-<HTML>\r
-\r
-<body bgcolor=#fafff0>\r
-\r
-<H3>Opengate History</H3>\r
-\r
-<DL>\r
-<DT>Ver.0.10 at 1999.8.30</DT>\r
-<DD>\r
-Scratch Version. In this version, Java applet is sent first, and the applet accept password.\r
-</DD>\r
-<DT>\r
-Ver.0.11 at 1999.9.19</DT>\r
-<DD>\r
-Stable Version. Reform program.\r
-</DD>\r
-<DT>\r
-Ver.0.12 at 1999.11.2</DT>\r
-<DD>\r
-Support firewalls IPF and ipfw.\r
-</DD>\r
-<DT>\r
-Ver.0.20 at 1999.9.16</DT>\r
-<DD>\r
-Abandoned version.\r
-</DD>\r
-<DT>\r
-Ver.0.30 at 1999.10.16</DT>\r
-<DD>\r
-Change to accept password with CGI. IPF support is discarded.\r
-</DD>\r
-<DT>\r
-Ver.0.31 at 1999.10.26</DT>\r
-<DD>\r
-Reform User Interface. Java applet shows own window.\r
-</DD>\r
-<DT>\r
-Ver.0.32 at 1999.11.1</DT>\r
-<DD>\r
-Support IPF.\r
-</DD>\r
-<DT>\r
-Ver.0.33 at 2000.6.17</DT>\r
-<DD>\r
-Support IP forwarding. Discard IPF support.\r
-</DD>\r
-<DT>\r
-Ver.0.40 at 2000.6.19</DT>\r
-<DD>\r
-Support multiple authentication servers.\r
-</DD>\r
-<DT>\r
-Ver.0.41 at 2000.6.23</DT>\r
-<DD>\r
-Add fuction to close firewall, when no packet passed for a while.\r
-</DD>\r
-<DT>\r
-Ver.0.42 at 2000.6.28</DT>\r
-<DD>\r
-Add function to close firewall at abnormal server termination.\r
-</DD>\r
-<DT>\r
-Ver.0.50 at 2000.12.11</DT>\r
-<DD>\r
-Add fuction to exchange hello message with terminal. Firewall is closed, when the client does not reply. Java output is included in html window.\r
-</DD>\r
-<DT>\r
-Ver.0.51 at 2000.12.22</DT>\r
-<DD>\r
-Support pop3 authentication.\r
-</DD>\r
-<DT>\r
-Ver.0.52a at 2001.1.19</DT>\r
-<DD>\r
-Exclusive execution of ipfw command.\r
-Deny multiple authentication requests from a terminal.\r
-Change the method to get Java connection address.\r
-Modify string sizes in the program.\r
-Many small modifications.\r
-</DD>\r
-<DT>\r
-Ver.0.52b at 2001.1.24</DT>\r
-<DD>\r
-Reform unp library.\r
-</DD>\r
-<DT>\r
-Ver.0.52c at 2001.1.26</DT>\r
-<DD>\r
-Add DEBUG flag. Modify Directory setting.\r
-</DD>\r
-<DT>\r
-Ver.0.52d at 2001.1.30</DT>\r
-<DD>\r
-Modify no packet time setting.\r
-</DD>\r
-<DT>\r
-Ver.0.52e at 2001.2.5</DT>\r
-<DD>\r
-Correct mistake comment. \r
-</DD>\r
-<DT>\r
-Ver.0.53a at 2001.2.7</DT>\r
-<DD>\r
-Directory setting is integrated in Makefile.\r
-Support logging MAC address.\r
-</DD>\r
-<DT>\r
-Ver.0.53b at 2001.2.8</DT>\r
-<DD>\r
-Add the check of null userID or password.\r
-</DD>\r
-<DT>\r
-Ver.0.53c at 2001.2.10</DT>\r
-<DD>\r
-Replace one accept window to two overlapped windows.\r
-</DD>\r
-<DT>\r
-Ver.0.53d at 2001.2.13</DT>\r
-<DD>\r
-Small modification on MAC address acquisition.\r
-</DD>\r
-<DT>\r
-Ver.0.54a at 2001.2.15</DT>\r
-<DD>\r
-Serious error(Ports are wasted in long execution) found and fixed. \r
-</DD>\r
-<DT>\r
-Ver.0.55a at 2001.3.19</DT>\r
-<DD>\r
-Show messages on JavaApplet field.\r
-</DD>\r
-<DT>\r
-Ver.0.56a at 2001.3.29</DT>\r
-<DD>\r
-Detach unp library (Many modifications in source) \r
-</DD>\r
-<DT>\r
-Ver.0.56b at 2001.4.14</DT>\r
-<DD>\r
-Modify document.(No modification in source)\r
-</DD>\r
-<DT>\r
-Ver.0.56c at 2001.4.24</DT>\r
-<DD>\r
-Reform HTML to improve authentication response time.(Modification in accept.html)\r
-</DD>\r
-<DT>\r
-Ver.0.56d at 2001.4.29</DT>\r
-<DD>\r
-Declaration of GPL. Add English documentations.(No modification in source)\r
-</DD>\r
-<DT>\r
-Ver.0.57a at 2001.5.10</DT>\r
-<DD>\r
-Remove loop at ipfw-delete. (Modification in comm-ipfw.c)\r
-</DD>\r
-<DT>\r
-Ver.0.57b at 2001.5.11</DT>\r
-<DD>\r
-Change Lockout time for ipfw exec. (Modification in opengatesrv.h)\r
-</DD>\r
-<DT>\r
-Ver.0.57c at 2001.5.25</DT>\r
-<DD>\r
-Put out message at Java/JavaScript disabled. (Modification in accept.html)\r
-</DD>\r
-<DT>\r
-Ver.0.57d at 2001.11.21</DT>\r
-<DD>\r
-Change timeout values (Modification in opengatesrv.h)\r
-</DD>\r
-<DT>\r
-Ver.0.57e at 2002.2.13</DT>\r
-<DD>\r
-Care for redirect error on IE (Modification in topindex.html)\r
-</DD>\r
-<DT>\r
-Ver.0.60a at 2002.6.17</DT>\r
-<DD>\r
-Add authentication protocols - RADIUS,PAM,POP3S (Modifications: Makefile, comm-auth.c, utilities.c, opengatesrv.h, opengatesrv.conf. Additions: auth-pam.c, auth-pop3s.c, auth-rad.c)\r
-</DD>\r
-<DT>\r
-Ver.0.60b at 2002.6.18</DT>\r
-<DD>\r
-Add comments.\r
-</DD>\r
-<DT>\r
-Ver.0.70a at 2002.6.19</DT>\r
-<DD>\r
-Modify to control multi-language environment (Modifications: Makefile, comm-cgi.c *.html Opengate.java)\r
-</DD>\r
-<DT>\r
-Ver.0.71a at 2002.6.24</DT>\r
-<DD>\r
-Refine installation procedure (Modifications: Makefile, comm-cgi.c *.html)\r
-</DD>\r
-<DT>\r
-Ver.0.72a at 2002.7.1</DT>\r
-<DD>\r
-Messages are terminated with CR and LF (Modifications: comm-cgi.c Opengate.java)\r
-</DD>\r
-<DT>\r
-Ver.0.73a at 2002.7.4</DT>\r
-<DD>\r
-Add jar(java archive) file, modify some documents (Modifications: comm-cgi.c Makefile Add: Opengate.jar)\r
