From owner-FreeBSD-net-jp@jp.FreeBSD.org Thu Aug  1 23:04:01 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g71E41T54209;
	Thu, 1 Aug 2002 23:04:01 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from athena.ginganet.org (postfix@tk0008-202x210x243x26.ap-TK.usen.ad.jp [202.210.243.26])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g71E41n54204
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Thu, 1 Aug 2002 23:04:01 +0900 (JST)
	(envelope-from ginga@ginganet.org)
Received: by athena.ginganet.org (Postfix, from userid 5003)
	id BAA564028; Thu,  1 Aug 2002 23:04:00 +0900 (JST)
Date: Thu, 1 Aug 2002 23:04:00 +0900
From: Kawaguti Ginga <ginga-freebsd@ginganet.org>
To: FreeBSD-net-jp@jp.FreeBSD.org
Message-ID: <20020801140400.GB75523%ginga@ginganet.org>
References: <020729215911.M0155034@pelsia.netmove.co.jp> <20020729095700.GC716%ginga-freebsd@ginganet.org> <20020729212503.5974d54d.s-hrgsh@nyc.odn.ne.jp> <20020729095700.GC716%ginga-freebsd@ginganet.org> <20020729115732.73196.qmail@maruma.net.dhis.org> <20020729122548.73263.qmail@maruma.net.dhis.org> <20020729095700.GC716%ginga-freebsd@ginganet.org> <20020729115732.73196.qmail@maruma.net.dhis.org> <20020729095700.GC716%ginga-freebsd@ginganet.org> <sld6t64uk4.fsf@belldandy.vsp.cpg.sony.co.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Disposition: inline
In-Reply-To: <020729215911.M0155034@pelsia.netmove.co.jp> <20020729212503.5974d54d.s-hrgsh@nyc.odn.ne.jp> <20020729122548.73263.qmail@maruma.net.dhis.org> <20020729115732.73196.qmail@maruma.net.dhis.org> <sld6t64uk4.fsf@belldandy.vsp.cpg.sony.co.jp>
User-Agent: Mutt/1.3.27i-ja.2
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
X-Sequence: FreeBSD-net-jp 3769
Subject: [FreeBSD-net-jp 3769] ipfw + vtun(Re: vtund
 =?ISO-2022-JP?B?GyRCJEdETD5vJE4bKEI=?= IP address
 =?ISO-2022-JP?B?GyRCJEskaCRrQFxCMxsoQg==?=(unnumbere
	d routing?))
Errors-To: owner-FreeBSD-net-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: ginga-freebsd@ginganet.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020727

$B@n8}$G$9(B

reply $BCY$/$J$j$^$7$F:Q$_$^$;$s!%(B

In Mon, Jul 29, 2002 at 08:55:55PM +0900,
Takeo Ugai <ugai@vsp.cpg.sony.co.jp> wrote:
>   > vtun $B$K$h$k(B 2$BBf$N(B FreeBSD PC $B4V$N(B VPN $B$r(B
>   > $BD%$m$&$H$7$F$$$k$N$G$9$,!$$I$&$b>!<j$,NI$/J,$+$j$^$;$s!%(B
>   > (routing $B$H$+(B ifconfig $B$N;H$$J}$,NI$/J,$+$C$F$$$J$$$h$&$J5$$,(B)
$BN,(B
> vtun $B@.N)8e!"(B72 $B$G(B 77 $B$X$N%k!<%H$O(B vtun $B7PM3!"(B77 $B$G(B 72 $B$X$N%k!<%H$O(B
> vtun $B7PM3$H@_Dj$9$k$H!"$b$H$b$H$N(B vtun $B$N(B connection $B$b(B vtun $B7PM3$N>e$K(B
> $BN.$=$&$H$7$F7k6I$O%Q%1%C%H$,FO$+$J$/$J$C$F$7$^$&$H;W$$$^$9!#(B

$B$d$C$Q$j$=$&$G$9$h$M!%(B
$B<+J,$G$b$=$&;W$C$F$$$?$N$G$9$,!$2a5n5-;v$r$h$_0c$($F(B
$B$G$-$k$N$+$H4*0c$$$7$FL5BL$J@o$$$r$7$F$$$^$7$?!%(B

