/usr/share/doc/HOWTO/ja-html/VPN-HOWTO-4.html is in doc-linux-ja-html 2006.05.25-1.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>VPN HOWTO: ¥¯¥é¥¤¥¢¥ó¥È</TITLE>
<LINK HREF="VPN-HOWTO-5.html" REL=next>
<LINK HREF="VPN-HOWTO-3.html" REL=previous>
<LINK HREF="VPN-HOWTO.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="VPN-HOWTO-5.html">¼¡¤Î¥Ú¡¼¥¸</A>
<A HREF="VPN-HOWTO-3.html">Á°¤Î¥Ú¡¼¥¸</A>
<A HREF="VPN-HOWTO.html#toc4">Ìܼ¡¤Ø</A>
<HR>
<H2><A NAME="s4">4. ¥¯¥é¥¤¥¢¥ó¥È</A></H2>
<P>¤µ¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ÎÊý¤òÄ´¤Ù¤Æ¤ß¤Þ¤·¤ç¤¦¡£¼ÂºÝ¡¢¥ê¥â¡¼¥È¥Í¥Ã¥È¥ï¡¼¥¯¤ËÂФ·¤Æ
¾ï¤Ë¥¢¥¯¥»¥¹¤òµö¤¹¤È¤¤Ë¤Ï¡¢¤³¤ÎÈ¢¤Ï´Êñ¤Ë Samba¡ÊWindows ¥Í¥Ã¥È¥ï¡¼¥¯¡Ë¥µ¡¼¥Ð¡¢
DHCP ¥µ¡¼¥Ð¡¢¤½¤ì¤«¤éÆâÉô¤Î¥¦¥§¥Ö¥µ¡¼¥Ð¤Ë¤Ç¤¤Þ¤¹¡£
³Ð¤¨¤Æ¤ª¤«¤Ê¤¯¤Æ¤Ï¤Ê¤é¤Ê¤¤½ÅÍפʤ³¤È¤Ï¡¢¤³¤ÎÈ¢¤Ï¥ê¥â¡¼¥È¥Í¥Ã¥È¥ï¡¼¥¯Á´ÂΤÇ
Æ°ºî¤¹¤ë¤Î¤Ç¤¹¤«¤é¡¢²Äǽ¤Ê¸Â¤ê°ÂÁ´¤Ç¤¢¤ë¤Ù¤¤À¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
<H2><A NAME="ss4.1">4.1 ¥«¡¼¥Í¥ë</A>
</H2>
<P>½ÅÍפʤâ¤Î¤«¤éÀè¤ËÏ䷤Ƥª¤¯¤È¡¢¤¢¤Ê¤¿¤Ï¥«¡¼¥Í¥ë¤ÎÃæ¤Ç ppp ¤ò͸ú¤Ë¤·¤Æ
¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£¤â¤·Ê£¿ô¤Î¥Þ¥·¥ó¤ËÂФ·¤Æ¥È¥ó¥Í¥ë¤Î»ÈÍѤòµö¤½¤¦¤È
¤·¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¡¢¥Õ¥©¥ï¡¼¥Ç¥£¥ó¥°¤â͸ú¤Ë¤·¤Æ¤ª¤¯
ɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¥¯¥é¥¤¥¢¥ó¥È¤¬Ã±°ì¤Î¥Þ¥·¥ó¤Ç¤¢¤ë¤Ê¤é¡¢ppp ¤À¤±¤Ç½½Ê¬¤Ç¤¹¡£
<H2><A NAME="ss4.2">4.2 ¥ê¥ó¥¯¤ò³ÎΩ¤¹¤ë</A>
</H2>
<P>¥ê¥ó¥¯¤Ï¡¢µ¼»÷üËö¤òÄ̤·¤ÆÆ°ºî¤·¤Æ¤¤¤ë <CODE>pppd</CODE> ¤Ë¤è¤Ã¤ÆÀ¸À®¤µ¤ì¤Þ¤¹¡£
¡Ê¤½¤Îµ¼»÷üËö¤Ï¡Ë<CODE>pty-redir</CODE> ¤Ë¤è¤Ã¤ÆÀ¸À®¤µ¤ì¡¢<CODE>ssh</CODE> ¤ËÀܳ
¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤³¤ì¤Ï¼¡¤Ë¼¨¤¹¤è¤¦¤Ê¥³¥Þ¥ó¥ÉÎó¤Ë¤è¤Ã¤Æ¼Â¸½¤µ¤ì¤Þ¤¹ -