-</DD>\r
-<DT>\r
-Ver.0.73b at 2002.7.10</DT>\r
-<DD>\r
-Recover error messages added in Ver.0.57c but forgotten in Ver.0.70a (Modifications: accept.html)\r
-</DD>\r
-<DT>\r
-Ver.0.73c at 2002.7.12</DT>\r
-<DD>\r
-Changes in some documents\r
-</DD>\r
-<DT>\r
-Ver.0.73d at 2002.7.15</DT>\r
-<DD>\r
-More careful detaching from web server. (Modifications: main.c comm-cgi.c) \r
-</DD>\r
-<DT>\r
-Ver.0.73e at 2002.8.7</DT>\r
-<DD>\r
-Fix a serious bug in java applet entered at Ver.0.70a. The applet did not return hello to hello request in english message mode.(Modifications: Opengate.java)\r
-Save index.html created at web server installation. (Modifications: Makefile)\r
-</DD>\r
-<DT>\r
-Ver.0.80a at 2002.8.19</DT>\r
-<DD>\r
-Add perl script for more flexible firewall control(Modifications: main.c comm-ipfw.c opengatesrv.h Makefile, Additions: conf/opengatefw.pl)\r
-Fix a small mistake at debug mode (Modifications: auth-pam.c)\r
-Modify installation procecure. Opengate directory can be set in Makefile(Modifications: Makefile, *.html). Add document to describe the system flow (Additions: doc/progflow.html).\r
-</DD>\r
-<DT>\r
-Ver.0.80b at 2002.8.26</DT>\r
-<DD>\r
-Fix a bug at checking overlapped request (Modifications: comm-ipfw.c)\r
-</DD>\r
-<DT>\r
-Ver.0.81a at 2002.8.26</DT>\r
-<DD>\r
-Add link to close network available at No-java mode (Modifications: accept.html, Makefile, comm-cgi.c, comm-java.c, main.c ,opengatesrv.h)\r
-</DD>\r
-<DT>\r
-Ver.0.81b at 2002.8.27</DT>\r
-<DD>\r
-Remove userid from terminate link string (Modifications: comm-cgi.c, comm-java.c), Modify accept page design (Modifications: accept.html)\r
-</DD>\r
-<DT>\r
-Ver.0.81c at 2002.9.5</DT>\r
-<DD>\r
-Version up is mistaked. Removed.\r
-</DD>\r
-<DT>\r
-Ver.0.81d at 2002.9.9</DT>\r
-<DD>\r
-Fix a mistake about URL string in a HTML file. (Modifications: ja/accept.html)\r
-Remove reference HTML document from archive. Add description about maxuser=0 in installation document.\r
-</DD>\r
-<DT>\r
-Ver.0.81e at 2002.9.10</DT>\r
-<DD>\r
-Add checking for execl failure (Modifications: comm-ipfw.c, comm-arp.c, main.c)\r
-</DD>\r
-<DT>\r
-Ver.0.82a at 2002.9.25</DT>\r
-<DD>\r
-Add skeleton routine to get user property (Modifications: opengatesrv.h, Makefile, main.c, comm-ipfw.c, opengatefw.pl, Additions: comm-userdb.c)\r
-</DD>\r
-<DT>\r
-Ver.0.83a at 2002.10.7</DT>\r
-<DD>\r
-Permit no reply to hello more than one time (Modifications: comm-java.c, opengatesrv.h)\r
-</DD>\r
-<DT>\r
-Ver.0.83b at 2003.1.6</DT>\r
-<DD>\r
-Add documentation about maximum number of TCP connections (Modifications: install.html, install-e.html)\r
-</DD>\r
-<DT>\r
-Ver.0.90a at 2003.5.6</DT>\r
-<DD>\r
-Add duration input field in auth page for the demand of long usage without java. To cope with hijacking and notting, mac-address and packet-count are checked periodically. (Modifications: index.html, index-ssl.html, accept.html, comm-cgi.c comm-java.c, comm-arp.c, main.c, opengatesrv.h)\r
-</DD>\r
-<DT>\r
-Ver.0.90b at 2003.5.7</DT>\r
-<DD>\r
-Reset the DEBUG option. It was misset in the previous version.(Modification: opengatesrv.h)\r
-</DD>\r
-<DT>\r
-Ver.0.90c at 2003.5.15</DT>\r
-<DD>\r
-Simplify the logic.(Modification: comm-java.c)\r
-</DD>\r
-<DT>\r
-Ver.0.90d at 2003.8.27</DT>\r
-<DD>\r
-Change message in auth page.(Modification: index.html, index-ssl.html)\r
-</DD>\r
-<DT>\r
-Ver.0.90e at 2003.9.24</DT>\r
-<DD>\r
-Display (firewall-rule-Number,userID,IPaddress) in process title.(Modification: main.c)\r
-</DD>\r
-<DT>\r
-Ver.0.90f at 2003.9.25</DT>\r
-<DD>\r
-Add documentation(Modification: errcheck.html,errcheck-e.html)\r
-</DD>\r
-<DT>\r
-Ver.0.90g at 2003.11.28</DT>\r
-<DD>\r
-Fix PAM-include error occured on FreeBSD 5 (Modification: auth-pam.c)\r
-</DD>\r
-<DT>\r
-Ver.0.90h at 2003.12.8</DT>\r
-<DD>\r
-Fix Applet-NoReply error occured on some browsers at removing applet page. Modify install document (Modification: Opengate.java and the compiled files, install.html,install-e.html)\r
-</DD>\r
-<DT>\r
-Ver.0.90i at 2003.12.16</DT>\r
-<DD>\r
-Modify parameters and documentations (Modification: opengatesrv.h, makefile, index.html, index-ssl.html, accept.html, accept2.html, install.html, install-e.html, qa.html, qa-e.html, errcheck.html, errcheck-e.html)\r
-</DD>\r
-<DT>\r
-Ver.0.90j at 2004.9.21</DT>\r
-<DD>\r
-Fix communication error occured in some pop3/pop3s server (Modification: comm-auth.c, auth-pop3s.c)\r
-</DD>\r
-<DT>\r
-Ver.0.90k at 2005.2.3</DT>\r
-<DD>\r
-Add links in accept.html to cope with popup-blocked and java-optional browser (Modification: accept.html)\r
-</DD>\r
-<DT>\r
-Ver.0.90l at 2005.2.4</DT>\r
-<DD>\r
-Fix communication error with ftpserver sent back multi-line greeting. Add error reporting code at fork/exec (Modification:comm-auth.c, comm-ipfw.c)\r
