀ¤Çʬ¤«¤ê¤Ë¤¯¤¤¾ì¹ç¤Ï¡¢°Ê²¼¤Î
- &man.ifconfig.8; ¥³¥Þ¥ó¥É¤Î½ÐÎÏÎã¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+ <para>¤³¤ÎÀâÌÀ¤Çʬ¤«¤ê¤Ë¤¯¤¤¾ì¹ç¤Ï¡¢°Ê²¼¤Î
+ &man.ifconfig.8; ¥³¥Þ¥ó¥É¤Î½ÐÎÏÎã¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
- <programlisting>Gateway 1:
+ <programlisting>Gateway 1:
+
gif0: flags=8051 mtu 1280
tunnel inet 172.16.5.4 --> 192.168.1.12
inet6 fe80::2e0:81ff:fe02:5881%gif0 prefixlen 64 scopeid 0x6
@@ -2772,11 +2774,11 @@ tunnel inet 192.168.1.12 --> 172.16.5.4
inet 10.0.0.5 --> 10.246.38.1 netmask 0xffffff00
inet6 fe80::250:bfff:fe3a:c1f%gif0 prefixlen 64 scopeid 0x4</programlisting>
- <para>ÀßÄ꤬´°Î»¤·¤¿¤é¡¢Î¾Êý¤ÎÆâÉô <acronym>IP</acronym>
- ¥¢¥É¥ì¥¹¤Ï¡¢&man.ping.8;
- ¤ÇÅþã¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Ï¤º¤Ç¤¹¡£</para>
+ <para>ÀßÄ꤬´°Î»¤·¤¿¤é¡¢Î¾Êý¤ÎÆâÉô <acronym>IP</acronym>
+ ¥¢¥É¥ì¥¹¤Ï¡¢&man.ping.8;
+ ¤ÇÅþã¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Ï¤º¤Ç¤¹¡£</para>
- <programlisting>priv-net# ping 10.0.0.5
+ <programlisting>priv-net# ping 10.0.0.5
PING 10.0.0.5 (10.0.0.5): 56 data bytes
64 bytes from 10.0.0.5: icmp_seq=0 ttl=64 time=42.786 ms
64 bytes from 10.0.0.5: icmp_seq=1 ttl=64 time=19.255 ms
@@ -2797,27 +2799,26 @@ PING 10.246.38.1 (10.246.38.1): 56 data bytes
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 28.106/94.594/154.524/49.814 ms</programlisting>
- <para>ͽÁÛÄ̤ꡢ¥×¥é¥¤¥Ù¡¼¥È¥¢¥É¥ì¥¹¤ò»È¤Ã¤Æ¡¢
- ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é <acronym>ICMP</acronym>
- ¥Ñ¥±¥Ã¥È¤òÁ÷¼õ¿®¤Ç¤¤Þ¤¹¡£
- ¼¡¤Ë¡¢¤É¤Á¤é¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é¤â¥á¥Ã¥»¡¼¥¸¤òÁ÷¿®¤Ç¤¤ë¤è¤¦¤Ë¡¢
- ¥Ñ¥±¥Ã¥È¤Î¥ë¡¼¥Æ¥£¥ó¥°¾ðÊó¤ò
- ξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¤ËÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ¤³¤ì¤Ï°Ê²¼¤Î¥³¥Þ¥ó¥É¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£</para>
+ <para>ͽÁÛÄ̤ꡢ¥×¥é¥¤¥Ù¡¼¥È¥¢¥É¥ì¥¹¤ò»È¤Ã¤Æ¡¢
+ ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é <acronym>ICMP</acronym>
+ ¥Ñ¥±¥Ã¥È¤òÁ÷¼õ¿®¤Ç¤¤Þ¤¹¡£
+ ¼¡¤Ë¡¢¤É¤Á¤é¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é¤â¥á¥Ã¥»¡¼¥¸¤òÁ÷¿®¤Ç¤¤ë¤è¤¦¤Ë¡¢
+ ¥Ñ¥±¥Ã¥È¤Î¥ë¡¼¥Æ¥£¥ó¥°¾ðÊó¤òξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¤ËÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤ì¤Ï°Ê²¼¤Î¥³¥Þ¥ó¥É¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£</para>
- <screen>&prompt.root; <userinput>corp-net# route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>corp-net# route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput></screen>
- <screen>&prompt.root; <userinput>corp-net# route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>corp-net# route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput></screen>
- <screen>&prompt.root; <userinput>priv-net# route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>priv-net# route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput></screen>
