\u3067\u3059\u304c\u3001donation ware\u3067\u3059\u3002\u5bc4\u4ed8\u3057\u306a\u304f\u3066\u3082\u4f7f\u3048\u307e\u3059\u304c\u3001\u3084\u306f\u308a\u6c17\u304c\u5f15\u3051\u307e\u3059\u3002\u305d\u308c\u3068\u3001Mac\u3092\u6301\u3061\u51fa\u3057\u3066\u3044\u308b\u6642\u306f\u3001VPN\u63a5\u7d9a\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n
FreeBSD\u3067VPN\u30b5\u30fc\u30d0\u3092\u7acb\u3066\u3066\u3001\u8272\u3005\u6d3b\u7528\u3059\u308b\u4e8b\u306b\u3057\u307e\u3057\u305f\u3002\u53c2\u8003\u306b\u3057\u305f\u6240\u306f\u3001\u6b21\u306e\u30a6\u30a7\u30d6\u30b5\u30a4\u30c8\u3067\u3059\u3002<\/p>\n
- \n
- L2TP VPN in FreeBSD – Wiki<\/a><\/li>\n<\/ul>\n
\u3053\u306e\u30a6\u30a7\u30d6\u30b5\u30a4\u30c8(Wiki)\u306e\u4f5c\u8005\u306b\u9023\u7d61\u3057\u3066\u3001\u548c\u8a33\u3057\u3066\u7d39\u4ecb\u3059\u308b\u8a31\u53ef\u3092\u3044\u305f\u3060\u3044\u3066\u3044\u307e\u3059\u3002<\/p>\n
Thank you, very much!<\/p>\n
\u4e0a\u8a18\u306eWiki\u3067\u306f\u30019.0\u3067\u306e\u65b9\u6cd5\u304c\u7d39\u4ecb\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u30019.1\u3067\u3082\u5168\u304f\u540c\u3058\u65b9\u6cd5\u3067\u3059\u3002\u624b\u9806\u306f\u3001\u6b21\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n
- \n
- \u30ab\u30fc\u30cd\u30eb\u518d\u69cb\u7bc9<\/li>\n
- rc.conf\u306e\u8a2d\u5b9a(1)<\/li>\n
- \u30ea\u30d6\u30fc\u30c8<\/li>\n
- racoon\u306e\u30d3\u30eb\u30c9<\/li>\n
- mpd5\u306e\u30d3\u30eb\u30c9<\/li>\n
- racoon\u306e\u8a2d\u5b9a<\/li>\n
- mpd5\u306e\u8a2d\u5b9a<\/li>\n
- sysctl.conf\u306e\u8a2d\u5b9a<\/li>\n
- rc.conf\u306e\u8a2d\u5b9a(2)<\/li>\n
- pf.conf\u306e\u8a2d\u5b9a<\/li>\n
- \u30ea\u30d6\u30fc\u30c8<\/li>\n
- \u63a5\u7d9a\u30c6\u30b9\u30c8\n
- \n
- \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u90e8\u304b\u3089\u306e\u63a5\u7d9a\u30c6\u30b9\u30c8<\/li>\n
- \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5916\u90e8\u304b\u3089\u306e\u63a5\u7d9a\u30c6\u30b9\u30c8<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
\u3061\u306a\u307f\u306b\u3001WAN\u5074\u56de\u7dda\u304c\u3001\u30b0\u30ed\u30fc\u30d0\u30ebIP\u30a2\u30c9\u30ec\u30b9\u306b\u306a\u3063\u3066\u3044\u308b\u5fc5\u8981\u304c\u5728\u308a\u307e\u3059\u3002WAN\u5074\u306eIP\u30a2\u30c9\u30ec\u30b9\u304c\u3001192.168.?.?\u3001172.16.?.?\u308410.?.?.?\u306b\u306a\u3063\u3066\u3044\u305f\u3089(\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8IP\u30a2\u30c9\u30ec\u30b9)\u3001\u5916\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304b\u3089\u306eVPN\u63a5\u7d9a\u306f\u3067\u304d\u307e\u305b\u3093\u3002\u3053\u306e\u5148\u3078\u9032\u3080\u610f\u5473\u304c\u5728\u308a\u307e\u305b\u3093\u306e\u3067\u3001\u8ae6\u3081\u3066\u4e0b\u3055\u3044\u3002
\n![\"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\"](\"https:\/\/oichinote.com\/plus\/files\/2015\/10\/20151014gatag-00000078.jpg\")
<\/p>\n1. \u30ab\u30fc\u30cd\u30eb\u518d\u69cb\u7bc9<\/h3>\n
\u3067\u306f\u3001root\u306b\u306a\u3063\u305f\u5f8c\u306e\u4f5c\u696d\u3092\u3001\u9806\u306b\u9032\u3081\u3066\u884c\u304d\u307e\u3059\u3002\u30ab\u30fc\u30cd\u30eb\u306e\u540d\u524d\u306f\u3001\u8457\u8005\u306b\u656c\u610f\u3092\u8868\u3057\u3066\u3001”STOCKSY”\u306e\u307e\u307e\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