-</DD>\r
-<DT>\r
-Ver.0.90m at 2005.2.7</DT>\r
-<DD>\r
-Add error check code for ipfw response (Modification:comm-ipfw.c)\r
-</DD>\r
-<DT>\r
-Ver.0.90n at 2005.3.21</DT>\r
-<DD>\r
-Add no-cache option in authentication pages (Modification:index.html, index-ssl.html)\r
-</DD>\r
-<DT>\r
-Ver.1.0.0 at 2005.5.21</DT>\r
-<DD>\r
-Stable version is released (Modification;README)\r
-</DD>\r
-<DT>\r
-Ver.1.1.0 at 2005.5.27</DT>\r
-<DD>\r
-Add many parameters in conf file. Add programs for test. (Addition;get-param.c,test-get-param.c,test-comm-auth.c,test-comm-ipfw.c,test-comm-java.c,test-console.sh Modification;README,main.c,comm-auth.c,comm-ipwf.c,comm-java.c,Makefile)\r
-</DD>\r
-<DT>\r
-Ver.1.1.1 and 1.0.1 at 2005.5.30</DT>\r
-<DD>\r
-Recompile Java Applet with option '-target 1.1' to be compatible with MicrosoftVM (Modification: Opengate.class, OpengateClient.class, Opengate.jar)\r
-</DD>\r
-<DT>\r
-Ver.1.1.2 at 2005.7.13</DT>\r
-<DD>\r
-Comment out server parameter setting in config file (modification:opengatesrv.conf) \r
-</DD>\r
-<DT>\r
-Ver.1.1.3 at 2005.12.1</DT>\r
-<DD>\r
-Fix Error at executing the child process, Thanks to k.Eguchi and S.Uematsu (modification:comm-java.c, opengatefw.pl)\r
-</DD>\r
-<DT>\r
-Ver.1.2.0 at 2005.12.2</DT>\r
-<DD>\r
-Add IPv6 support [contributed by K.Eguchi]\r
-</DD>\r
-<DT>\r
-Ver.1.2.1 at 2005.12.15</DT>\r
-<DD>\r
-Change NDP command option to be recognized by new NDP [contributed by K.Eguchi]\r
-</DD>\r
-<DT>\r
-Ver.1.2.2 at 2006.1.6</DT>\r
-<DD>\r
-Fix an error when a cgi has no argument. Add MRTG function [contributed by K.Eguchi]\r
-</DD>\r
-<DT>\r
-Ver.1.1.4 and Ver.1.2.3 at 2006.2.2</DT>\r
-<DD>\r
-Add FTPS authentication.\r
-</DD>\r
-<DT>\r
-Ver.1.2.4 at 2006.3.14</DT>\r
-<DD>\r
-Modify documentations and comments.\r
-</DD>\r
-<DT>\r
-Ver.1.3.0 at 2006.3.22</DT>\r
-<DD>\r
-Change address acquisition method for IPv4/IPv6 dual stack and others.\r
-</DD>\r
-<DT>\r
-Ver.1.3.1 at 2006.3.27</DT>\r
-<DD>\r
-Simplify logics. Modify rulechk script.\r
-</DD>\r
-<DT>\r
-Ver.1.3.2 at 2006.4.3</DT>\r
-<DD>\r
-Change Config file to XML form. almost all parameters can be set in the file.\r
-</DD>\r
-<DT>\r
-Ver.1.3.3 at 2006.4.7</DT>\r
-<DD>\r
-Put back syslog setting to fixed value, and some bugs are fixed.\r
-</DD>\r
-<DT>\r
-Ver.1.3.4 at 2006.4.11</DT>\r
-<DD>\r
-Change accept page description.\r
-</DD>\r
-<DT>\r
-Ver.1.3.5 at 2006.4.13</DT>\r
-<DD>\r
-Modify the errcheck and qa documentations. Add time information in address encoding. Add retry information page.\r
-</DD>\r
-<DT>\r
-Ver.1.3.6 at 2006.4.14</DT>\r
-<DD>\r
-Change syslog setting to config file, and some bugs are fixed.\r
-</DD>\r
-<DT>\r
-Ver.1.3.7 at 2006.4.20</DT>\r
-<DD>\r
-Add code and info to cope with abnormal actions, and some bugs are fixed.\r
-</DD>\r
-<DT>\r
-Ver.1.3.8 at 2006.4.26</DT>\r
-<DD>\r
-Add code to remove overlapped rules and processes.\r
-</DD>\r
-<DT>\r
-Ver.1.3.9 at 2006.4.27</DT>\r
-<DD>\r
-Modify Java Applet to display long message.\r
-</DD>\r
-<DT>\r
-Ver.1.3.10 at 2006.5.1</DT>\r
-<DD>\r
-Add userID pattern-match function. Fix bug at checking parameters.\r
-</DD>\r
-<DT>\r
-Ver.1.3.11 at 2006.5.3</DT>\r
-<DD>\r
-Add code to match the duration max value in conf file with auth page.\r
-</DD>\r
-<DT>\r
-Ver.1.3.12 at 2006.5.12</DT>\r
-<DD>\r
-Change link in deny page from external site to auth page.\r
-</DD>\r
-<DT>\r
-Ver.1.3.13 at 2006.5.17</DT>\r
-<DD>\r
-Use FILE and LINE macro in error message. Fix abnormal termination bugs.\r
-</DD>\r
-<DT>\r
-Ver.1.3.14 at 2006.5.23</DT>\r
-<DD>\r
-Remove close-error message. Modify QA document.\r
-</DD>\r
-<DT>\r
-Ver.1.3.15 at 2006.10.14</DT>\r
-<DD>\r
-Fix browser's long waiting after sending accept page. And other small bugs.\r
-</DD>\r
-<DT>\r
-Ver.1.4.0 at 2006.10.16</DT>\r
-<DD>\r
-Add client watch with http keep-alive, which is the alternate to the watch with java applet. Use carefully, as this is a preliminary release.\r
-</DD>\r
-<DT>\r
-Ver.1.4.1 at 2006.10.18</DT>\r
-<DD>\r
-Change JavaScript to run on some systems.\r
-</DD>\r
-<DT>\r
-Ver.1.4.2 at 2006.10.19</DT>\r
-<DD>\r
-Ingore Http watch mode on HTTP/1.0 browser.\r
-</DD>\r
-<DT>\r
-Ver.1.4.3 at 2006.10.20</DT>\r
-<DD>\r
-Move JavaScript from html-file to external js-file. Modify some message.\r
-</DD>\r
-<DT>\r
-Ver.1.4.4 at 2006.10.25</DT>\r
-<DD>\r
-Add automatic start of java applet at failing http keep-alive. Modify http-get format. Add session-id. Fix read bug.\r
-</DD>\r
-<DT>\r
-Ver.1.4.5 at 2006.10.28</DT>\r
-<DD>\r
-Add function to indicate disable clients for http/java watch. \r
-</DD>\r
-<DT>\r
-Ver.1.4.6 at 2006.11.11</DT>\r
-<DD>\r
-Change dir mode to install properly. Add mac check. Fix small bugs. \r
-</DD>\r
-<DT>\r
-Ver.1.4.7 at 2006.11.18</DT>\r