<P>
<PRE>
# /usr/sbin/pty-redir /usr/bin/ssh -t -e none -o 'Batchmode yes' -c blowfish -i /root/.ssh/identity.vpn -l joe > /tmp/vpn-device
# sleep 10
# /usr/sbin/pppd `cat /tmp/vpn-device`
# sleep 15
# /sbin/route add -net 172.16.0.0 gw vpn-internal.mycompany.com netmask 255.240.0.0
# /sbin/route add -net 192.168.0.0 gw vpn-internal.mycompany.com netmask 255.255.0.0
</PRE>
<P>ñ¤Ë¤³¤ì¤¬¤ä¤ë¤Î¤Ï ssh ¤ò¼Â¹Ô¤·¡¢¤½¤ÎÆþ½ÐÎϤò pppd ¤Ë¥ê¥À¥¤¥ì¥¯¥È
¤¹¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£ssh ¤ËÅϤµ¤ì¤ë¥ª¥×¥·¥ç¥ó¤Ï¡¢¤½¤ì¤ò¥¨¥¹¥±¡¼¥×
¥¥ã¥é¥¯¥¿¤Ê¤·¤ÇÆ°ºî¤· (-e) ¡¢ blowfish °Å¹æ²½¥¢¥ë¥´¥ê¥º¥à
¤ò»È¤¤ (-c)¡¢»ØÄꤷ¤¿Ç§¾Ú¥Õ¥¡¥¤¥ë¤ò»È¤Ã¤Æ (-i)¡¢¥¿¡¼¥ß¥Ê¥ë¥â¡¼¥É¤Ç (-t)¡¢
¤µ¤é¤Ë 'Batchmode yes' ¥ª¥×¥·¥ç¥ó¤Ä¤¤Ç (-o) ¼Â¹Ô¤¹¤ë¤è¤¦ÀßÄꤷ¤Þ¤¹¡£
sleep ¥³¥Þ¥ó¥É¤Ï¡¢¤½¤ì¤¾¤ì¤¬¤½¤Î¼¡¤Î¥³¥Þ¥ó¥É¤Î¼Â¹ÔÁ°¤Ëµ¯Æ°¤ò´°Î»
¤Ç¤¤ë¤è¤¦¤Ë¡¢¥³¥Þ¥ó¥É¤Î¼Â¹Ô¤Î´Ö³Ö¤ò¤¢¤±¤ë¤¿¤á¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£
<H2><A NAME="ss4.3">4.3 ¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯</A>
</H2>
<P>¤â¤Á¤í¤ó¡¢¤¢¤Ê¤¿¤Ï¥È¥ó¥Í¥ë¤òÄ̲ᤵ¤»¤¿¤¤¤È¤¤Ë¡¢¤½¤ÎÅÔÅÙ¤½¤ì¤é¤Î¥³¥Þ¥ó¥É¤ò
ÆþÎϤ·¤¿¤¯¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¡£»ä¤Ï¥È¥ó¥Í¥ë¤ò¤½¤Î¤Þ¤ÞÄ̤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯
¤è¤¦¤Ê bash ¥¹¥¯¥ê¥×¥È¤Î¥»¥Ã¥È¤ò½ñ¤¤Þ¤·¤¿¡£¥Ñ¥Ã¥±¡¼¥¸¤Ï
<A HREF="http://www.shinythings.com/vpnd/vpnd.tar.gz">¤³¤³</A>¤«¤é¥À¥¦¥ó¥í¡¼¥É¤Ç¤¤Þ¤¹¡£¥À¥¦¥ó¥í¡¼¥É¤·¤Æ /usr/local/vpn ¤Ë
¿Ä¹¤·¤Æ¤¯¤À¤µ¤¤¡£¤½¤ÎÃæ¤Ë¤Ï 3 ¤Ä¤Î¥Õ¥¡¥¤¥ë¤¬¤¢¤ê¤Þ¤¹ -
<P>
<UL>
<LI>vpnd - ¥È¥ó¥Í¥ëÀܳ¤òÀ©¸æ¤¹¤ë¥¹¥¯¥ê¥×¥È</LI>
<LI>check-vpnd - vpnd ¤¬µ¯Æ°¤·¤Æ¤¤¤ë¤«¤É¤¦¤«¤ò¥Á¥§¥Ã¥¯¤¹¤ë¤¿¤á¤Ë cron ¤Ë