# mkdir \/root\/kernels\r\n# cp \/usr\/src\/sys\/`uname -m`\/conf\/GENERIC \/root\/kernels\/STOCKSY\r\n# sed -i -e 's\/GENERIC\/STOCKSY\/g' \/root\/kernels\/STOCKSY\r\n# cat <
>\/root\/kernels\/STOCKSY\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPSEC\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPSEC_NAT_T\r\ndevice\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 crypto\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPSEC_FILTERTUNNEL\r\ndevice\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 enc\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPFIREWALL\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPFIREWALL_VERBOSE\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPFIREWALL_VERBOSE_LIMIT=5\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPFIREWALL_FORWARD\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPFIREWALL_NAT\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LIBALIAS\r\noptions\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IPDIVERT\r\nEOF\r\n# ln -s \/root\/kernels\/STOCKSY \/usr\/src\/sys\/`uname -m`\/conf\/STOCKSY\r\n# cd \/usr\/src\r\n# make buildkernel KERNCONF=STOCKSY && make installkernel KERNCONF=STOCKSY<\/pre>\n 2. rc.conf\u306e\u8a2d\u5b9a(1)<\/h3>\n
\u5b9f\u306f\u3001\u3053\u306e\u30ab\u30fc\u30cd\u30eb\u306b\u3057\u3066\u3057\u307e\u3046\u3068\u3001\u305d\u306eFreeBSD\u3078\u306e\u5916\u304b\u3089\u306e\u63a5\u7d9a\u304c\u3001\u5168\u304f\u3067\u304d\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3059\u3002ping\u3082ssh\u3082\u4f7f\u3048\u306a\u304f\u306a\u308a\u307e\u3059\u3002<\/p>\n
\r\n# ssh 192.168.1.1\r\nssh: connect to host 192.168.1.1 port 22: Operation timed out\r\n<\/pre>\n
\/etc\/rc.conf\u306b\u3001firewall\u306e\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002<\/p>\n
# firewall\r\nfirewall_enable="YES"\r\nfirewall_script="\/etc\/rc.firewall"\r\nfirewall_type="OPEN"\r\nfirewall_quiet="NO"\r\nfirewall_logging="YES"\r\n<\/code><\/pre>\n\u6b21\u306e\u6240\u3092\u53c2\u8003\u306b\u3057\u307e\u3057\u305f\u3002<\/p>\n
- \n
- freebsd-questions: Re: Ping response: sendto: Permission denied<\/a><\/li>\n<\/ul>\n
3. \u30ea\u30d6\u30fc\u30c8<\/h3>\n
rc.conf\u306e\u8a2d\u5b9a\u304c\u7d42\u308f\u3063\u305f\u3089\u3001\u30ea\u30d6\u30fc\u30c8\u3057\u307e\u3059\u3002\u7121\u4e8b\u306b\u8d77\u52d5\u3001\u305d\u3057\u3066\u30b5\u30fc\u30d0\u306b\u63a5\u7d9a\u3067\u304d\u307e\u3059\u3067\u3057\u3087\u3046\u304b?<\/p>\n
4. racoon\u306e\u30d3\u30eb\u30c9<\/h3>\n
\u6b21\u306b\u3001racoon\u306b\u30d1\u30c3\u30c1\u3092\u5145\u3066\u3066\u30d3\u30eb\u30c9\u3057\u307e\u3059\u3002\u307e\u305a\u3001”\/usr\/ports\/security\/ipsec-tools\/files\/patch-zz-local-1.diff”\u3068\u3057\u3066\u3001\u6b21\u306e\u5185\u5bb9\u3092\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n
diff -rup srca\/racoon\/localconf.c srcb\/racoon\/localconf.c\r\n--- src\/racoon\/localconf.c 2012-01-29 21:17:41.000000000 +0000\r\n+++ src\/racoon\/localconf.c 2012-01-29 21:19:09.000000000 +0000\r\n@@ -207,7 +207,8 @@ getpsk(str, len)\r\n \t\tif (*p == '\0')\r\n \t\t\tcontinue;\t\/* no 2nd parameter *\/\r\n \t\tp--;\r\n-\t\tif (strncmp(buf, str, len) == 0 && buf[len] == '\\0') {\r\n+\t\tif (strcmp(buf, "*") == 0 ||\r\n+\t\t\t(strncmp(buf, str, len) == 0 && buf[len] == '\\0')) {\r\n \t\t\tp++;\r\n \t\t\tkeylen = 0;\r\n \t\t\tfor (q = p; *q\u00a0!= '\\0' && *q\u00a0!= '\\n'; q++)\r\n<\/code><\/pre>\n\u6b21\u306b\u3001\u30d3\u30eb\u30c9\u3057\u307e\u3059\u3002<\/p>\n
# cd \/usr\/ports\/security\/ipsec-tools\r\n# make install clean<\/pre>\n
5. mpd5\u306e\u30d3\u30eb\u30c9<\/h3>\n
\u6b21\u306f\u3001mpd5\u306e\u30d3\u30eb\u30c9\u3067\u3059\u3002\u7279\u306b\u30d1\u30c3\u30c1\u3092\u5145\u3066\u308b\u5fc5\u8981\u306f\u5728\u308a\u307e\u305b\u3093\u3002<\/p>\n
# cd \/usr\/ports\/net\/mpd5\r\n# make install clean<\/pre>\n
6. racoon\u306e\u8a2d\u5b9a<\/h3>\n
\u6b21\u306b\u3001racoon\u306e\u8a2d\u5b9a\u3067\u3059\u3002<\/p>\n
# mkdir \/usr\/local\/etc\/racoon\r\n# vi \/usr\/local\/etc\/racoon\/racoon.conf<\/pre>\n
\u6b21\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u3092\u8a18\u5165\u3057\u307e\u3059\u3002\u305f\u3060\u3057\u30016\u301c7\u884c\u76ee\u306e”w.x.y.z”\u306f\u3001L2TP\u30b5\u30fc\u30d0\u306eIP\u30a2\u30c9\u30ec\u30b9(\u4f8b\u3048\u3070\u3001192.168.1.1)\u306b\u3057\u307e\u3059\u3002<\/p>\n