- <screen>&prompt.root; <userinput>priv-net# route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>priv-net# route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen>
- <para>¤³¤ì¤Ç¡¢¥Í¥Ã¥È¥ï¡¼¥¯Æâ¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢
- ¥²¡¼¥È¥¦¥§¥¤¤ª¤è¤Ó¥²¡¼¥È¥¦¥§¥¤¤Î±ü¤Î¥³¥ó¥Ô¥å¡¼¥¿¤«¤éÅþã²Äǽ¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
- ¤â¤¦°ìÅÙ &man.ping.8; ¤Ç³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+ <para>¤³¤ì¤Ç¡¢¥Í¥Ã¥È¥ï¡¼¥¯Æâ¤Î¥³¥ó¥Ô¥å¡¼¥¿¤Ï¡¢
+ ¥²¡¼¥È¥¦¥§¥¤¤ª¤è¤Ó¥²¡¼¥È¥¦¥§¥¤¤Î±ü¤Î¥³¥ó¥Ô¥å¡¼¥¿¤«¤éÅþã²Äǽ¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
+ ¤â¤¦°ìÅÙ &man.ping.8; ¤Ç³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
- <programlisting>corp-net# ping 10.0.0.8
+ <programlisting>corp-net# ping 10.0.0.8
PING 10.0.0.8 (10.0.0.8): 56 data bytes
64 bytes from 10.0.0.8: icmp_seq=0 ttl=63 time=92.391 ms
64 bytes from 10.0.0.8: icmp_seq=1 ttl=63 time=21.870 ms
@@ -2839,15 +2840,15 @@ PING 10.246.38.1 (10.246.38.107): 56 data bytes
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 21.145/31.721/53.491/12.179 ms</programlisting>
- <para>¥È¥ó¥Í¥ê¥ó¥°¤ÎÀßÄê¤Ï°Ê¾å¤Î¤è¤¦¤Ë´Êñ¤Ç¤¹¤¬¡¢
- ¥ê¥ó¥¯¤ò°ÂÁ´¤Ë¤¹¤ë¤Ë¤Ï¡¢¤â¤¦¾¯¤··¡¤ê²¼¤²¤¿ÀßÄ꤬ɬÍפȤʤê¤Þ¤¹¡£
- °Ê²¼¤ÎÀßÄê¤Ç¤Ï¡¢»öÁ°¶¦Í (<acronym>PSK</acronym>)
- <acronym>RSA</acronym> ¸°¤ò»È¤¤¤Þ¤¹¡£
- <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò½ü¤±¤Ð¡¢Î¾Êý¤Î¥²¡¼¥È¥¦¥§¥¤¤Î
- <filename>/usr/local/etc/racoon/racoon.conf</filename>
- ¤ÏƱ¤¸¤Ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+ <para>¥È¥ó¥Í¥ê¥ó¥°¤ÎÀßÄê¤Ï°Ê¾å¤Î¤è¤¦¤Ë´Êñ¤Ç¤¹¤¬¡¢
+ ¥ê¥ó¥¯¤ò°ÂÁ´¤Ë¤¹¤ë¤Ë¤Ï¡¢¤â¤¦¾¯¤··¡¤ê²¼¤²¤¿ÀßÄ꤬ɬÍפȤʤê¤Þ¤¹¡£
+ °Ê²¼¤ÎÀßÄê¤Ç¤Ï¡¢»öÁ°¶¦Í (<acronym>PSK</acronym>)
+ <acronym>RSA</acronym> ¸°¤ò»È¤¤¤Þ¤¹¡£
+ <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò½ü¤±¤Ð¡¢Î¾Êý¤Î¥²¡¼¥È¥¦¥§¥¤¤Î
+ <filename>/usr/local/etc/racoon/racoon.conf</filename>
+ ¤ÏƱ¤¸¤Ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
- <programlisting>path pre_shared_key "/usr/local/etc/racoon/psk.txt"; #location of pre-shared key file
+ <programlisting>path pre_shared_key "/usr/local/etc/racoon/psk.txt"; #location of pre-shared key file
log debug; #log verbosity setting: set to 'notify' when testing and debugging is complete
padding # options are not to be changed
@@ -2905,37 +2906,37 @@ sainfo (address 10.246.38.0/24 any address 10.0.0.0/2
compression_algorithm deflate;
}</programlisting>
- <para>ÍøÍѲÄǽ¤Ê¥ª¥×¥·¥ç¥ó¤ÎÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
- <application>racoon</application>
- ¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+ <para>ÍøÍѲÄǽ¤Ê¥ª¥×¥·¥ç¥ó¤ÎÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ <application>racoon</application>
+ ¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
- <para>&os; ¤ª¤è¤Ó <application>racoon</application>
- ¤¬¥Û¥¹¥È´Ö¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥È¥é¥Õ¥£¥Ã¥¯¤ò°Å¹æ²½¡¢
- Éü¹æ²½¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
- Security Policy Database (<acronym>SPD</acronym>)
- ¤ÎÀßÄ꤬ɬÍפǤ¹¡£</para>
+ <para>&os; ¤ª¤è¤Ó <application>racoon</application>
+ ¤¬¥Û¥¹¥È´Ö¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥È¥é¥Õ¥£¥Ã¥¯¤ò°Å¹æ²½¡¢
+ Éü¹æ²½¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+ Security Policy Database (<acronym>SPD</acronym>)
+ ¤ÎÀßÄ꤬ɬÍפǤ¹¡£</para>
- <para>¤³¤ì¤Ï¡¢²ñ¼Ò¤Î¥²¡¼¥È¥¦¥§¥¤¾å¤Ç¡¢
- °Ê²¼¤Î¤è¤¦¤Ê¥·¥§¥ë¥¹¥¯¥ê¥×¥È¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
- ¤³¤Î¥Õ¥¡¥¤¥ë¤ò¥·¥¹¥Æ¥à¤Î½é´ü²½Ãæ¤Ë»È¤ï¤ì¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
- <filename>/usr/local/etc/racoon/setkey.conf</filename>
- ¤ËÊݸ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ <para>¤³¤ì¤Ï¡¢²ñ¼Ò¤Î¥²¡¼¥È¥¦¥§¥¤¾å¤Ç¡¢
+ °Ê²¼¤Î¤è¤¦¤Ê¥·¥§¥ë¥¹¥¯¥ê¥×¥È¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
+ ¤³¤Î¥Õ¥¡¥¤¥ë¤ò¥·¥¹¥Æ¥à¤Î½é´ü²½Ãæ¤Ë»È¤ï¤ì¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+ <filename>/usr/local/etc/racoon/setkey.conf</filename>
+ ¤ËÊݸ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
- <programlisting>flush;
+ <programlisting>flush;
spdflush;
# To the home network
spdadd 10.246.38.0/24 10.0.0.0/24 any -P out ipsec esp/tunnel/172.16.5.4-192.168.1.12/use;
spdadd 10.0.0.0/24 10.246.38.0/24 any -P in ipsec esp/tunnel/192.168.1.12-172.16.5.4/use;</programlisting>
- <para>ÀßÄê¥Õ¥¡¥¤¥ë¤òŬÀÚ¤ËÃÖ¤¯¤È¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤Ë¤è¤ê¡¢
- ξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¾å¤Ç <application>racoon</application>
- ¤òµ¯Æ°¤Ç¤¤Þ¤¹¡£</para>
+ <para>ÀßÄê¥Õ¥¡¥¤¥ë¤òŬÀÚ¤ËÃÖ¤¯¤È¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤Ë¤è¤ê¡¢
+ ξÊý¤Î¥²¡¼¥È¥¦¥§¥¤¾å¤Ç <application>racoon</application>
+ ¤òµ¯Æ°¤Ç¤¤Þ¤¹¡£</para>
- <screen>&prompt.root; <userinput>/usr/local/sbin/racoon -F -f /usr/local/etc/racoon/racoon.conf -l /var/log/racoon.log</userinput></screen>
+ <screen>&prompt.root; <userinput>/usr/local/sbin/racoon -F -f /usr/local/etc/racoon/racoon.conf -l /var/log/racoon.log</userinput></screen>
- <para>½ÐÎϤϰʲ¼¤Î¤è¤¦¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£</para>
+ <para>½ÐÎϤϰʲ¼¤Î¤è¤¦¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£</para>
- <programlisting>corp-net# /usr/local/sbin/racoon -F -f /usr/local/etc/racoon/racoon.conf
+ <programlisting>corp-net# /usr/local/sbin/racoon -F -f /usr/local/etc/racoon/racoon.conf
Foreground mode.
2006-01-30 01:35:47: INFO: begin Identity Protection mode.
2006-01-30 01:35:48: INFO: received Vendor ID: KAME/racoon
@@ -2948,45 +2949,45 @@ n2006-01-30 01:36:04: INFO: ISAKMP-SA established 172.
