From owner-FreeBSD-net-jp@jp.FreeBSD.org Thu Dec 11 17:12:01 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id hBB8C1S68947;
	Thu, 11 Dec 2003 17:12:01 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from gate.m-saki.dyndns.org ([2001:3e0:36a:0:260:94ff:fef0:2dd])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet6 id hBB8C1M68942
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Thu, 11 Dec 2003 17:12:01 +0900 (JST)
	(envelope-from m-saki@rr.iij4u.or.jp)
Received: from miffy.taihei-dengyo.co.jp (p1030-ipbffx01maru.tokyo.ocn.ne.jp [218.43.19.158])
	(user=mizutani mech=CRAM-MD5 bits=0)
	by gate.m-saki.dyndns.org (8.12.7/8.12.7) with ESMTP id hBB8BsrW081544
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Thu, 11 Dec 2003 17:11:55 +0900 (JST)
	(envelope-from m-saki@rr.iij4u.or.jp)
Message-ID: <87k753hiyf.wl@miffy.taihei-dengyo.co.jp>
From: Masaki Mizutani <m-saki@rr.iij4u.or.jp>
To: FreeBSD-net-jp@jp.FreeBSD.org
User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.4 (Hosorogi) SLIM/1.14.9 (MEGUMI) APEL/10.4 MULE XEmacs/21.4 (patch 12) (Portable Code) (i386--freebsd)
X-Face: DP-3apzI<SXXJs>,JOcx>nG;Fs;Mwu41fN=FKlS)v*@UCXto4?HI{:v@j|}_Na+S}Ot(-Q.
 y"4-bLy7Rk;b2_s&?}!Pye?I~\7Sf=j.;hcg.04R@:\{rR]79zY4zS-7+?#~!9_cyn:D@T0iIR;$6X
 gd5cUd[.][-0x'$(V8-pK?[7CW^^V>@'iNga\>Z'
MIME-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 11 Dec 2003 17:11:52 +0900
X-Sequence: FreeBSD-net-jp 4039
Subject: [FreeBSD-net-jp 4039] =?ISO-2022-JP?B?GyRCOEUkJBsoQg==?= SA
 =?ISO-2022-JP?B?GyRCJHI7SCQkQjMkMSRrJE4kTyRKJDwbKEI=?= ?
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: m-saki@rr.iij4u.or.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+031208

$B$_$:$?$K$G$9!#(B

FreeBSD 4.9-STABLE + racoon-20030826a $B$r;H$C$F(BIPsec$B$N;n834D6-$r(B
$B:n$C$F$$$^$9!#(B
$B!V(Bgate$B!W$,(BFreeBSD$B$J%;%-%e%j%F%#%2!<%H%&%'%$!"!V(BPC$B!W$O(BWindows2000
Professional$B$G$9!#(B

      |
   +--+---+ 192.168.1.1
   | gate |
   +--+---+ 192.168.250.254
      |
 +----+--+------+
         |
       +-+--+ 192.168.250.18
       | PC |
       +----+

$B$3$N4D6-$G@5>o$K(BIPsec$B$K$h$kDL?.$,$G$-$k$N$G$9$,!"!V(BPC$B!W$r:F5/F08e$K(B
$B!V(Bgate$B!WB&$G!V(Bgate$B"*(BPC$B!W$N8E$$(BSA$B$r;H$$B3$1$k$h$&$J$N$G$9!#(B

$B%$%K%7%(!<%?$O!V(BPC$B!W$G!"!V(BPC$B!WB&$+$i(B
	ping -t 192.168.1.2
$B$r<B9TCf$K!"!V(Bgate$B!WB&$G(B setkey -D $B$r8+$F$$$k$H(B