path pre_shared_key "\/usr\/local\/etc\/racoon\/psk.txt";\r\n\r\nlisten\r\n{\r\n # REPLACE w.x.y.z with the IP address racoon will listen on (if NAT translated, this is the INSIDE IP)\r\n isakmp w.x.y.z [500];\r\n isakmp_natt w.x.y.z [4500];\r\n strict_address;\r\n}\r\n\r\nremote anonymous\r\n{\r\n exchange_mode main;\r\n passive on;\r\n proposal_check obey;\r\n support_proxy on;\r\n nat_traversal on;\r\n ike_frag on;\r\n dpd_delay 20;\r\n\r\n proposal\r\n {\r\n encryption_algorithm aes;\r\n hash_algorithm sha1;\r\n authentication_method pre_shared_key;\r\n dh_group modp1024;\r\n }\r\n\r\n proposal\r\n {\r\n encryption_algorithm 3des;\r\n hash_algorithm sha1;\r\n authentication_method pre_shared_key;\r\n dh_group modp1024;\r\n }\r\n}\r\n\r\nsainfo anonymous\r\n{\r\n encryption_algorithm aes,3des;\r\n authentication_algorithm hmac_sha1;\r\n compression_algorithm deflate;\r\n pfs_group modp1024;\r\n}\r\n<\/code><\/pre>\n\u6b21\u306b\u3001pre-shared key\u3092\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n
# vi \/usr\/local\/etc\/racoon\/psk.txt<\/pre>\n
\u8a2d\u5b9a\u4f8b\u306f\u6b21\u306e\u901a\u308a\u3067\u3059\u3002\u5148\u982d\u306e”*”\u306f\u3001\u3069\u306eIP\u30a2\u30c9\u30ec\u30b9\u304b\u3089\u3067\u3082\u53d7\u3051\u4ed8\u3051\u308b\u70ba\u306e\u8a2d\u5b9a\u3067\u3059\u3002\u306a\u308b\u3079\u304f\u3001\u96e3\u3057\u3044\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u3057\u3066\u4e0b\u3055\u3044\u3002<\/p>\n
* thisismylongpassphrasedoyouliketurtles\r\n<\/code><\/pre>\n\u307e\u305f\u3001root\u4ee5\u5916\u304c\u8aad\u3081\u306a\u3044\u69d8\u306b\u3001permission\u3092\u8a2d\u5b9a\u3057\u3066\u4e0b\u3055\u3044\u3002<\/p>\n
# chmod 400 \/usr\/local\/etc\/racoon\/psk.txt<\/pre>\n
\u6b21\u306b\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30dd\u30ea\u30b7\u30fc\u3092\u66f8\u304d\u307e\u3059\u3002<\/p>\n
# vi \/usr\/local\/etc\/racoon\/setkey.conf<\/pre>\n
\u3053\u308c\u306f\u3001\u6b21\u306e\u901a\u308a\u3067\u3059\u3002\u5909\u66f4\u306e\u5fc5\u8981\u306f\u7121\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
flush;\r\nspdflush;\r\nspdadd 0.0.0.0\/0[0] 0.0.0.0\/0[1701] udp -P in ipsec esp\/transport\/\/require;\r\nspdadd 0.0.0.0\/0[1701] 0.0.0.0\/0[0] udp -P out ipsec esp\/transport\/\/require;\r\n<\/code><\/pre>\n7. mpd5\u306e\u8a2d\u5b9a<\/h3>\n
\u6b21\u306f\u3001mpd5\u306e\u8a2d\u5b9a\u3067\u3059\u3002<\/p>\n
# vi \/usr\/local\/etc\/mpd5\/mpd.conf<\/pre>\n
IP\u30a2\u30c9\u30ec\u30b9\u306f\u3001\u4f8b\u3048\u3070\u6b21\u306e\u69d8\u306b\u5909\u66f4\u3057\u3066\u4e0b\u3055\u3044\u3002<\/p>\n
- \n
- w.x.y.x … 192.168.1.1 (L2TP\u30b5\u30fc\u30d0)<\/li>\n
- w.x.y.from … 192.168.1.150 (\u5272\u308a\u5f53\u3066\u308bIP\u30a2\u30c9\u30ec\u30b9\u306e\u958b\u59cb\u756a\u53f7)<\/li>\n
- w.x.y.to … 192.168.1.199 (\u5272\u308a\u5f53\u3066\u308bIP\u30a2\u30c9\u30ec\u30b9\u306e\u7d42\u4e86\u756a\u53f7)<\/li>\n
- w.x.y.dns … 192.168.1.254 (DNS\u30b5\u30fc\u30d0)<\/li>\n<\/ul>\n
startup:\r\n # configure mpd users\r\n set user super pwSuper admin\r\n # configure the console\r\n set console self 127.0.0.1 5005\r\n set console open\r\n # configure the web server\r\n set web self 0.0.0.0 5006\r\n set web open\r\n\r\ndefault:\r\n load l2tp_server\r\n\r\nl2tp_server:\r\n# Define dynamic IP address pool - these are the IP addresses which will be\r\n# allocated to our remote clients when they join the LAN\r\n# REPLACE w.x.y.from - w.x.y.to with the IP addresses mpd5 will allocate IP address range.