$B$G!$FH<+%M%C%H%o!<%/$GD%$C$F$_$k$3$H$K$7$^$7$?!%(B
($B$"$H!$$b$&8_$$$NCWL?E*$J(B route $B>pJs$r$$$8$k$N$O(B
 $B$d$a$?$N$GK\L?$N(B($BF1$8%5%V%M%C%H$G$J$$(B)$B%[%9%H4V$G$N@\B3;n83$K$7$F$$$^$9(B)
$B$G!$(Bvtun $B<+BN$O$&$^$/7R$,$k$h$&$K$J$C$?!$$h$&$J5$$,$7$^$9!%(B
$B$?$@$7(B... ($B8e=R(B)

> $B$3$s$J46$8$K$J$k$s$8$c$J$$$G$7$g$&$+!)(B
$BN,(B
> hoge {
> 	passwd	hoge;
> 	type	tun;
> 	keepaliave	yes;
> 	encrypt	no;
> 
> 	up {
> 		ifconfig "%% %A %a netmask 255.255.255.255";
> 		route "add -net 192.168.1.0/24 %a"
> 	};
> }
> # end of 192.168.0.1

$B$3$N$h$&$J>l9g!$(Bvtun $B$J@\B3$N$3$A$i(B&$BAj<j$N(B IP address $B$O(B
$B$I$N$h$&$K$7$F7h$^$k$N$G$7$g$&$+(B?
route $B$G(B 192.168.1.0/24 $B$H$$$&J8;zNs$O$G$F$-$^$9$,!$$3$l$O(B
vtun $B$O4XCN$7$J$$ItJ,$G$9$h$M(B?

In Mon, Jul 29, 2002 at 08:57:32PM +0900,
Masashi WADA <wa_da_ma@ybb.ne.jp> wrote:
> $BOBED$G$9!#8!:w$G0z$C$+$1$i$l$??M$G$9!#(B
$BN,(B
> client$BB&$N$_(BNIC$B$N(BIP$B%"%I%l%9$H(Btun$B$K?6$k%"%I%l%9$,F1$8$K$J$C(B
> $B$F$$$^$9!#(Bserver$BB&$O(BNIC$B$N%"%I%l%9$H(Btun$B$N%"%I%l%9$,0c$$$^$9!#(B

$B$o$6$o$6$"$j$,$H$&$4$6$$$^$9!%$3$l$G$b$d$b$d$,$9$C$-$j$7$^$7$?!%(B
$B>e5-$K=q$$$?$h$&$K;d$,4*0c$$$7$F$$$?$h$&$G!$(B
$B$H$j$"$($:$O(B "$B$h$jAGD>$J(B" configuration $B$G(B
$B$d$C$F$_$h$&$H;W$$$^$9!%(B

$BB>$K$b!$J?6{$5$s!$=EB<$5$s!$%"%I%P%$%9$"$j$,$H$&$4$6$$$^$9!%(B

	--	--	--	--	--	--

$B$?$@$7!$(Bserver $BB&$O(B ipfw $B$G$+$J$j$N@\B3$rCF$/$h$&$K(B
$B$7$F$$$k$N$G$9$,!$$D$$$G$K(B vtun $B$N%Q%1%C%H$bCF$$$F$7$^$&$h$&$G$9!%(B
ipfw $B$O(B /etc/rc.firewall simple +$B&A(B $B$G(B =>$B30(B $B$OA4DL$7$G!$(B
$B30(B=> $B$O(B 22/tcp $B$J$I$4$/0lIt$N$_DL$7$F$$$^$9!%(B

$B$G!$0l=V!$(Bipfw $B$rA4(B open (/etc/rc.firewall open)$B$K$7$F$_$k$H(B
ping $B$K$7$m!$(Bssh $B$K$7$m(B vtun $B7PM3$GLdBj$J$/@\B3$G$-$k$N$G$9$,!$(B
$B<+J,$N(B ipfw config $B$G$O$&$^$/DL$8$^$;$s!%(B

