{"id":2945,"date":"2013-05-07T14:51:00","date_gmt":"2013-05-07T05:51:00","guid":{"rendered":"http:\/\/blog.bitmeister.jp\/?p=2945"},"modified":"2013-04-25T15:01:16","modified_gmt":"2013-04-25T06:01:16","slug":"linux%e3%81%aexfrm%e3%81%a7ah%e3%82%92%e8%a9%a6%e3%81%99","status":"publish","type":"post","link":"https:\/\/blog.bitmeister.jp\/?p=2945","title":{"rendered":"Linux\u306exfrm\u3067AH\u3092\u8a66\u3059"},"content":{"rendered":"<p>Linux\u306b\u306f\u3001IP\u30d1\u30b1\u30c3\u30c8\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5909\u63db\u3059\u308b\u305f\u3081\u306eXFRM\u3068\u3044\u3046\u3001IPsec\u3067\u3082\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\n\u524d\u56de\u306fESP\u3092\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\u306e\u3067\u3001\u4eca\u56de\u306fAH\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3092\u5099\u5fd8\u9332\u3068\u3057\u3066\u6b8b\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<p><!--more--><\/p>\n<p>\u74b0\u5883\u306f\u524d\u56de\u3068\u540c\u3058\u3067\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002<br \/>\n<strong>\u74b0\u5883<\/strong><\/p>\n<ul>\n<li><strong>PC1<\/strong><br \/>\nIP\u30a2\u30c9\u30ec\u30b9 192.168.1.152<\/li>\n<li><strong>PC2<\/strong><br \/>\nIP\u30a2\u30c9\u30ec\u30b9 192.168.1.153<\/li>\n<li><strong>PC1\u3001PC2\u5171\u901a<\/strong><br \/>\n\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3 Ubuntu 12.04.2 LTS<br \/>\n\u30ab\u30fc\u30cd\u30eb\u30d0\u30fc\u30b8\u30e7\u30f3 3.5.0-27-generic<\/li>\n<\/ul>\n<p>PC1\u3068PC2\u9593\u306e\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u306b\u3064\u3044\u3066AH\u3092\u8a2d\u5b9a\u3059\u308b\u306b\u306f\u3001PC1\u3001PC2\u305d\u308c\u305e\u308c\u3067\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br \/>\n<strong style=\"color: #ff0000;\">\u203bRoot\u6a29\u9650\u304c\u5fc5\u8981\u306a\u305f\u3081\u3001\u4e00\u822c\u30e6\u30fc\u30b6\u3067\u5b9f\u884c\u3059\u308b\u5834\u5408\u306b\u306f\u3001\u5404\u884c\u306e\u5148\u982d\u306bsudo\u3092\u3064\u3051\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\n<\/strong><\/p>\n<p><strong>PC1<\/strong><\/p>\n<pre><textarea class=\"c\" name=\"code\">\r\nip xfrm policy add dir out src 192.168.1.152 dst 192.168.1.153 tmpl proto ah\r\nip xfrm state add src 192.168.1.152 dst 192.168.1.153 proto ah spi 1 auth md5 0x000102030405060708090a0b0c0d0e0f sel src 192.168.1.152 dst 192.168.1.153\r\nip xfrm policy add dir in src 192.168.1.153 dst 192.168.1.152 tmpl proto ah\r\nip xfrm state add src 192.168.1.153 dst 192.168.1.152 proto ah spi 2 auth md5 0x000102030405060708090a0b0c0d0e0f sel src 192.168.1.153 dst 192.168.1.152\r\n<\/textarea><\/pre>\n<p><strong>PC2<\/strong><\/p>\n<pre><textarea class=\"c\" name=\"code\">\r\nip xfrm policy add dir out src 192.168.1.153 dst 192.168.1.152 tmpl proto ah\r\nip xfrm state add src 192.168.1.153 dst 192.168.1.152 proto ah spi 2 auth md5 0x000102030405060708090a0b0c0d0e0f sel src 192.168.1.153 dst 192.168.1.152\r\nip xfrm policy add dir in src 192.168.1.152 dst 192.168.1.153 tmpl proto ah\r\nip xfrm state add src 192.168.1.152 dst 192.168.1.153 proto ah spi 1 auth md5 0x000102030405060708090a0b0c0d0e0f sel src 192.168.1.152 dst 