\r\n# e.g. set ippool add pool_l2tp w.x.y.150 w.x.y.199\r\n set ippool add pool_l2tp w.x.y.from w.x.y.to\r\n\r\n# Create clonable bundle template named B_l2tp\r\n create bundle template B_l2tp\r\n set iface enable proxy-arp\r\n set iface enable tcpmssfix\r\n set ipcp yes vjcomp\r\n# Specify IP address pool for dynamic assigment.\r\n # This is the internal IP and netmask of the box\r\n # REPLACE w.x.y.z with the IP address for your VPN server\r\n set ipcp ranges w.x.y.z\/24 ippool pool_l2tp\r\n # an accessible DNS server for clients to use\r\n # REPLACE w.x.y.dns with the IP address for your DNS server\r\n # e.g. set ipcp dns w.x.y.50\r\n set ipcp dns w.x.y.dns\r\n\r\n# Create clonable link template named L_l2tp\r\n create link template L_l2tp l2tp\r\n# Set bundle template to use\r\n set link action bundle B_l2tp\r\n# Multilink adds some overhead, but gives full 1500 MTU.\r\n set link enable multilink\r\n set link no pap chap eap\r\n set link enable chap\r\n set link keep-alive 0 0\r\n# We reducing link mtu to avoid ESP packet fragmentation.\r\n set link mtu 1280\r\n# Configure L2TP\r\n # REPLACE with the IP address racoon will listen on (if behind NAT, this is the INSIDE IP)\r\n # Unfortunately, you can not specify multiple IPs here, so just comment the next line if you need that\r\n set l2tp self w.x.y.z\r\n set l2tp enable length\r\n# Allow to accept calls\r\n set link enable incoming\r\n<\/code><\/pre>\n\u6b21\u306b\u3001IPSec\u3067VPN\u63a5\u7d9a\u3067\u304d\u308b\u30e6\u30fc\u30b6\u306e\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002<\/p>\n
# vi \/usr\/local\/etc\/mpd5\/mpd.secret<\/pre>\n
username password\r\n<\/code><\/pre>\nroot\u4ee5\u5916\u306b\u898b\u3048\u306a\u3044\u69d8\u306b\u3001permission\u3092\u8a2d\u5b9a\u3057\u3066\u304a\u304f\u306e\u3092\u304a\u5fd8\u308c\u306a\u304f\u3002<\/p>\n
# chmod 400 \/usr\/local\/etc\/mpd5\/mpd.secret<\/pre>\n
8. sysctl.conf\u306e\u8a2d\u5b9a<\/h3>\n
IP\u30d5\u30a9\u30ef\u30fc\u30c7\u30a3\u30f3\u30b0\u306e\u8a2d\u5b9a\u3092\u3057\u3066\u3044\u306a\u3051\u308c\u3070\u3001\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
# vi \/etc\/sysctl.conf<\/pre>\n
net.inet.ip.forwarding=1\r\nnet.inet6.ip6.forwarding=1\r\n<\/code><\/pre>\n9. rc.conf\u306e\u8a2d\u5b9a(2)<\/h3>\n
\u3044\u3088\u3044\u3088\u3001rc.conf\u306b\u8a2d\u5b9a\u3092\u66f8\u304d\u8fbc\u307f\u307e\u3059\u3002<\/p>\n
# vi \/etc\/rc.conf<\/pre>\n
# IPSec\r\nipsec_enable="YES"\r\nipsec_program="\/usr\/local\/sbin\/setkey"\r\nipsec_file="\/usr\/local\/etc\/racoon\/setkey.conf"\r\nracoon_enable="YES"\r\nracoon_flags="-l \/var\/log\/racoon.log"\r\nmpd_enable="YES"\r\n<\/code><\/pre>\n10. pf.conf\u306e\u8a2d\u5b9a<\/h3>\n
IPSec\u306e\u63a5\u7d9a\u306e\u305f\u3081\u306b\u306f\u3001\u30b5\u30fc\u30d0\u306eUDP\u30dd\u30fc\u30c8\u306e1701, 500, 4500\u3001\u304a\u3088\u3073ESP\u3092\u958b\u3051\u3066\u304a\u304f\u5fc5\u8981\u304c\u5728\u308a\u307e\u3059\u3002<\/p>\n
# vi \/etc\/pf.conf<\/pre>\n
\u4eba\u306b\u3088\u3063\u3066\u9055\u3046\u3068\u601d\u3044\u307e\u3059\u304c\u3001\u79c1\u306e\u5834\u5408\u306f\u3001\u6b21\u306e\u69d8\u306b\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002ext_if\u304c\u3001Ethernet\u306eI\/F\u540d\u306a\u306e\u3067\u3001ifconfig\u30b3\u30de\u30f3\u30c9\u3067\u8abf\u3079\u3066\u304a\u3044\u3066\u4e0b\u3055\u3044\u3002<\/p>\n
ext_if = "e0"\r\ntcp_services = "{22, 80, 443}"\r\npriv_nets = "{127.0.0.0\/8, 192.168.0.0\/16, 172.16.0.0\/12, 10.0.0.0\/8, 0.0.0.0, 255.255.255.255}"\r\nset block-policy drop\r\nset loginterface $ext_if\r\nscrub in all\r\nblock all\r\npass quick on lo0 all\r\n#antispoof log-all quick for $ext_if inet\r\npass in quick on $ext_if inet proto icmp from any icmp-type echoreq keep state\r\npass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S\/SA keep state\r\npass out quick on $ext_if proto tcp all modulate state flags S\/SA\r\npass out quick on $ext_if proto {udp, icmp} all keep state\r\n\r\npass in on $ext_if inet proto udp from any to (self) port { 1701, 500, 4500 }\r\npass in on $ext_if inet proto esp\r\n\r\n# There is a better way to do this with ifconfig groups - you're welcome to try getting\r\n# mpd5 to do that!\r\npass quick on $ext_if all\r\n<\/code><\/pre>\n11. \u30ea\u30d6\u30fc\u30c8<\/h3>\n