-<DD>\r
-Fix small bugs and modify pages. Add processing time measurement for research.\r
-</DD>\r
-<DT>\r
-Ver.1.4.8 at 2006.11.19</DT>\r
-<DD>\r
-Fix small bugs and modify pages and measurement items.\r
-</DD>\r
-<DT>\r
-Ver.1.4.9 at 2006.12.20</DT>\r
-<DD>\r
-Change hello timing control from client side to server side.\r
-</DD>\r
-<DT>\r
-Ver.1.4.10 at 2006.12.26</DT>\r
-<DD>\r
-Change parameter's name and value in config file.\r
-</DD>\r
-<DT>\r
-Ver.1.4.11 at 2007.2.2</DT>\r
-<DD>\r
-Add ldap/ldaps authentication. Fix malfunction in exceptional terminals.\r
-</DD>\r
-<DT>\r
-Ver.1.4.12 at 2007.2.4</DT>\r
-<DD>\r
-Remove watch-mode selection in authenticaion page.\r
-</DD>\r
-<DT>\r
-Ver.1.4.13 at 2007.2.17</DT>\r
-<DD>\r
-Change to select time watch mode when the duraion value is entered.\r
-</DD>\r
-<DT>\r
-Ver.1.4.14 at 2007.3.2</DT>\r
-<DD>\r
-Fix bug at IPv6 disabled. Shorten the default duration at time watch mode.\r
-</DD>\r
-<DT>\r
-Ver.1.4.15 at 2007.3.22</DT>\r
-<DD>\r
-Fix bug at dumping micro-second time information. \r
-</DD>\r
-<DT>\r
-Ver.1.4.16 at 2007.4.16</DT>\r
-<DD>\r
-Fix bug for delayed favicon.ico request occured on IE7.\r
-</DD>\r
-<DT>\r
-Ver.1.4.17 at 2007.4.18</DT>\r
-<DD>\r
-Refine the bug fix of favicon.ico error.\r
-</DD>\r
-<DT>\r
-Ver.1.4.18 at 2007.4.23</DT>\r
-<DD>\r
-Add favicon.ico installation.\r
-</DD>\r
-<DT>\r
-Ver.1.4.19 at 2007.5.24</DT>\r
-<DD>\r
-Modify control of favicon.ico.\r
-</DD>\r
-<DT>\r
-Ver.1.4.20 at 2007.6.1</DT>\r
-<DD>\r
-Modify web pages to guide the users to the right way.\r
-</DD>\r
-<DT>\r
-Ver.1.4.21 at 2007.6.14</DT>\r
-<DD>\r
-Modify Makefile and install document. Abort at unloading the httpkeep page.\r
-</DD>\r
-<DT>\r
-Ver.1.4.22 at 2007.6.26</DT>\r
-<DD>\r
-Remove ipfw pass rule for established packets.\r
-</DD>\r
-<DT>\r
-Ver.1.4.23 at 2007.7.2</DT>\r
-<DD>\r
-Add config setting for multiple auth servers and auth server timeout.\r
-</DD>\r
-<DT>\r
-Ver.1.4.24 at 2007.11.28</DT>\r
-<DD>\r
-Add seteuid control. Show auto time setting in auth page.\r
-</DD>\r
-<DT>\r
-Ver.1.4.25 at 2007.12.21</DT>\r
-<DD>\r
-Fix typo in Makefile (change from Lockfile to LockFile).\r
-</DD>\r
-<DT>\r
-Ver.1.4.26 at 2008.2.29</DT>\r
-<DD>\r
-Fix error in 64 bits machine.\r
-</DD>\r
-<DT>\r
-Ver.1.4.27 at 2008.3.3</DT>\r
-<DD>\r
-Fix error in setting the default pam service name. Fix previous fix.\r
-</DD>\r
-<DT>\r
-Ver.1.4.28 at 2008.3.8</DT>\r
-<DD>\r
-Fix error in pam authentication.\r
-</DD>\r
-<DT>\r
-Ver.1.4.29 at 2008.3.17</DT>\r
-<DD>\r
-Add code into perl script to prevent multiple login.\r
-</DD>\r
-<DT>\r
-Ver.1.4.30 at 2008.3.18</DT>\r
-<DD>\r
-Fix error in tools/mrtg.\r
-</DD>\r
-<DT>\r
-Ver.1.4.31 at 2008.4.10</DT>\r
-<DD>\r
-Modify ReconnectTimeout value in conf to fix disconnection in some browsers.\r
-</DD>\r
-<DT>\r
-Ver.1.4.32 at 2008.5.22</DT>\r
-<DD>\r
-Fix segmentation-fault in opengatefwd.\r
-</DD>\r
-<DT>\r
-Ver.1.4.33 at 2008.5.29</DT>\r
-<DD>\r
-Fix install documentation.\r
-</DD>\r
-<DT>\r
-Ver.1.4.34 at 2008.6.27</DT>\r
-<DD>\r
-Remove ip6fw in default. \r
-</DD>\r
-<DT>\r
-Ver.1.4.35 at 2008.7.9</DT>\r
-<DD>\r
-Fix browser's hangup at closing. \r
-</DD>\r
-<DT>\r
-Ver.1.4.36 at 2008.7.17</DT>\r
-<DD>\r
-Change value of ActiveCheckInterval. Modify install.html. \r
-</DD>\r
-<DT>\r
-Ver.1.4.37 at 2009.8.18</DT>\r
-<DD>\r
-Fix Radius error. \r
-</DD>\r
-\r
-</DL>\r
-<b>Please see CVS in SourceForge.net to check the file difference between versions.</b>\r
-</BODY>\r
-</HTML>\r
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML>
+<HEAD>
+ <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
+ <TITLE></TITLE>
+ <META NAME="GENERATOR" CONTENT="OpenOffice.org 3.0 (Linux)">
+ <META NAME="CREATED" CONTENT="0;0">
+ <META NAME="CHANGED" CONTENT="20090824;17035200">
+ <META NAME="Info 1" CONTENT="">
+ <META NAME="Info 2" CONTENT="">
+ <META NAME="Info 3" CONTENT="">
+ <META NAME="Info 4" CONTENT="">
+</HEAD>
+<BODY LANG="en-US" BGCOLOR="#fafff0" DIR="LTR">
+
+<H3>
+Opengate History</H3>
+<DL>
+ <DT>Ver.0.10 at 1999.8.30
+ </DT><DD>
+ Initial Version. In this version, the Java applet is sent first and
+ the applet accepts the password.
+ </DD><DT>
+ Ver.0.11 at 1999.9.19
+ </DT><DD>
+ Stable Version. Reformed program.
+ </DD><DT>
+ Ver.0.12 at 1999.11.2
+ </DT><DD>
+ Support firewalls IPF and IPFW.
+ </DD><DT>
+ Ver.0.20 at 1999.9.16
+ </DT><DD>
+ Abandoned version.
+ </DD><DT>
+ Ver.0.30 at 1999.10.16
+ </DT><DD>
+ Changed to accept password with CGI. IPF support is discarded.
+ </DD><DT>
+ Ver.0.31 at 1999.10.26
+ </DT><DD>
+ Reformed User Interface. Java applet shows own window.
+ </DD><DT>
+ Ver.0.32 at 1999.11.1
+ </DT><DD>
+ Support for IPF.
+ </DD><DT>
+ Ver.0.33 at 2000.6.17
+ </DT><DD>
+ Support for IP forwarding. Discarded IPF support.