2006-01-30 01:36:18: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.12[0]->172.16.5.4[0] spi=124397467(0x76a279b)
2006-01-30 01:36:18: INFO: IPsec-SA established: ESP/Tunnel 172.16.5.4[0]->192.168.1.12[0] spi=175852902(0xa7b4d66)</programlisting>
- <para>¥È¥ó¥Í¥ê¥ó¥°¤¬Å¬Àڤ˹Ԥï¤ì¤Æ¤¤¤ë¤«¤É¤¦¤«¤ò³Îǧ¤¹¤ë¤¿¤á¡¢
- Ê̤Υ³¥ó¥½¡¼¥ë¾å¤Ç &man.tcpdump.1; ¤ò»È¤¤¡¢
- °Ê²¼¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤Ç¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÄÌ¿®¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£
- ¤¿¤À¤·¡¢°Ê²¼¤ÎÎã¤Î <literal>em0</literal> ¤ÎÉôʬ¤Ï¡¢
- ɬÍפ˱þ¤¸¤Æ»ÈÍѤ·¤Æ¤¤¤ë¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ËÃÖ¤´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£</para>
+ <para>¥È¥ó¥Í¥ê¥ó¥°¤¬Å¬Àڤ˹Ԥï¤ì¤Æ¤¤¤ë¤«¤É¤¦¤«¤ò³Îǧ¤¹¤ë¤¿¤á¡¢
+ Ê̤Υ³¥ó¥½¡¼¥ë¾å¤Ç &man.tcpdump.1; ¤ò»È¤¤¡¢
+ °Ê²¼¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤Ç¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÄÌ¿®¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤¿¤À¤·¡¢°Ê²¼¤ÎÎã¤Î <literal>em0</literal> ¤ÎÉôʬ¤Ï¡¢
+ ɬÍפ˱þ¤¸¤Æ»ÈÍѤ·¤Æ¤¤¤ë¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ËÃÖ¤´¹¤¨¤Æ¤¯¤À¤µ¤¤¡£</para>
- <screen>&prompt.root; <userinput>tcpdump -i em0 host <replaceable>172.16.5.4 and dst 192.168.1.12</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>tcpdump -i em0 host <replaceable>172.16.5.4 and dst 192.168.1.12</replaceable></userinput></screen>
- <para>°Ê²¼¤Î¤è¤¦¤Ê¥Ç¡¼¥¿¤¬¥³¥ó¥½¡¼¥ë¤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£
- ¤â¤·¡¢É½¼¨¤µ¤ì¤Ê¤¤¾ì¹ç¤Ï¡¢ÀßÄê¤Ë²¿¤«ÌäÂ꤬¤¢¤ë¤Î¤Ç¡¢
- ɽ¼¨¤µ¤ì¤ë¥Ç¡¼¥¿¤ò»È¤Ã¤Æ¥Ç¥Ð¥Ã¥°¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ <para>°Ê²¼¤Î¤è¤¦¤Ê¥Ç¡¼¥¿¤¬¥³¥ó¥½¡¼¥ë¤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£
+ ¤â¤·¡¢É½¼¨¤µ¤ì¤Ê¤¤¾ì¹ç¤Ï¡¢ÀßÄê¤Ë²¿¤«ÌäÂ꤬¤¢¤ë¤Î¤Ç¡¢
+ ɽ¼¨¤µ¤ì¤ë¥Ç¡¼¥¿¤ò»È¤Ã¤Æ¥Ç¥Ð¥Ã¥°¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
- <programlisting>01:47:32.021683 IP corporatenetwork.com > 192.168.1.12.privatenetwork.com: ESP(spi=0x02acbf9f,seq=0xa)
+ <programlisting>01:47:32.021683 IP corporatenetwork.com > 192.168.1.12.privatenetwork.com: ESP(spi=0x02acbf9f,seq=0xa)
01:47:33.022442 IP corporatenetwork.com > 192.168.1.12.privatenetwork.com: ESP(spi=0x02acbf9f,seq=0xb)
01:47:34.024218 IP corporatenetwork.com > 192.168.1.12.privatenetwork.com: ESP(spi=0x02acbf9f,seq=0xc)</programlisting>
- <para>¤³¤ì¤Ç 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¡¢
- 1 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤è¤¦¤ËÍøÍѤǤ¤Þ¤¹¡£
- ¿¤¯¤Î¾ì¹ç¡¢
- ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ë¤è¤êÊݸ¤ì¤Æ¤¤¤Þ¤¹¡£
- ξÊý¤òή¤ì¤ëÄÌ¿®¤òµö²Ä¤¹¤ë¤Ë¤Ï¡¢
- ¥Ñ¥±¥Ã¥È¤¬Î¾Êý¤ò¹Ô¤Íè¤Ç¤¤ë¤è¤¦¤Ë¥ë¡¼¥ë¤òÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- &man.ipfw.8; ¤ò»È¤Ã¤¿¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¾ì¹ç¤Ï¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤Ë¡¢°Ê²¼¤Î¹Ô¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