\u3053\u3053\u307e\u3067\u306e\u8a2d\u5b9a\u304c\u7d42\u4e86\u3057\u305f\u3089\u3001\u30ea\u30d6\u30fc\u30c8\u3057\u307e\u3059\u3002<\/p>\n
12. \u63a5\u7d9a\u30c6\u30b9\u30c8<\/h3>\n
\u6b21\u306f\u3001\u3044\u3088\u3044\u3088\u63a5\u7d9a\u30c6\u30b9\u30c8\u3067\u3059\u3002\u63a5\u7d9a\u30c6\u30b9\u30c8\u306f\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u90e8\u304b\u3089L2TP\u30b5\u30fc\u30d0\u3078\u306e\u63a5\u7d9a\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5916\u90e8\u304b\u3089L2TP\u30b5\u30fc\u30d0\u3078\u306e\u63a5\u7d9a\u306e\u30012\u6bb5\u968e\u3067\u5b9f\u9a13\u3057\u307e\u3059\u3002\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u90e8\u304b\u3089L2TP\u30b5\u30fc\u30d0\u3078\u306e\u63a5\u7d9a\u304c\u3067\u304d\u306a\u3044\u3068\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5916\u90e8\u304b\u3089\u306e\u63a5\u7d9a\u306f\u7d76\u5bfe\u306b\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n
12.1 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u90e8\u304b\u3089\u306e\u63a5\u7d9a\u30c6\u30b9\u30c8<\/h4>\n
\u30ea\u30d6\u30fc\u30c8\u5f8c\u3001\u65e2\u306bracoon\u3068mpd5\u306e\u30b5\u30fc\u30d3\u30b9\u304c\u52d5\u3044\u3066\u3044\u307e\u3059\u3002\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u76f4\u63a5\u898b\u305f\u3044\u306e\u3067\u3001\u3044\u3063\u305f\u3093\u30b5\u30fc\u30d3\u30b9\u3092\u6b62\u3081\u307e\u3059\u3002<\/p>\n
#\u00a0service racoon stop\r\n# service mpd5 stop<\/pre>\n
1\u756a\u76ee\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u3067\u3001\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n
# racoon -ddF<\/pre>\n
\u6b21\u306b\u30012\u756a\u76ee\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u3092\u958b\u304d\u307e\u3059\u30022\u756a\u76ee\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u3067\u3001\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n
# \/usr\/local\/sbin\/mpd5 -p \/var\/run\/mpd5.pid<\/pre>\n
\u3053\u306e\u72b6\u614b\u3067\u3001iOS\u30c7\u30d0\u30a4\u30b9\u7b49\u304b\u3089\u3001L2TP\u30b5\u30fc\u30d0\u306b\u63a5\u7d9a\u3057\u307e\u3059\u3002iOS\u30c7\u30d0\u30a4\u30b9\u306e\u8a2d\u5b9a\u65b9\u6cd5\u306f\u3001\u6b21\u306e\u8a18\u4e8b\u7b49\u3092\u3054\u89a7\u4e0b\u3055\u3044\u3002<\/p>\n
- \n
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7248Mac\u3092VPN\u30b5\u30fc\u30d0\u306b\u3059\u308b[\u8ffd\u8a18\u30fb\u8a02\u6b63\u3042\u308a]: \u30d7\u30e9\u30b9\u03b1\u7a7a\u9593<\/a> (2012\u5e742\u67088\u65e5)<\/em><\/li>\n<\/ul>\n
\u3082\u3057\u304b\u3059\u308b\u3068\u30013\u756a\u76ee\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u3092\u958b\u304f\u3068\u826f\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u30023\u756a\u76ee\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u3067\u306f\u3001tcpdump\u30b3\u30de\u30f3\u30c9\u3067\u3001L2TP\u30b5\u30fc\u30d0(192.168.1.1)\u3078\u306e\u901a\u4fe1\u3092\u89b3\u6e2c\u3057\u307e\u3059\u3002<\/p>\n
# tcpdump -n \\( udp or esp \\) and host 192.168.1.1<\/pre>\n
\u3053\u3053\u307e\u3067\u3067\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u90e8\u304b\u3089\u3001L2TP\u30b5\u30fc\u30d0\u306b\u63a5\u7d9a\u3067\u304d\u308b\u4e8b\u3092\u78ba\u8a8d\u3057\u3066\u4e0b\u3055\u3044\u3002<\/p>\n
12.2 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5916\u90e8\u304b\u3089\u306e\u63a5\u7d9a\u30c6\u30b9\u30c8<\/h4>\n