+ </DD><DT>
+ Ver.0.40 at 2000.6.19
+ </DT><DD>
+ Support for multiple authentication servers.
+ </DD><DT>
+ Ver.0.41 at 2000.6.23
+ </DT><DD>
+ Added function to close firewall when no packets were passed for a
+ set timespan.
+ </DD><DT>
+ Ver.0.42 at 2000.6.28
+ </DT><DD>
+ Added function to close firewall on abnormal server termination.
+ </DD><DT>
+ Ver.0.50 at 2000.12.11
+ </DT><DD>
+ Added function to exchange hello message with terminal. Firewall is
+ closed, when the client does not reply. Java output is included in
+ html window.
+ </DD><DT>
+ Ver.0.51 at 2000.12.22
+ </DT><DD>
+ Support for POP3 authentication.
+ </DD><DT>
+ Ver.0.52a at 2001.1.19
+ </DT><DD>
+ Exclusive execution of ipfw command. Deny multiple authentication
+ requests from a terminal. Change the method to get Java connection
+ address. Modified string sizes in the program. Many small
+ modifications.
+ </DD><DT>
+ Ver.0.52b at 2001.1.24
+ </DT><DD>
+ Reformed UNP library.
+ </DD><DT>
+ Ver.0.52c at 2001.1.26
+ </DT><DD>
+ Added DEBUG flag. Modified Directory setting.
+ </DD><DT>
+ Ver.0.52d at 2001.1.30
+ </DT><DD>
+ Modified no packet time setting.
+ </DD><DT>
+ Ver.0.52e at 2001.2.5
+ </DT><DD>
+ Corrected wrong comment.
+ </DD><DT>
+ Ver.0.53a at 2001.2.7
+ </DT><DD>
+ Directory setting integrated in Makefile. Support for logging MAC
+ address.
+ </DD><DT>
+ Ver.0.53b at 2001.2.8
+ </DT><DD>
+ Added check for empty userID or password.
+ </DD><DT>
+ Ver.0.53c at 2001.2.10
+ </DT><DD>
+ Replaced one accept window to two overlapping windows.
+ </DD><DT>
+ Ver.0.53d at 2001.2.13
+ </DT><DD>
+ Small modification on MAC address acquisition.
+ </DD><DT>
+ Ver.0.54a at 2001.2.15
+ </DT><DD>
+ Serious error (Ports destroyed during long execution) found and
+ fixed.
+ </DD><DT>
+ Ver.0.55a at 2001.3.19
+ </DT><DD>
+ Show messages in JavaApplet field.
+ </DD><DT>
+ Ver.0.56a at 2001.3.29
+ </DT><DD>
+ Detached UNP library (Many modifications to source)
+ </DD><DT>
+ Ver.0.56b at 2001.4.14
+ </DT><DD>
+ Modified document. (No modification to source)
+ </DD><DT>
+ Ver.0.56c at 2001.4.24
+ </DT><DD>
+ Reformed HTML to improve authentication response time. (Modification
+ to accept.html)
+ </DD><DT>
+ Ver.0.56d at 2001.4.29
+ </DT><DD>
+ Declaration of GPL. Added English documentation. (No modification to
+ source)
+ </DD><DT>
+ Ver.0.57a at 2001.5.10
+ </DT><DD>
+ Removed loop in ipfw-delete. (Modification to comm-ipfw.c)
+ </DD><DT>
+ Ver.0.57b at 2001.5.11
+ </DT><DD>
+ Changed Lockout time for ipfw exec. (Modification to opengatesrv.h)
+ </DD><DT>
+ Ver.0.57c at 2001.5.25
+ </DT><DD>
+ Display message when Java/JavaScript is disabled. (Modification to
+ accept.html)
+ </DD><DT>
+ Ver.0.57d at 2001.11.21
+ </DT><DD>
+ Changed timeout values (Modification to opengatesrv.h)
+ </DD><DT>
+ Ver.0.57e at 2002.2.13
+ </DT><DD>
+ Fixed redirect error in IE (Modification to topindex.html)
+ </DD><DT>
+ Ver.0.60a at 2002.6.17
+ </DT><DD>
+ Added authentication protocols: RADIUS, PAM, POP3S (Modifications:
+ Makefile, comm-auth.c, utilities.c, opengatesrv.h, opengatesrv.conf.
+ Additions: auth-pam.c, auth-pop3s.c, auth-rad.c)
+ </DD><DT>
+ Ver.0.60b at 2002.6.18
+ </DT><DD>
+ Added comments.
+ </DD><DT>
+ Ver.0.70a at 2002.6.19
+ </DT><DD>
+ Modified to control multi-language environment (Modifications:
+ Makefile, comm-cgi.c *.html Opengate.java)
+ </DD><DT>
+ Ver.0.71a at 2002.6.24
+ </DT><DD>
+ Refined installation procedure (Modifications: Makefile, comm-cgi.c
+ *.html)
+ </DD><DT>
+ Ver.0.72a at 2002.7.1
+ </DT><DD>
+ Messages are terminated with CR and LF (Modifications: comm-cgi.c
+ Opengate.java)
+ </DD><DT>
+ Ver.0.73a at 2002.7.4
+ </DT><DD>
+ Added jar (java archive) file, modified some documents
+ (Modifications: comm-cgi.c Makefile Add: Opengate.jar)
+ </DD><DT>
+ Ver.0.73b at 2002.7.10
+ </DT><DD>
+ Recovery of error messages added in Ver.0.57c but forgotten in
+ Ver.0.70a (Modifications: accept.html)
+ </DD><DT>
+ Ver.0.73c at 2002.7.12
+ </DT><DD>
+ Changed some documents
+ </DD><DT>
+ Ver.0.73d at 2002.7.15
+ </DT><DD>
+ More careful detaching from web server. (Modifications: main.c
+ comm-cgi.c)
+ </DD><DT>
+ Ver.0.73e at 2002.8.7
+ </DT><DD>
+ Fixed a serious bug in java applet introduced in Ver.0.70a. The
+ applet did not return hello to hello request in English message
+ mode.(Modifications: Opengate.java) Save index.html created during
+ web server installation. (Modifications: Makefile)
+ </DD><DT>
+ Ver.0.80a at 2002.8.19
+ </DT><DD>
+ Added Perl script for more flexible firewall control (Modifications:
+ main.c comm-ipfw.c opengatesrv.h Makefile, Additions:
+ conf/opengatefw.pl) Fixed a small mistake in debug mode
+ (Modifications: auth-pam.c) Modified installation procedure.
+ Opengate directory can be set in Makefile (Modifications: Makefile,
+ *.html). Added document to describe the system flow (Additions:
+ doc/progflow.html).
+ </DD><DT>
+ Ver.0.80b at 2002.8.26
+ </DT><DD>
+ Fixed a bug for checking overlapping requests (Modifications:
+ comm-ipfw.c)
+ </DD><DT>
+ Ver.0.81a at 2002.8.26
+ </DT><DD>
+ Added link to close network in No-java mode (Modifications:
+ accept.html, Makefile, comm-cgi.c, comm-java.c, main.c
+ ,opengatesrv.h)
+ </DD><DT>
+ Ver.0.81b at 2002.8.27
+ </DT><DD>
+ Removed userid from terminate link string (Modifications:
+ comm-cgi.c, comm-java.c), Modified accept page design
+ (Modifications: accept.html)
+ </DD><DT>
+ Ver.0.81c at 2002.9.5
+ </DT><DD>
+ Faulted Version. Removed.