# (rc.firewall $B$r$9$3$7JQ99$7$?(B ipfw.sh $B$NH4?h$J$N$G$9$,(B)
# $BN,(B
vtif="tun0"
# $BN,(B

# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# $B$ND>8e$K(B

# $BFbIt%M%C%H%o!<%/$K$OA48x3+(B
${fwcmd} add pass all from any to any via ${iif}	# $iif $B$OFbB&(B if
# ping $B$J$I$OA4DL$7(B
${fwcmd} add pass icmp from any to any
# $B$G!$(Bvtun $B$b(B ${iif} $B$HF1MM$KA4DL$7$7$?$$$N$@$,(B...??
${fwcmd} add pass all from any to any via ${vtif}	# $B$&$^$/$$$+$J$$(B
$B0J2<N,(B

$B$H$$$&@_Dj$rF~$l$F$$$k$N$G$9$,!$$3$N(B via ${vtif} $B$K0z$C3]$+$i$:$K:G8e$N(B
deny ip from any to any
$B$K$h$C$FCF$+$l$F$7$^$&$h$&$G$9(B(ipfw show $B$G%+%&%s%?$r8+$F$$$k$H(B)$B!%(B

server => client $B$K(B ping $B$rBG$C$F(B tcpdump -i tun0 $B$r(B
server/client $B$G9T$&$H(B server $B$O=P$F$$$/$N$_!$(B
client $B$G$O<u$1<h$C$F(B reply $B$rAw$j=P$7$F$O$$$k!$(B
$B$H$$$&46$8$G$7$?!%(B

vtun $B$N%Q%1%C%H$r(B ipfw $B$GA4DL$7$9$k$K$O(B $B$I$N$h$&$J%k!<%k$r(B
$B=q$1$PNI$$$N$G$7$g$&$+(B($B$H$$$&$+!$(Bvia tun0 $B$G0z$C3]$+$i$J$$M}M3$,J,$+$j$^$;$s(B)

$B$^$?$^$?!$4pK\E*$JLdBj$G?=$7Lu$"$j$^$;$s$,$I$J$?$+(B
$B%3%a%s%H$rD:$1$l$P9,$$$G$9!%(B


############################################################
$B8=:_$N(B configuration: 
	server:192.168.220.9
	client:192.168.220.10
	tun0 $B$J(B network: 192.168.220.8/29
$B$H$$$&@_Dj$G$9!%(B

# server:
options {
  port 5000;            # Listen on this port.
  ppp           /usr/sbin/pppd;            
  ifconfig      /sbin/ifconfig;
  route         /sbin/route;
}
default {
  compress no;          # Compression is off by default
  speed 0;              # By default maximum speed, NO shaping
  encr  yes;            # Encryption
  keepalive yes;        # Keep connection alive
}
testconfig {
  pass  hogehoge;          # Password
  type  tun;            # IP tunnel 
  proto udp;            # UDP protocol
  up {
        ifconfig "%d inet 192.168.220.9 192.168.220.10 netmask 255.255.255.248";
        route "add -net 192.168.220.8/29 -interface %d";
  };
  down {
        ifconfig "%d delete down";
  };
}
############################################################
#client:
options {
  port 5000;            # Connect to this port.
  timeout 60;           # General timeout
  ppp           /usr/sbin/pppd;            
  ifconfig      /sbin/ifconfig;
  route         /sbin/route;
}
default {
  encr  yes;            # Encryption
  keepalive yes;        # Keep connection alive
  speed 0;              # By default maximum speed, NO shaping
  persist yes;          # Persist mode 
}
testconfig {
  pass  hogehoge;          # Password
  up {
        ifconfig "%d inet 192.168.220.10 192.168.220.9 netmask 255.255.255.248";
        route "add -net 192.168.220.8/29 -interface %d";
  };
  down {
        ifconfig "%d delete down";
  };
}
-- 
       $B"J"J(B
Zzz.. (- - )$B"^"^"=!A(B           $B@n8}(B $B6d2O(B
      ##############   ginga-freebsd@ginganet.org
