From owner-doc-jp@jp.freebsd.org  Fri Mar 17 09:40:01 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id JAA07209;
	Fri, 17 Mar 2000 09:40:01 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from ns4.sony.co.jp (ns4.Sony.CO.JP [202.238.80.4])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id JAA07200
	for <doc-jp@jp.freebsd.org>; Fri, 17 Mar 2000 09:40:01 +0900 (JST)
	(envelope-from masato.hori@jp.sony.com)
Received: from mail2.sony.co.jp (gatekeeper7.Sony.CO.JP [202.238.80.21])
	by ns4.sony.co.jp (02/04/00) with ESMTP id JAA13496
	for <doc-jp@jp.freebsd.org>; Fri, 17 Mar 2000 09:40:01 +0900 (JST)
Received: from sjp01002.meis.sony.co.jp (sjp01002.meis.sony.co.jp [43.15.126.31])
	by mail2.sony.co.jp (3.7W99040614b) with ESMTP id JAA05989
	for <doc-jp@jp.freebsd.org>; Fri, 17 Mar 2000 09:40:01 +0900 (JST)
Received: from PCG-N505-SERIES.jp.sony.com (PCG-N505 [43.17.37.107]) by sjp01002.meis.sony.co.jp with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2651.97)
	id HCQM6N5V; Fri, 17 Mar 2000 09:40:01 +0900
Date: Fri, 17 Mar 2000 09:39:29 +0900
Message-ID: <wk7lf2qvjy.wl@jp.sony.com>
From: Hori Masato <mho@cmpnetmail.com>
To: doc-jp@jp.freebsd.org
In-Reply-To: In your message of "Sun, 12 Mar 2000 11:42:33 +0900"
	<200003120244.LAA28494@mail.geocities.co.jp>
References: <200003120244.LAA28494@mail.geocities.co.jp>
User-Agent: Wanderlust/2.2.16 (No Son Of Mine) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) Emacs/20.4 (i386-*-windows98.2222) MULE/4.1 (AOI) Meadow/1.10 (TSUYU)
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7175
Subject: [doc-jp 7175] Re: handbook/security/chapter.sgml 1.25 -> 1.26 #3
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: mho@cmpnetmail.com

(handbook/security/chapter.sgml 1.25 -> 1.26 #3)

    <sect2>
      <title>IPv6$B$r;H$C$?(BTunnel $B%b!<%I$NNc(B</title>

      <para>$B0E9f%"%k%4%j%:%`$O(B 3des-cbc, ESP $B$NG'>Z%"%k%4%j%:%`$O(B
      hmac-sha1 $B$G$9(B. AH$B$NG'>Z%"%k%4%j%:%`$O(B hmac-md5 $B$G$9(B.
      Gateway-A$B$N@_Dj$O0J2<$N$h$&$K$J$j$^$9(B.</para>

      <screen>

        &prompt.root; <command>setkey -c</command> &lt;&lt;<filename>EOF</filename>
        spdadd fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out ipsec
                esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require
                ah/transport/fec0:0:0:1::1-fec0:0:0:2::1/require ;
        spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
                esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require
                ah/transport/fec0:0:0:2::1-fec0:0:0:1::1/require ;
        add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10001 -m tunnel
                -E 3des-cbc "kamekame12341234kame1234"
                -A hmac-sha1 "this is the test key" ;
        add fec0:0:0:1::1 fec0:0:0:2::1 ah 0x10001 -m transport
                -A hmac-md5 "this is the test" ;
        add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10001 -m tunnel
                -E 3des-cbc "kamekame12341234kame1234"
                -A hmac-sha1 "this is the test key" ;
        add fec0:0:0:2::1 fec0:0:0:1::1 ah 0x10001 -m transport
                -A hmac-md5 "this is the test" ;

        EOF

      </screen>

      <para>$B0[$J$kC<Kv$H$N4V$K(B SA $B$r3NN)$9$k(B</para>

      <para>Host-A $B$H(B Gateway-A $B4V$G$O(BESP tunnel $B%b!<%I$r;H$&$3$H$,?d(B
      $B>)$5$l$F$$$k$H$7$^$9(B.  $B0E9f2=%"%k%4%j%:%`$O(B cast128-cbc, ESP $B$N(B
      $BG'>Z%"%k%4%j%:%`$O(B hmac-sha1 $B$G$9(B. Host-A and Host-B$B$H$N4V$G$O(B 
      ESP transport $B%b!<%I$r;H$&$3$H$,?d>)$5$l$F$$$k$H$7$^$9(B. $B0E9f2=%"(B
      $B%k%4%j%:%`$O(B rc5-cbc, ESP $B$NG'>Z%"%k%4%j%:%`$O(B hmac-md5$B$G$9(B.
      </para>

      <screen>

              ================== ESP =================
              |  ======= ESP =======                 |
              |  |                 |                 |
             Host-A            Gateway-A           Host-B
          fec0:0:0:1::1 ---- fec0:0:0:2::1 ---- fec0:0:0:2::2

      </screen>

      <para>Host-A$B$N@_Dj$O0J2<$N$H$*$j$G$9(B.</para>

      <screen>

        &prompt.root; <command>setkey -c</command> &lt;&lt;<filename>EOF</filename>
        spdadd fec0:0:0:1::1[any] fec0:0:0:2::2[80] tcp -P out ipsec
                esp/transport/fec0:0:0:1::1-fec0:0:0:2::2/use
                esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require ;
        spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in ipsec
                esp/transport/fec0:0:0:2::2-fec0:0:0:l::1/use
                esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ;
        add fec0:0:0:1::1 fec0:0:0:2::2 esp 0x10001
                -m transport
                -E cast128-cbc "12341234"
                -A hmac-sha1 "this is the test key" ;
        add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10002
                -E rc5-cbc "kamekame"
                -A hmac-md5 "this is the test" ;
        add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003
                -m transport
                -E cast128-cbc "12341234"
                -A hmac-sha1 "this is the test key" ;
        add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004
                -E rc5-cbc "kamekame"
                -A hmac-md5 "this is the test" ;

        EOF

      </screen>
     </sect2>