192.168.1.153\r\n<\/textarea><\/pre>\n<p>\u4e0a\u8a18\u8a2d\u5b9a\u5f8c\u3001PC1\u304b\u3089PC2\u3078\u306eping\u306e\u30d1\u30b1\u30c3\u30c8\u3092tcpdump\u306b\u3088\u308a\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u3066\u307f\u308b\u3068\u3001\u30d1\u30b1\u30c3\u30c8\u304cXFRM\u306b\u3088\u3063\u3066AH\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3078\u5909\u63db\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u5206\u304b\u308a\u307e\u3059\u3002<\/p>\n<pre><textarea class=\"c\" name=\"code\">\r\n14:17:59.572093 IP 192.168.1.152 > 192.168.1.153: AH(spi=0x00000001,seq=0x7): ICMP echo request, id 1981, seq 3, length 64\r\n    0x0000:  0800 27f3 d1b3 0800 2759 fca4 0800 4500  ..'.....'Y....E.\r\n    0x0010:  006c 0000 4000 4033 b5dd c0a8 0198 c0a8  .l..@&#46;&#64;&#51;&#46;&#46;&#46;&#46;&#46;&#46;&#46;&#46;\r\n    0x0020:  0199 0104 0000 0000 0001 0000 0007 acd9  ................\r\n    0x0030:  5e57 36a0 640c 2c2c 6155 0800 8aa4 07bd  ^W6.d.,,aU......\r\n    0x0040:  0003 87bc 7851 0000 0000 9eba 0800 0000  ....xQ..........\r\n    0x0050:  0000 1011 1213 1415 1617 1819 1a1b 1c1d  ................\r\n    0x0060:  1e1f 2021 2223 2425 2627 2829 2a2b 2c2d  ...!\"#$%&'()*+,-\r\n    0x0070:  2e2f 3031 3233 3435 3637                 .\/01234567\r\n14:17:59.572663 IP 192.168.1.153 > 192.168.1.152: AH(spi=0x00000002,seq=0x7): ICMP echo reply, id 1981, seq 3, length 64\r\n    0x0000:  0800 2759 fca4 0800 27f3 d1b3 0800 4500  ..'Y....'.....E.\r\n    0x0010:  006c b803 0000 4033 3dda c0a8 0199 c0a8  .l....@3=.......\r\n    0x0020:  0198 0104 0000 0000 0002 0000 0007 8ad1  ................\r\n    0x0030:  b027 41a0 6887 a7d5 47a0 0000 92a4 07bd  .'A.h...G.......\r\n    0x0040:  0003 87bc 7851 0000 0000 9eba 0800 0000  ....xQ..........\r\n    0x0050:  0000 1011 1213 1415 1617 1819 1a1b 1c1d  ................\r\n    0x0060:  1e1f 2021 2223 2425 2627 2829 2a2b 2c2d  ...!\"#$%&'()*+,-\r\n    0x0070:  2e2f 3031 3233 3435 3637                 .\/01234567\r\n<\/textarea><\/pre>\n<p>ESP\u540c\u69d8\u3001\u65b0\u898f\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u5c0e\u5165\u3059\u308b\u3053\u3068\u306a\u304fAH\u306b\u3088\u308b\u901a\u4fe1\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u306e\u3067\u3001\u8208\u5473\u306e\u3042\u308b\u65b9\u306f\u8a66\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux\u306b\u306f\u3001IP\u30d1\u30b1\u30c3\u30c8\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5909\u63db\u3059\u308b\u305f\u3081\u306eXFRM\u3068\u3044\u3046\u3001IPsec\u3067\u3082\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u304c\u3042\u308a\u307e\u3059\u3002 \u524d\u56de\u306fESP\u3092\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\u306e\u3067\u3001\u4eca\u56de\u306fAH\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3092\u5099\u5fd8\u9332\u3068\u3057\u3066\u6b8b\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[118,18,119],"class_list":["post-2945","post","type-post","status-publish","format-standard","hentry","category-tech","tag-ipsec","tag-linux","tag-xfrm"],"_links":{"self":[{"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/posts\/2945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2945"}],"version-history":[{"count":7,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/posts\/2945\/revisions"}],"predecessor-version":[{"id":2954,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/posts\/2945\/revisions\/2954"}],"wp:attachment":[{"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}