+ </DD><DT>
+ Ver.0.81d at 2002.9.9
+ </DT><DD>
+ Fixed a mistake in URL string in HTML file. (Modifications:
+ ja/accept.html) Removed reference HTML document from archive. Added
+ description for maxuser=0 in installation document.
+ </DD><DT>
+ Ver.0.81e at 2002.9.10
+ </DT><DD>
+ Added checking for execl failure (Modifications: comm-ipfw.c,
+ comm-arp.c, main.c)
+ </DD><DT>
+ Ver.0.82a at 2002.9.25
+ </DT><DD>
+ Added skeleton routine to get user properties (Modifications:
+ opengatesrv.h, Makefile, main.c, comm-ipfw.c, opengatefw.pl,
+ Additions: comm-userdb.c)
+ </DD><DT>
+ Ver.0.83a at 2002.10.7
+ </DT><DD>
+ Do not permit reply to hello more than once (Modifications:
+ comm-java.c, opengatesrv.h)
+ </DD><DT>
+ Ver.0.83b at 2003.1.6
+ </DT><DD>
+ Add documentation about maximum number of TCP connections
+ (Modifications: install.html, install-e.html)
+ </DD><DT>
+ Ver.0.90a at 2003.5.6
+ </DT><DD>
+ Added duration input field in auth page, allowing prolonged usage
+ without java. To cope with hijacking and notting, mac-address and
+ packet-count are checked periodically. (Modifications: index.html,
+ index-ssl.html, accept.html, comm-cgi.c comm-java.c, comm-arp.c,
+ main.c, opengatesrv.h)
+ </DD><DT>
+ Ver.0.90b at 2003.5.7
+ </DT><DD>
+ Reset the DEBUG option. It was left out in the previous
+ version.(Modification: opengatesrv.h)
+ </DD><DT>
+ Ver.0.90c at 2003.5.15
+ </DT><DD>
+ Simplified the logic. (Modification: comm-java.c)
+ </DD><DT>
+ Ver.0.90d at 2003.8.27
+ </DT><DD>
+ Changed message in auth page. (Modification: index.html,
+ index-ssl.html)
+ </DD><DT>
+ Ver.0.90e at 2003.9.24
+ </DT><DD>
+ Display (firewall-rule-Number,userID,IPaddress) in process
+ title.(Modification: main.c)
+ </DD><DT>
+ Ver.0.90f at 2003.9.25
+ </DT><DD>
+ Added documentation (Modification: errcheck.html,errcheck-e.html)
+ </DD><DT>
+ Ver.0.90g at 2003.11.28
+ </DT><DD>
+ Fixed PAM-include error occurred on FreeBSD 5 (Modification:
+ auth-pam.c)
+ </DD><DT>
+ Ver.0.90h at 2003.12.8
+ </DT><DD>
+ Fixed Applet-NoReply error occurring in some browsers when removing
+ applet page. Modified install document (Modification: Opengate.java
+ and the compiled files, install.html,install-e.html)
+ </DD><DT>
+ Ver.0.90i at 2003.12.16
+ </DT><DD>
+ Modified parameters and documentation (Modification: opengatesrv.h,
+ makefile, index.html, index-ssl.html, accept.html, accept2.html,
+ install.html, install-e.html, qa.html, qa-e.html, errcheck.html,
+ errcheck-e.html)
+ </DD><DT>
+ Ver.0.90j at 2004.9.21
+ </DT><DD>
+ Fixed communication error occurring on some pop3/pop3s servers
+ (Modification: comm-auth.c, auth-pop3s.c)
+ </DD><DT>
+ Ver.0.90k at 2005.2.3
+ </DT><DD>
+ Added links to accept.html to cope with pop-up-blocked and
+ java-optional browser (Modification: accept.html)
+ </DD><DT>
+ Ver.0.90l at 2005.2.4
+ </DT><DD>
+ Fixed communication error with ftpserver sending back multi-line
+ greeting. Added error reporting code for fork/exec
+ (Modification:comm-auth.c, comm-ipfw.c)
+ </DD><DT>
+ Ver.0.90m at 2005.2.7
+ </DT><DD>
+ Added error check code for ipfw response (Modification:comm-ipfw.c)
+ </DD><DT>
+ Ver.0.90n at 2005.3.21
+ </DT><DD>
+ Added no-cache option to authentication pages
+ (Modification:index.html, index-ssl.html)
+ </DD><DT>
+ Ver.1.0.0 at 2005.5.21
+ </DT><DD>
+ Stable version is released (Modification: README)
+ </DD><DT>
+ Ver.1.1.0 at 2005.5.27
+ </DT><DD>
+ Added many parameters in conf file. Added test-programs. (Addition:
+ get-param.c,test-get-param.c,test-comm-auth.c,test-comm-ipfw.c,test-comm-java.c,test-console.sh
+ Modification:
+ README,main.c,comm-auth.c,comm-ipwf.c,comm-java.c,Makefile)
+ </DD><DT>
+ Ver.1.1.1 and 1.0.1 at 2005.5.30
+ </DT><DD>
+ Recompiled Java Applet with option '-target 1.1' to be compatible
+ with MicrosoftVM (Modification: Opengate.class,
+ OpengateClient.class, Opengate.jar)
+ </DD><DT>
+ Ver.1.1.2 at 2005.7.13
+ </DT><DD>
+ Commented out server parameter setting in config file
+ (modification:opengatesrv.conf)
+ </DD><DT>
+ Ver.1.1.3 at 2005.12.1
+ </DT><DD>
+ Fixed error when executing the child process. Thanks to K.Eguchi and
+ S.Uematsu (modification:comm-java.c, opengatefw.pl)
+ </DD><DT>
+ Ver.1.2.0 at 2005.12.2
+ </DT><DD>
+ Added IPv6 support [contributed by K.Eguchi]
+ </DD><DT>
+ Ver.1.2.1 at 2005.12.15
+ </DT><DD>
+ Changed NDP command option to be recognized by new NDP [contributed
+ by K.Eguchi]
+ </DD><DT>
+ Ver.1.2.2 at 2006.1.6
+ </DT><DD>
+ Fixed error occurring when a cgi has no argument. Added MRTG
+ function [contributed by K.Eguchi]
+ </DD><DT>
+ Ver.1.1.4 and Ver.1.2.3 at 2006.2.2
+ </DT><DD>
+ Added FTPS authentication.
+ </DD><DT>
+ Ver.1.2.4 at 2006.3.14
+ </DT><DD>
+ Modified documentation and comments.
+ </DD><DT>
+ Ver.1.3.0 at 2006.3.22
+ </DT><DD>
+ Changed address acquisition method for IPv4/IPv6 dual stack and
+ others.
+ </DD><DT>
+ Ver.1.3.1 at 2006.3.27
+ </DT><DD>
+ Simplified logic. Modified rulechk script.