\u6b21\u306f\u3001\u3044\u3088\u3044\u3088\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5916\u90e8\u304b\u3089\u306e\u63a5\u7d9a\u30c6\u30b9\u30c8\u3067\u3059\u3002\u307e\u305a\u306f\u3001\u4f7f\u7528\u3057\u3066\u3044\u308b\u30eb\u30fc\u30bf\u306e\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002\u6b21\u306e\u30da\u30fc\u30b8\u7b49\u3092\u3054\u53c2\u8003\u306b\u3057\u3066\u4e0b\u3055\u3044\u3002<\/p>\n
- \n
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7248Mac\u3092VPN\u30b5\u30fc\u30d0\u306b\u3059\u308b[\u8ffd\u8a18\u30fb\u8a02\u6b63\u3042\u308a]: \u30d7\u30e9\u30b9\u03b1\u7a7a\u9593<\/a> (2012\u5e742\u67088\u65e5)<\/em><\/li>\n
- \u5149\u30dd\u30fc\u30bf\u30d6\u30ebPWR-Q200\u3067VPN: \u30d7\u30e9\u30b9\u03b1\u7a7a\u9593<\/a> (2012\u5e747\u670812\u65e5)<\/em><\/li>\n<\/ul>\n
\u57fa\u672c\u7684\u306b\u306f\u3001UDP\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u30dd\u30fc\u30c8\u306e500\u756a\u30684,500\u756a\u3001\u30d7\u30ed\u30c8\u30b3\u30eb\u756a\u53f751\u306850(ESP)\u306e\u5168\u90e8\u3092L2TP\u30b5\u30fc\u30d0\u306b\u8ee2\u9001\u3059\u308b\u69d8\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u30dd\u30fc\u30c8\u30de\u30c3\u30d4\u30f3\u30b0\u3084\u30dd\u30fc\u30c8\u89e3\u653e\u3068\u547c\u3070\u308c\u307e\u3059\u3002<\/p>\n
VPN\u30d1\u30b9\u30b9\u30eb\u30fc\u306e\u8a2d\u5b9a\u3082\u5fc5\u8981\u3067\u3059\u3002\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30eb\u30fc\u30bf\u306b\u3088\u3063\u3066\u3001\u8a2d\u5b9a\u65b9\u6cd5\u304c\u5168\u304f\u9055\u3046\u306e\u3067\u3001\u3054\u81ea\u5206\u3067\u304a\u8abf\u3079\u304f\u3060\u3055\u3044\u3002<\/p>\n
\u307e\u305f\u3001WAN\u5074\u304c\u30b0\u30ed\u30fc\u30d0\u30ebIP\u30a2\u30c9\u30ec\u30b9\u306b\u306a\u3063\u3066\u3044\u3066\u3082\u3001\u4e00\u822c\u7684\u306a\u5951\u7d04\u3067\u306f\u3001\u63a5\u7d9a\u6bce\u306b\u9055\u3046IP\u30a2\u30c9\u30ec\u30b9\u304c\u632f\u3089\u308c\u307e\u3059\u3002\u305d\u308c\u3067\u306f\u56f0\u308b\u306e\u3067\u3001\u30c0\u30a4\u30ca\u30df\u30c3\u30afDNS\u30b5\u30fc\u30d3\u30b9\u7b49\u3092\u4f7f\u3063\u3066\u3001\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002\u3053\u306e\u30c0\u30a4\u30ca\u30df\u30c3\u30afDNS\u30b5\u30fc\u30d3\u30b9\u3078\u306e\u63a5\u7d9a\u8a2d\u5b9a\u3082\u3001\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30eb\u30fc\u30bf\u306b\u3088\u3063\u3066\u3001\u5168\u304f\u9055\u3044\u307e\u3059\u3002\u3054\u81ea\u5206\u3067\u304a\u8abf\u3079\u304f\u3060\u3055\u3044\u3002<\/p>\n
\u30eb\u30fc\u30bf\u306e\u8a2d\u5b9a\u304c\u3067\u304d\u308c\u3070\u300112.1\u3067\u8a2d\u5b9a\u3057\u305f\u5185\u5bb9\u3067\u3001\u63a5\u7d9a\u5148\u3092\u5909\u66f4\u3059\u308b\u3060\u3051\u3067\u3001VPN\u63a5\u7d9a\u3067\u304d\u308b\u306f\u305a\u3067\u3059\u3002<\/p>\n
\u306a\u304a\u3001\u5b9f\u969b\u306eFreeBSD\u30de\u30b7\u30f3\u3067\u306a\u304f\u3066\u3082\u3001Parallels\u7b49\u306e\u4eee\u60f3\u74b0\u5883\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305fFreeBSD\u3067\u3082\u3001\u540c\u3058\u65b9\u6cd5\u3067L2TP\u30b5\u30fc\u30d0\u306b\u3059\u308b\u4e8b\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n
\u304a\u75b2\u308c\u3055\u307e\u3067\u3057\u305f\u3002<\/p>\n[amazonjs asin=\"B00CPG04JE\" locale=\"JP\"]\n","protected":false},"excerpt":{"rendered":"