+ <para>¤³¤ì¤Ç 2 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¡¢
+ 1 ¤Ä¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤è¤¦¤ËÍøÍѤǤ¤Þ¤¹¡£
+ ¿¤¯¤Î¾ì¹ç¡¢
+ ξÊý¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ï¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ë¤è¤êÊݸ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ξÊý¤òή¤ì¤ëÄÌ¿®¤òµö²Ä¤¹¤ë¤Ë¤Ï¡¢
+ ¥Ñ¥±¥Ã¥È¤¬Î¾Êý¤ò¹Ô¤Íè¤Ç¤¤ë¤è¤¦¤Ë¥ë¡¼¥ë¤òÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ &man.ipfw.8; ¤ò»È¤Ã¤¿¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¾ì¹ç¤Ï¡¢
+ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤Ë¡¢°Ê²¼¤Î¹Ô¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
- <programlisting>ipfw add 00201 allow log esp from any to any
+ <programlisting>ipfw add 00201 allow log esp from any to any
ipfw add 00202 allow log ah from any to any
ipfw add 00203 allow log ipencap from any to any
ipfw add 00204 allow log udp from any 500 to any</programlisting>
- <note>
- <para>¥ë¡¼¥ëÈÖ¹æ¤Ï¡¢
- ¸½ºß¤Î¥Û¥¹¥È¤ÎÀßÄê¤Ë¤è¤Ã¤Æ¤ÏÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£</para>
- </note>
+ <note>
+ <para>¥ë¡¼¥ëÈÖ¹æ¤Ï¡¢
+ ¸½ºß¤Î¥Û¥¹¥È¤ÎÀßÄê¤Ë¤è¤Ã¤Æ¤ÏÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£</para>
+ </note>
- <para>&man.pf.4; ¤Þ¤¿¤Ï &man.ipf.8; ¤ò»ÈÍѤ·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
- °Ê²¼¤Î¥ë¡¼¥ë¤Ç¾å¼ê¤¯¤¤¤¯¤Ç¤·¤ç¤¦¡£</para>
+ <para>&man.pf.4; ¤Þ¤¿¤Ï &man.ipf.8; ¤ò»ÈÍѤ·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
+ °Ê²¼¤Î¥ë¡¼¥ë¤Ç¾å¼ê¤¯¤¤¤¯¤Ç¤·¤ç¤¦¡£</para>
- <programlisting>pass in quick proto esp from any to any
+ <programlisting>pass in quick proto esp from any to any
pass in quick proto ah from any to any
pass in quick proto ipencap from any to any
pass in quick proto udp from any port = 500 to any port = 500
@@ -2997,17 +2998,17 @@ pass out quick proto ipencap from any to any
pass out quick proto udp from any port = 500 to any port = 500
pass out quick on gif0 from any to any</programlisting>
- <para>ºÇ¸å¤Ë¡¢¥·¥¹¥Æ¥à¤Î½é´ü²½Ãæ¤Ë <acronym>VPN</acronym>
- ¤¬µ¯Æ°¤¹¤ë¤è¤¦¤Ë¡¢°Ê²¼¤Î¹Ô¤ò
- <filename>/etc/rc.conf</filename> ¤ËÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
+ <para>ºÇ¸å¤Ë¡¢¥·¥¹¥Æ¥à¤Î½é´ü²½Ãæ¤Ë <acronym>VPN</acronym>
+ ¤¬µ¯Æ°¤¹¤ë¤è¤¦¤Ë¡¢°Ê²¼¤Î¹Ô¤ò
+ <filename>/etc/rc.conf</filename> ¤ËÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
- <programlisting>ipsec_enable="YES"
+ <programlisting>ipsec_enable="YES"
ipsec_program="/usr/local/sbin/setkey"
ipsec_file="/usr/local/etc/racoon/setkey.conf" # allows setting up spd policies on boot
racoon_enable="yes"</programlisting>
- </sect3>
- </sect2>
- </sect1>
+ </sect3>
+ </sect2>
+ </sect1>
<sect1 xml:id="openssh">
<info>
More information about the svn-doc-head
mailing list