¤è¤Ã¤Æ¼Â¹Ô¤µ¤ì¤ë¥¹¥¯¥ê¥×¥È</LI>
<LI>pty-redir - ¥È¥ó¥Í¥ë¤ò½é´ü²½¤¹¤ë¤¿¤á¤ËɬÍפʡ¢¾®¤µ¤Ê¼Â¹Ô¥Õ¥¡¥¤¥ë</LI>
</UL>
<P>¥¯¥é¥¤¥¢¥ó¥È¤Î¥æ¡¼¥¶Ì¾¤ä¥µ¡¼¥Ð¤Î̾Á°¤È¤¤¤¦¤è¤¦¤Ê¤³¤È¤òÀßÄꤹ¤ë¤¿¤á¤Ë¤Ï
<CODE>vpnd</CODE> ¤òÊÔ½¸¤¹¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£¤Þ¤¿ÍøÍѤ·¤Æ¤¤¤ë
¥Í¥Ã¥È¥ï¡¼¥¯¤ò»ØÄꤹ¤ë¤¿¤á¤Ë¡¢¥¹¥¯¥ê¥×¥È¤Î starttunnel ¥»¥¯¥·¥ç¥ó¤òÊÔ½¸
¤¹¤ëɬÍפ⤢¤ë¤Ç¤·¤ç¤¦¡£°Ê²¼¤Ï¤¢¤Ê¤¿¤Ë´î¤ó¤ÇÆɤó¤Ç¤â¤é¤¦¤¿¤á¤Î¡¢¥¹¥¯¥ê¥×¥È¤Î
¥³¥Ô¡¼¤Ç¤¹¡£¥¹¥¯¥ê¥×¥È¤ÏÊ̤ʥǥ£¥ì¥¯¥È¥ê¤ËÆþ¤ì¤Æ¤ª¤¯¤³¤È¤¬¤Ç¤¡¢
¤½¤Î¤¿¤á¤Ë¤Ï VPN_DIR ÊÑ¿ô¤òÊѹ¹¤¹¤ì¤Ð¤è¤¤¤È¤¤¤¦¤³¤È¤ò³Ð¤¨¤Æ¤ª¤¤¤Æ¤¯¤À¤µ¤¤¡£
<P>
<A NAME="vpnd-script"></A> <PRE>
#! /bin/bash
#
# vpnd: Monitor the tunnel, bring it up and down as necessary
#
USERNAME=vpn-username
IDENTITY=/root/.ssh/identity.vpn
VPN_DIR=/usr/local/vpn
LOCK_DIR=/var/run
VPN_EXTERNAL=vpn.mycompany.com
VPN_INTERNAL=vpn-internal.mycompany.com
PTY_REDIR=${VPN_DIR}/pty-redir
SSH=${VPN_DIR}/${VPN_EXTERNAL}
PPPD=/usr/sbin/pppd
ROUTE=/sbin/route
CRYPTO=blowfish
PPP_OPTIONS="noipdefault ipcp-accept-local ipcp-accept-remote local noauth nocrtscts lock nodefaultroute"
ORIG_SSH=/usr/bin/ssh
starttunnel () {
$PTY_REDIR $SSH -t -e none -o 'Batchmode yes' -c $CRYPTO -i $IDENTITY -l $USERNAME > /tmp/vpn-device
sleep 15
$PPPD `cat /tmp/vpn-device` $PPP_OPTIONS
sleep 15
# Add routes (modify these lines as necessary)
/sbin/route add -net 10.0.0.0 gw $VPN_INTERNAL netmask 255.0.0.0
/sbin/route add -net 172.16.0.0 gw $VPN_INTERNAL netmask 255.240.0.0
/sbin/route add -net 192.168.0.0 gw $VPN_INTERNAL netmask 255.255.0.0
}
stoptunnel () {
kill `ps ax | grep $SSH | grep -v grep | awk '{print $1}'`
}
resettunnel () {
echo "reseting tunnel."