\u4e00\u5fdc\u3001\u6b21\u306e\u8a2d\u5b9a\u3067\u5916\u51fa\u5148\u304b\u3089\u81ea\u5b85\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u3001VPN\u63a5\u7d9a\u3067\u304d\u3066\u3044\u307e\u3059\u3002 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7248Mac\u3092VPN\u30b5\u30fc\u30d0\u306b\u3059\u308b[\u8ffd\u8a18\u30fb\u8a02\u6b63\u3042\u308a] : \u30d7\u30e9\u30b9\u03b1\u7a7a\u9593 (2012\u5e742\u67088\u65e5) \u3067\u3059\u304c\u3001donation ware\u3067\u3059\u3002\u5bc4\u4ed8\u3057 […]<\/p>\n","protected":false},"author":1,"featured_media":16132,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"\u65b0\u3057\u3044\u8a18\u4e8b\u300eFreeBSD 9.1\u3092IPsec\u5bfe\u5fdcL2TP VPN\u30b5\u30fc\u30d0\u306b\u3059\u308b\u300f\u3092\u6295\u7a3f\u3057\u307e\u3057\u305f\u3002\u8aad\u3093\u3067\u3044\u305f\u3060\u3051\u308b\u3068\u5b09\u3057\u3044\u3067\u3059\u3002","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[60,32,34,5],"tags":[],"class_list":["post-6054","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-freebsd","category-ipad-ipod-iphone","category-mac","category-computer"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/oichinote.com\/plus\/files\/2015\/10\/20151014gatag-00000078.jpg","jetpack-related-posts":[{"id":2227,"url":"https:\/\/oichinote.com\/plus\/2012\/02\/macvpn-9fb1.html","url_meta":{"origin":6054,"position":0},"title":"\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7248Mac\u3092VPN\u30b5\u30fc\u30d0\u306b\u3059\u308b[\u8ffd\u8a18\u30fb\u8a02\u6b63\u3042\u308a]","author":"\u304a\u5e02\u306e\u304b\u305f","date":"2012\u5e742\u67088\u65e5","format":false,"excerpt":"iPad\/iPod touch\u306b\u306f\u3001VPN\u3067\u306e\u30a2\u30af\u30bb\u30b9\u6a5f\u80fd\u304c\u4ed8\u3044\u3066\u3044\u3066\u3044\u307e\u3059\u3002\u4f55\u3068\u304b\u3001VPN\u3092\u4f7f\u3063\u3066\u2026","rel":"","context":"iPad\/iPod\/iPhone","block_context":{"text":"iPad\/iPod\/iPhone","link":"https:\/\/oichinote.com\/plus\/category\/ipad-ipod-iphone"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/oichinote.com\/plus\/files\/img\/20120208vpn1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/oichinote.com\/plus\/files\/img\/20120208vpn1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/oichinote.com\/plus\/files\/img\/20120208vpn1.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":8086,"url":"https:\/\/oichinote.com\/plus\/2013\/05\/how-to-use-vpn-server-on-hikari-router.html","url_meta":{"origin":6054,"position":1},"title":"\u3072\u304b\u308a\u96fb\u8a71\u30eb\u30fc\u30bf\u306eVPN\u6a5f\u80fd\u3092\u5229\u7528\u3059\u308b","author":"\u304a\u5e02\u306e\u304b\u305f","date":"2013\u5e745\u670818\u65e5","format":false,"excerpt":"\u77e5\u3089\u306a\u3044\u9593\u306b\u3001\u3072\u304b\u308a\u96fb\u8a71\u30eb\u30fc\u30bf\u306b\u3001VPN\u6a5f\u80fd\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u78ba\u8a8d\u3057\u305f\u6240\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u554f\u984c\u306e\u3042\u2026","rel":"","context":"iPad\/iPod\/iPhone","block_context":{"text":"iPad\/iPod\/iPhone","link":"https:\/\/oichinote.com\/plus\/category\/ipad-ipod-iphone"},"img":{"alt_text":"VPN\u30a2\u30ab\u30a6\u30f3\u30c8\u5bfe\u5fdc","src":"https:\/\/i0.wp.com\/oichinote.com\/plus\/files\/2013\/05\/20130515vpn07-account-mapping.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":13472,"url":"https:\/\/oichinote.com\/plus\/2014\/11\/priority-of-network-on-os-x.html","url_meta":{"origin":6054,"position":2},"title":"OS X\u3067\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u512a\u5148\u9806\u4f4d\u8a2d\u5b9a","author":"\u304a\u5e02\u306e\u304b\u305f","date":"2014\u5e7411\u670828\u65e5","format":false,"excerpt":"\u5916\u51fa\u5148\u3067\u3001VPN\u63a5\u7d9a\u3057\u305f\u306e\u3067\u3059\u304c\u3001OS X\u304b\u3089\u51fa\u3066\u884c\u304fIP\u30a2\u30c9\u30ec\u30b9\u304c\u3001VPN\u3067\u7e4b\u3044\u3067\u3044\u308b\u81ea\u5b85\u304b\u3089\u306e\u30a2\u2026","rel":"","context":"Mac","block_context":{"text":"Mac","link":"https:\/\/oichinote.com\/plus\/category\/mac"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/oichinote.com\/plus\/files\/2014\/11\/20141128network-priority.