192.168.250.254 192.168.250.18 
        esp mode=tunnel spi=787559073(0x2ef132a1) reqid=0(0x00000000)
        E: 3des-cbc  b92a32fa 47f67022 42bbaf64 daecfb7d c531dc33 eced1c43
        A: hmac-sha1  d9793fab 5e73ace6 af05570b c50de395 64ce1f63
        seq=0x00000000 replay=4 flags=0x00000000 state=mature 
        created: Dec 11 16:45:23 2003   current: Dec 11 16:47:45 2003
        diff: 142(s)    hard: 900(s)    soft: 720(s)
        last:                           hard: 0(s)      soft: 0(s)
$B$3$3"*(B  current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=5 pid=4117 refcnt=1
192.168.250.254 192.168.250.18 
        esp mode=tunnel spi=198845714(0x0bda2512) reqid=0(0x00000000)
        E: 3des-cbc  f27a8ddf 000cf178 4a772ae3 7be6ea2b 200c5e3c ac93c494
        A: hmac-sha1  118d1fbb c1ba1fc7 a1893b08 edee773b ebe2d718
        seq=0x000000d2 replay=4 flags=0x00000000 state=mature 
        created: Dec 11 16:44:23 2003   current: Dec 11 16:47:45 2003
        diff: 202(s)    hard: 900(s)    soft: 720(s)
        last: Dec 11 16:47:45 2003      hard: 0(s)      soft: 0(s)
$B$3$C$A"*(Bcurrent: 26552(bytes)   hard: 0(bytes)  soft: 0(bytes)
        allocated: 210  hard: 0 soft: 0
        sadb_seq=4 pid=4117 refcnt=2

$B!V$3$3!W$,A4A3>e$,$i$J$$$I$3$m$+!"!V$3$C$A!W$,>e$,$C$F$$$^$9!#(B
$B7k2LE*$K(Bping$B$,DL$i$J$/$J$C$F$7$^$$!"<!$N99?7$^$GDL$j$^$;$s!#(B
$BL@<(E*$K(B initial_contact on $B$K$7$F$_$^$7$?$,JQ$o$j$^$;$s$G$7$?!#(B
man racoon.conf $B$O7j$,$"$/DxFI$s$@$D$b$j$G$9$,!"2?$+FCJL$J@_Dj$,(B
$BI,MW$J$N$G$7$g$&$+!#(B
$B$=$l$H$b!"!V(BPC$B!W(B(Windows)$BB&$G2?$+;XDj$7$J$$$H?7$7$$(BSA$B$r;H$C$F(B
$B$/$l$J$$$N$G$7$g$&$+!#(B

$B!|(Bipsec.conf...
# 192.168.250.18
spdadd 192.168.250.18/32 0.0.0.0/0 any -P in ipsec esp/tunnel/192.168.250.18-192.168.250.254/require;
spdadd 0.0.0.0/0 192.168.250.18/32 any -P out ipsec esp/tunnel/192.168.250.254-192.168.250.18/require;

$B!|(Bracoon.conf...
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

log debug2;

padding {
        maximum_length 20;      # maximum padding length.
        randomize off;          # enable randomize length.
        strict_check off;       # enable strict check.
        exclusive_tail off;     # extract last one octet.
}

timer {
        counter 5;              # maximum trying count to send.
        interval 10 sec;        # maximum interval to resend.
        persend 1;              # the number of packets per a send.

        phase1 15 sec;
        phase2 10 sec;
}

remote anonymous {
        exchange_mode main;
        doi ipsec_doi;
        situation identity_only;

        nonce_size 16;
        lifetime time 8 hour;    # sec,min,hour
        initial_contact on;
        passive on;
        proposal_check obey;    # obey, strict or claim
#        proposal_check strict;    # obey, strict or claim

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key ;
                dh_group 2 ;
        }
}

sainfo anonymous {
        pfs_group 2;
#        lifetime time 900 sec;
        encryption_algorithm 3des,blowfish,cast128;
        authentication_algorithm hmac_sha1,hmac_md5;
        compression_algorithm deflate ;
}

-- 
$B?eC+!!@5<y(B / m-saki@rr.iij4u.or.jp
PGP Fingerprint: E551 12B2 CF6B 50EA BD5C  CFD1 FF41 0F6E 595C 92CE
PGP Public Key : http://m-saki.dyndns.org:8888/%7Emizutani/mizutani_gpg.asc