+ </DD><DT>
+ Ver.1.3.2 at 2006.4.3
+ </DT><DD>
+ Changed Config file to XML form. Almost all parameters can now be
+ set in the file.
+ </DD><DT>
+ Ver.1.3.3 at 2006.4.7
+ </DT><DD>
+ Put back syslog setting to fixed value, and some bugs were fixed.
+ </DD><DT>
+ Ver.1.3.4 at 2006.4.11
+ </DT><DD>
+ Changed accept page description.
+ </DD><DT>
+ Ver.1.3.5 at 2006.4.13
+ </DT><DD>
+ Modified the errcheck and qa documentation. Added time information
+ in address encoding. Added retry information page.
+ </DD><DT>
+ Ver.1.3.6 at 2006.4.14
+ </DT><DD>
+ Changed syslog setting to config file, and some bugs were fixed.
+ </DD><DT>
+ Ver.1.3.7 at 2006.4.20
+ </DT><DD>
+ Added code and info to cope with abnormal actions, and some bugs
+ were fixed.
+ </DD><DT>
+ Ver.1.3.8 at 2006.4.26
+ </DT><DD>
+ Added code to remove overlapping rules and processes.
+ </DD><DT>
+ Ver.1.3.9 at 2006.4.27
+ </DT><DD>
+ Modified Java Applet to display long message.
+ </DD><DT>
+ Ver.1.3.10 at 2006.5.1
+ </DT><DD>
+ Added userID pattern-match function. Fixed bug when checking
+ parameters.
+ </DD><DT>
+ Ver.1.3.11 at 2006.5.3
+ </DT><DD>
+ Added code to match the duration max value in conf file with auth
+ page.
+ </DD><DT>
+ Ver.1.3.12 at 2006.5.12
+ </DT><DD>
+ Changed link in deny page from external site to auth page.
+ </DD><DT>
+ Ver.1.3.13 at 2006.5.17
+ </DT><DD>
+ Use FILE and LINE macro in error message. Fixed abnormal termination
+ bugs.
+ </DD><DT>
+ Ver.1.3.14 at 2006.5.23
+ </DT><DD>
+ Removed close-error message. Modified QA document.
+ </DD><DT>
+ Ver.1.3.15 at 2006.10.14
+ </DT><DD>
+ Fixed browser's long waiting after sending accept page and other
+ small bugs.
+ </DD><DT>
+ Ver.1.4.0 at 2006.10.16
+ </DT><DD>
+ Added client watch to http keep-alive, which is the alternative to
+ the watch with java applet. Use carefully, as this is a preliminary
+ release.
+ </DD><DT>
+ Ver.1.4.1 at 2006.10.18
+ </DT><DD>
+ Changed JavaScript to run on some systems.
+ </DD><DT>
+ Ver.1.4.2 at 2006.10.19
+ </DT><DD>
+ Ignore Http watch mode on HTTP/1.0 browser.
+ </DD><DT>
+ Ver.1.4.3 at 2006.10.20
+ </DT><DD>
+ Moved JavaScript from html-file to external js-file. Modified some
+ messages.
+ </DD><DT>
+ Ver.1.4.4 at 2006.10.25
+ </DT><DD>
+ Added automatic start of java applet on failing http keep-alive.
+ Modified http-get format. Added session-id. Fixed read bug.
+ </DD><DT>
+ Ver.1.4.5 at 2006.10.28
+ </DT><DD>
+ Added function to indicate disable clients for http/java watch.
+ </DD><DT>
+ Ver.1.4.6 at 2006.11.11
+ </DT><DD>
+ Changed dir mode to install properly. Added mac check. Fixed small
+ bugs.
+ </DD><DT>
+ Ver.1.4.7 at 2006.11.18
+ </DT><DD>
+ Fixed small bugs and modified pages. Added processing time
+ measurement for research.
+ </DD><DT>
+ Ver.1.4.8 at 2006.11.19
+ </DT><DD>
+ Fixed small bugs and modified pages and measurement items.
+ </DD><DT>
+ Ver.1.4.9 at 2006.12.20
+ </DT><DD>
+ Changed hello timing control from client side to server side.
+ </DD><DT>
+ Ver.1.4.10 at 2006.12.26
+ </DT><DD>
+ Changed parameter's name and value in config file.
+ </DD><DT>
+ Ver.1.4.11 at 2007.2.2
+ </DT><DD>
+ Added ldap/ldaps authentication. Fixed malfunction in exceptional
+ terminals.
+ </DD><DT>
+ Ver.1.4.12 at 2007.2.4
+ </DT><DD>
+ Removed watch-mode selection in authentication page.
+ </DD><DT>
+ Ver.1.4.13 at 2007.2.17
+ </DT><DD>
+ Added change to select time watch mode when the duration value is
+ entered.
+ </DD><DT>
+ Ver.1.4.14 at 2007.3.2
+ </DT><DD>
+ Fixed bug when IPv6 disabled. Shortened the default duration for
+ time watch mode.
+ </DD><DT>
+ Ver.1.4.15 at 2007.3.22
+ </DT><DD>
+ Fixed bug when dumping micro-second time information.
+ </DD><DT>
+ Ver.1.4.16 at 2007.4.16
+ </DT><DD>
+ Fixed bug for delayed favicon.ico request, occurring on IE7.
+ </DD><DT>
+ Ver.1.4.17 at 2007.4.18
+ </DT><DD>
+ Refined the bug fix of favicon.ico error.
+ </DD><DT>
+ Ver.1.4.18 at 2007.4.23
+ </DT><DD>
+ Added favicon.ico installation.
+ </DD><DT>
+ Ver.1.4.19 at 2007.5.24
+ </DT><DD>
+ Modified control of favicon.ico.
+ </DD><DT>
+ Ver.1.4.20 at 2007.6.1
+ </DT><DD>
+ Modified web pages to guide the users in the right direction.
+ </DD><DT>
+ Ver.1.4.21 at 2007.6.14
+ </DT><DD>
+ Modified Makefile and install document. Abort when unloading the
+ httpkeep page.
+ </DD><DT>
+ Ver.1.4.22 at 2007.6.26
+ </DT><DD>
+ Removed ipfw pass rule for established packets.
+ </DD><DT>
+ Ver.1.4.23 at 2007.7.2
+ </DT><DD>
+ Added config setting for multiple auth servers and auth server
+ timeout.
+ </DD><DT>
+ Ver.1.4.24 at 2007.11.28
+ </DT><DD>
+ Added seteuid control. Show auto time setting in auth page.
+ </DD><DT>
+ Ver.1.4.25 at 2007.12.21
+ </DT><DD>
+ Fixed typo in Makefile (change from Lockfile to LockFile).
+ </DD><DT>
+ Ver.1.4.26 at 2008.2.29
+ </DT><DD>
+ Fixed error on 64 bit machine.
+ </DD><DT>
+ Ver.1.4.27 at 2008.3.3
+ </DT><DD>
+ Fixed error when setting the default pam service name. Fixed
+ previous fix.
+ </DD><DT>
+ Ver.1.4.28 at 2008.3.8
+ </DT><DD>
+ Fixed error in pam authentication.
