From owner-FreeBSD-net-jp@jp.FreeBSD.org Fri Aug 23 04:28:13 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g7MJSDo35357;
	Fri, 23 Aug 2002 04:28:13 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from pelsia.private.ensure-tech.co.jp (cl-server.ensure-tech.co.jp [211.18.249.19])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g7MJSD335352
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Fri, 23 Aug 2002 04:28:13 +0900 (JST)
	(envelope-from nork@netmove.co.jp)
Received: from pelsia.private.ensure-tech.co.jp (localhost [127.0.0.1])
	by pelsia.private.ensure-tech.co.jp (8.12.5/8.12.5) with ESMTP id g7MJSCQH040877
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Fri, 23 Aug 2002 04:28:12 +0900 (JST)
	(envelope-from nork@netmove.co.jp)
Received: (from nork@localhost)
	by pelsia.private.ensure-tech.co.jp (8.12.5/8.12.5/Submit) id g7MJSCJX040876;
	Fri, 23 Aug 2002 04:28:12 +0900 (JST)
	(envelope-from nork)
From: nork@cityfujisawa.ne.jp (Norikatsu Shigemura)
To: FreeBSD-net-jp@jp.FreeBSD.org
In-Reply-To: Your message of "Thu, 22 Aug 2002 20:19:10 +0900".
	<20020822190342.836D.SENNIN@4channel.com>
X-Mailer: mnews [version 1.22PL5] 2001-02/07(Wed)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Message-ID: <020823042812.M0140768@pelsia.netmove.co.jp>
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
Date: Fri, 23 Aug 2002 04:28:12 +0900
X-Sequence: FreeBSD-net-jp 3791
Subject: [FreeBSD-net-jp 3791] Re: VPN =?ISO-2022-JP?B?GyRCOT1DWxsoQg==?=
	(KAME+RACOON) =?ISO-2022-JP?B?GyRCJEskRCQkJEYbKEI=?= 
Errors-To: owner-FreeBSD-net-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: nork@cityfujisawa.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020820

$B=EB<K!9n$G$9!#(B

2002/08/22 20:19 $B$K(Bsennin$B$5$s$O=q$-$^$7$?(B.
>> VPN$B%k!<%?$r9=C[$7$F$$$k$N$G$9$,!"F10l%;%0%a%s%HF1;N$N(BLAN$B$r(BVPN$B@\B3$9$k$3(B
>> $B$H$O2DG=$J$N$G$7$g$&$+(B?
>> $B$b$7!"2DG=$G$"$l$P!"$=$N:]$N(B ipsec.conf $B$N5-=R$O$I$N$h$&$K5-=R$9$k$N$G$7$g(B
>> $B$&$+(B?

	$B%F%9%H$+F0:n8!>Z$GF10l%;%0%a%s%HF1;N$H$$$&OC$G$9$+(B?
	$B%M%C%H%o!<%/9=@.$O$I$&$J$C$F$$$^$9$+(B? $BFI$_<h$C$?FbMF$+$i(B
	$B2<5-9=@.$r2>Dj$7$FOC$r$7$^$9!#(B

	|-------+--------------------------------+-------| 10.0.0.0/24(?)
	        |10.0.0.1                        |10.0.0.254
	 +------+-----+                   +------+-----+
	 |VPN $B&A(BROUTER|                   |VPN $B&B(BROUTER|
	 +------+-----+                   +------+-----+
	        |                                |
	|-------+-------|192.168.0.0/24  |-------+-------|192.168.0.0/24

>> <ipsec.conf>
>> apdadd 192.168.0.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/10.0.0.1-10.0.0.254/require;
>> apdadd 192.168.0.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/10.0.0.254-10.0.0.1/require;
>> $B>e5-$N$h$&$J@_Dj$K$J$C$F$7$^$$!"(BVPN$B$r1[$($?DL?.$,$G$-$J$$>uBV$G$9!#(B

	VPN $B&A(BROUTER($B0J2<&A$HN,$9(B) $B$H(B VPN $B&B%k!<%?(B($B0J2<&B$HN,$9(B)$B$G$O(B
	SPD $B$N5-=R$,0c$$$^$9(B($B6@$N$h$&$KH?E>$7$F=q$/(B)$B!#(B/etc/ipsec.conf
	$B$O>e5-$N$h$&$K0l$D$K$J$j$^$;$s!#$5$i$K8@$C$F$7$^$($P(B, $BF10l%M(B
	$B%C%H%o!<%/;XDj$O$G$-$J$+$C$?$h$&$K5-21$7$F$$$^$9(B($B$3$l$O;d$N(B
	$B%"%W%m!<%A$,LdBj$@$C$?$N$+$b$7$l$J$$$1$I(B)$B!#$J$N$G(B, $B&BB&$N%M%C(B
	$B%H%o!<%/$r(B 192.168.*$B#1(B*.0 $B$H$7$F@_DjJ}K!$r8+$F$_$k$H(B,

	|-------+--------------------------------+-------| 10.0.0.0/24(?)
	        |10.0.0.1                        |10.0.0.254
	 +------+-----+                   +------+-----+
	 |VPN $B&A(BROUTER|                   |VPN $B&B(BROUTER|
	 +------+-----+                   +------+-----+
	        |                                |
	|-------+-------|192.168.0.0/24  |-------+-------|192.168.*$B#1(B*.0/24

$B&AMQ(B /etc/ipsec.conf
flush; spdflush;
spdadd 192.168.0.0/24 192.168.1.0/24 any -P out ipsec esp/tunnel/10.0.0.1-10.0.0.254/require;
spdadd 192.168.1.0/24 192.168.0.0/24 any -P in  ipsec esp/tunnel/10.0.0.254-10.0.0.1/require;

$B&BMQ(B /etc/ipsec.conf
flush; spdflush;
spdadd 192.168.1.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/10.0.0.254-10.0.0.1/require;
spdadd 192.168.0.0/24 192.168.1.0/24 any -P in  ipsec esp/tunnel/10.0.0.1-10.0.0.254/require;

	$B>e5-$N$h$&$J46$8$K$J$k$H;W$$$^$9!#$3$l$H$OJL$K$5$i$K@EE*%k!<%H(B
	$B@_Dj(B(192.168.0.0/24 $B$*$h$S(B 192.168.1.0/24), $B&A(B, $B&B$H$b$K%W%i%$(B
	$B%Y!<%HB&$K(B IP $B$r?6$k$J$I(B, $B3F<o%M%C%H%o!<%/@_Dj$,I,MW$K$J$j$^$9!#(B
	$B$"$H(B SAD $B$K4X$7$F$O(B racoon $B$,$J$s$H$+$7$F$/$l$^$9$,(B,  $BN><T4V$G(B
	$BD4Dd$,$&$^$/9T$+$J$$$H(B SAD $BEPO?$7$F$/$l$J$$$N$G(B, racoon $B$^$o$j(B
	$B$N@_Dj$OCm0U?<$/@_Dj$7$F$/$@$5$$(B ($B:G=i$N1?MQ$G$O(B -f $B$K$h$k%m%0(B
	$B<h$j$,=EMW$G$9(B. $B$=$l$G$b$o$+$s$J$+$C$?$1$I(B:-) > $B;d(B)$B!#(B