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":9080,"url":"https:\/\/oichinote.com\/plus\/2013\/08\/challenging-on-qnap-ts-412.html","url_meta":{"origin":6054,"position":3},"title":"QNAP TS-412\u3067\u30c1\u30e3\u30ec\u30f3\u30b8\u3057\u305f\u4e8b","author":"\u304a\u5e02\u306e\u304b\u305f","date":"2013\u5e748\u670814\u65e5","format":false,"excerpt":"FreeBSD\u6a5f\u3092\u30b5\u30fc\u30d0\u306b\u3059\u308b\u524d\u306b\u3001QNAP\u306eTS-412\u3092\u30e1\u30a4\u30f3\u306e\u30b5\u30fc\u30d0\u306b\u3057\u3088\u3046\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u3002 \u2026","rel":"","context":"NAS","block_context":{"text":"NAS","link":"https:\/\/oichinote.com\/plus\/category\/nas"},"img":{"alt_text":"TS-412","src":"https:\/\/i0.wp.com\/oichinote.com\/plus\/files\/2013\/08\/20130814ts412.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":11930,"url":"https:\/\/oichinote.com\/plus\/2014\/05\/remoter-vnc-and-zatelnet.html","url_meta":{"origin":6054,"position":4},"title":"Remoter VNC\u3068zaTelnet","author":"\u304a\u5e02\u306e\u304b\u305f","date":"2014\u5e745\u670825\u65e5","format":false,"excerpt":"iOS\u306e\u30a2\u30d7\u30ea\u3067\u3001Remoter VNC\u3068zaTelnet\u3068\u8a00\u3046\u7269\u304c\u3042\u308a\u307e\u3059\u3002\u3069\u3061\u3089\u3082\u3001\u7d50\u69cb\u524d\u304b\u3089\u4f7f\u2026","rel":"","context":"FreeBSD","block_context":{"text":"FreeBSD","link":"https:\/\/oichinote.com\/plus\/category\/freebsd"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8920,"url":"https:\/\/oichinote.com\/plus\/2013\/08\/setting-dnsmasq-on-freebsd.html","url_meta":{"origin":6054,"position":5},"title":"FreeBSD\u306bDNSMASQ\u3092\u8a2d\u5b9a\u3059\u308b","author":"\u304a\u5e02\u306e\u304b\u305f","date":"2013\u5e748\u670812\u65e5","format":false,"excerpt":"NAS\u7528\u3068\u3057\u3066\u7d44\u307f\u4e0a\u3052\u305fFreeBSD\u6a5f\u306f\u3001\u5bb6\u5ead\u5185\u30b5\u30fc\u30d0\u3068\u3057\u3066\u3082\u4f7f\u3044\u307e\u3059\u3002 \u307e\u305a\u3001\u6291\u3048\u3066\u304a\u304d\u305f\u3044\u306e\u306f\u2026","rel":"","context":"iPad\/iPod\/iPhone","block_context":{"text":"iPad\/iPod\/iPhone","link":"https:\/\/oichinote.com\/plus\/category\/ipad-ipod-iphone"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/posts\/6054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/comments?post=6054"}],"version-history":[{"count":62,"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/posts\/6054\/revisions"}],"predecessor-version":[{"id":20692,"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/posts\/6054\/revisions\/20692"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/media\/16132"}],"wp:attachment":[{"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/media?parent=6054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/categories?post=6054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oichinote.com\/plus\/wp-json\/wp\/v2\/tags?post=6054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \u5149\u30dd\u30fc\u30bf\u30d6\u30ebPWR-Q200\u3067VPN: \u30d7\u30e9\u30b9\u03b1\u7a7a\u9593<\/a> (2012\u5e747\u670812\u65e5)<\/em><\/li>\n<\/ul>\n
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7248Mac\u3092VPN\u30b5\u30fc\u30d0\u306b\u3059\u308b[\u8ffd\u8a18\u30fb\u8a02\u6b63\u3042\u308a]: \u30d7\u30e9\u30b9\u03b1\u7a7a\u9593<\/a> (2012\u5e742\u67088\u65e5)<\/em><\/li>\n
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7248Mac\u3092VPN\u30b5\u30fc\u30d0\u306b\u3059\u308b[\u8ffd\u8a18\u30fb\u8a02\u6b63\u3042\u308a]: \u30d7\u30e9\u30b9\u03b1\u7a7a\u9593<\/a> (2012\u5e742\u67088\u65e5)<\/em><\/li>\n<\/ul>\n
- freebsd-questions: Re: Ping response: sendto: Permission denied<\/a><\/li>\n<\/ul>\n