date >> ${VPN_DIR}/restart.log
eval stoptunnel
sleep 5
eval starttunnel
}
checktunnel () {
ping -c 4 $VPN_EXTERNAL 2>/dev/null 1>/dev/null
if [ $? -eq 0 ]; then
ping -c 4 $VPN_INTERNAL 2>/dev/null 1>/dev/null
if [ $? -ne 0 ]; then
eval resettunnel
fi
fi
}
settraps () {
trap "eval stoptunnel; exit 0" INT TERM
trap "eval resettunnel" HUP
trap "eval checktunnel" USR1
}
runchecks () {
if [ -f ${LOCK_DIR}/tunnel.pid ]; then
OLD_PID=`cat ${LOCK_DIR}/vpnd.pid`
if [ -d /proc/${OLD_PID} ]; then
echo "vpnd is already running on process ${OLD_PID}."
exit 1
else
echo "removing stale pid file."
rm -rf ${LOCK_DIR}/vpnd.pid
echo $$ > ${LOCK_DIR}/vpnd.pid
echo "checking tunnel state."
eval checktunnel
fi
else
echo $$ > ${LOCK_DIR}/vpnd.pid
eval starttunnel
fi
}
case $1 in
check) if [ -d /proc/`cat ${LOCK_DIR}/vpnd.pid` ]; then
kill -USR1 `cat ${LOCK_DIR}/vpnd.pid`
exit 0
else
echo "vpnd is not running."
exit 1
fi ;;
reset) if [ -d /proc/`cat ${LOCK_DIR}/vpnd.pid` ]; then
kill -HUP `cat ${LOCK_DIR}/vpnd.pid`
exit 0
else
echo "vpnd is not running."
exit 1
fi ;;
--help | -h)
echo "Usage: vpnd [ check | reset ]"
echo "Options:"
echo " check Sends running vpnd a USR1 signal, telling it to check"
echo " the tunnel state, and restart if neccesary."
echo " reset Sends running vpnd a HUP signal, telling it to reset"
echo " it's tunnel connection." ;;
esac
ln -sf $ORIG_SSH $SSH
settraps
runchecks
while true; do
i=0
while [ $i -lt 600 ]; do
i=((i+1))
sleep 1
done
eval checktunnel
done
</PRE>
<H2><A NAME="ss4.4">4.4 LRP - Linux ¥ë¡¼¥¿¥×¥í¥¸¥§¥¯¥È</A>
</H2>
<P>¼ÂºÝ¡¢»ä¤Ï¤³¤Î´Ä¶¤ò Linux ¤Î LRP ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤¬Áö¤ë pentium
90MHz ¤Î¾å¤ÇÆ°ºî¤µ¤»¤Æ¤¤¤Þ¤¹¡£LRP¤Ï 1 Ëç¤Î¥Õ¥í¥Ã¥Ô¡¼¥Ç¥£¥¹¥¯¤Ë¼ý¤Þ¤ê¡¢
µ¯Æ°¤¹¤ë Linux ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Ç¤¹¡£¤³¤ì°Ê¾å¤Î¤³¤È¤Ë¤Ä¤¤¤Æ¤Ï
<A HREF="http://www.linuxrouter.org/">http://www.linuxrouter.org/</A>
¤Ç³Ø¤Ö¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
»ä¤Î VPN ¥¯¥é¥¤¥¢¥ó¥ÈÍѤΠLRP ¥Ñ¥Ã¥±¡¼¥¸¤Ï¡¢
<A HREF="http://www.shinythings.com/vpnd/vpnd.lrp">¤³¤³</A>¤«¤é
¥À¥¦¥ó¥í¡¼¥É¤Ç¤¤Þ¤¹¡£¤½¤ì¤«¤é ppp ¤ª¤è¤Ó ssh ¥Ñ¥Ã¥±¡¼¥¸¤â LRP ¥µ¥¤¥È
¤«¤éÆÀ¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£
<HR>
<A HREF="VPN-HOWTO-5.html">¼¡¤Î¥Ú¡¼¥¸</A>
<A HREF="VPN-HOWTO-3.html">Á°¤Î¥Ú¡¼¥¸</A>
<A HREF="VPN-HOWTO.html#toc4">Ìܼ¡¤Ø</A>
</BODY>
</HTML>
|