+ </DD><DT>
+ Ver.1.4.29 at 2008.3.17
+ </DT><DD>
+ Added code to perl script to prevent multiple logins.
+ </DD><DT>
+ Ver.1.4.30 at 2008.3.18
+ </DT><DD>
+ Fixed error in tools/mrtg.
+ </DD><DT>
+ Ver.1.4.31 at 2008.4.10
+ </DT><DD>
+ Modified ReconnectTimeout value in conf to fix disconnection issue
+ in some browsers.
+ </DD><DT>
+ Ver.1.4.32 at 2008.5.22
+ </DT><DD>
+ Fixed segmentation-fault in opengatefwd.
+ </DD><DT>
+ Ver.1.4.33 at 2008.5.29
+ </DT><DD>
+ Fixed install documentation.
+ </DD><DT>
+ Ver.1.4.34 at 2008.6.27
+ </DT><DD>
+ Removed ip6fw from default.
+ </DD><DT>
+ Ver.1.4.35 at 2008.7.9
+ </DT><DD>
+ Fixed browser's hangup on closing.
+ </DD><DT>
+ Ver.1.4.36 at 2008.7.17
+ </DT><DD>
+ Changed value of ActiveCheckInterval. Modified install.html.
+ </DD><DT>
+ Ver.1.4.37 at 2009.8.18
+ </DT><DD STYLE="margin-bottom: 0.2in">
+ Fixed Radius error.
+ </DD><DT>
+ Ver.1.4.38 at 2009.8.25
+ </DT><DD>
+ Modified english document.(No modification to source)
+ </DD>
+ </DL>
+<P>
+<B>Please see CVS on SourceForge.net to check the differences between
+versions.</B>
+</P>
+</BODY>
+</HTML>
-<html>\r
-<head>\r
-<title>Opegnate Install</title>\r
-<meta http-equiv="content-type" content="text/html">\r
-<link rel="stylesheet" type="text/css" media="screen" href="style.css">\r
-</head>\r
-\r
-\r
-<body bgcolor="#fafff0">\r
-\r
-<h2>Opengate Install Procedure<A class=anchor href="#top" name=top>\81õ</A></h2>\r
-<!-- Start:content table -->\r
-<ul>\r
- <li class="list_alpha"><A href="#outline0">Outline</A>\r
- <ul>\r
- <li class="list_num"><A href="#outline1">System Configuration</A></li>\r
- <li class="list_num"><A href="#outline2">Install Procedure</A></li>\r
- <li class="list_num"><A href="#outline3">Support Page</A></li>\r
- </ul></li>\r
- <li class="list_alpha"><A href="#freebsd0">FreeBSD Install</A>\r
- <ul>\r
- <li class="list_num"><A href="#freebsd1">Bssic Install</A></li>\r
- <li class="list_num"><A href="#freebsd2">Addition of NAT and Firewal</A></li>\r
- <li class="list_num"><A href="#freebsd3">Setup of IPv6</A></li>\r
- </ul></li>\r
- <li class="list_alpha"><A href="#bind0">BIND9 Install(Optional)</A>\r
- <ul>\r
- <li class="list_num"><A href="#bind1">Ports Install</A></li>\r
- <li class="list_num"><A href="#bind2">Making RNDC Key</A></li>\r
- <li class="list_num"><A href="#bind3">Setup of named.conf</A></li>\r
- <li class="list_num"><A href="#bind4">Setup of Zone</A></li>\r
- <li class="list_num"><A href="#bind5">Checking Behavior</A></li>\r
- </ul></li>\r
- <li class="list_alpha"><A href="#dhcp0">isc-dhcp3 Install(Optional)</A>\r
- <ul>\r
- <li class="list_num"><A href="#dhcp1">Ports Install</A></li>\r
- <li class="list_num"><A href="#dhcp2">Setup of DHCP</A></li>\r
- </ul></li>\r
- <li class="list_alpha"><A href="#apache0">Apache2 Install</A>\r
- <ul>\r
- <li class="list_num"><A href="#apache1">Ports Install</A></li>\r
- <li class="list_num"><A href="#apache2">Making Certificate</A></li>\r
- <li class="list_num"><A href="#apache3">Setup of VertualHost</A></li>\r
- <li class="list_num"><A href="#apache4">Other Setup and check</A></li>\r
- </ul></li>\r
- <li class="list_alpha"><A href="#opengate0">Opengate Install</A>\r
- <ul>\r
- <li class="list_num"><A href="#opengate1">Opengate Package</A></li>\r
- <li class="list_num"><A href="#opengate2">Install</A></li>\r
- <li class="list_num"><A href="#opengate3">Setup of Config File</A></li>\r
- <li class="list_num"><A href="#opengate4">Setup of ipfw</A></li>\r
- <li class="list_num"><A href="#opengate5">Setup of ip6fw</A></li>\r
- <li class="list_num"><A href="#opengate6">Setup of syslog</A></li>\r
- <li class="list_num"><A href="#opengate6">Checking Behavior</A></li>\r
- </ul></li>\r
- <li class="list_alpha"><A href="#mrtg0">MRTG Install(Optional)</A>\r
- <ul>\r
- <li class="list_num"><A href="#mrtg1">Ports Install</A></li>\r
- <li class="list_num"><A href="#mrtg2">Setup</A></li>\r
- <li class="list_num"><A href="#mrtg3">Check Behavior</A></li>\r
- <li class="list_num"><A href="#mrtg4">Regist to Crontab</A></li>\r
- </ul></li>\r
- <li class="list_alpha"><A href="#rulechk">rulechk Install(Optional)</A>\r
- </li>\r
-</ul>\r
-\r
-<!-- End:content table -->\r
-<hr>\r
-<!-- Start:Outline -->\r
-<h3>A Outline<A class=anchor href="#outline0" name=outline0>\81õ</A></h3>\r
-\r
- <ul>\r
- <li class="list_num"><A href="#outline1">System Configuration</A></li>\r
- <li class="list_num"><A href="#outline2">Install Procedure</A></li>\r
- </ul>\r
- \r
-<!-- ************1************* -->\r
-<h4>A.1 System Configuration<A class=anchor href="#outline1" name=outline1>\81õ</A></h4>\r
-\r
-<ul>\r
- <li>Gateway Machine \r
- \r
- <ul>\r
- <li>FreeBSD Ver 4.x, 5.x, or 6.x </li>\r
- \r
- <li>Having Two or more NICs</li>\r
- </ul> </li>\r
-</ul>\r
-\r
-<p>In this document, we use the system configuration as follows. The network connecting terminals is called as lower-side network and the network having servers is called upper-side network.</p>\r
-\r
-\r
-<table><tr><td><pre>\r
-upper-side network:192.168.0.0/24, 2001:1:2:3/64\r
-Gateway to upper-side network:fxp1, 192.168.0.124, 2001:1:2:3::4\r
-Gateway to lower-side network:fxp0, 192.168.1.1, 2001:5:6:7::1\r
-lower-side network:192.168.1.0/24, 2001:5:6:7/64\r
-</pre></td></tr></table>\r
-\r
-<p>Opengate recognizes the both addresses of IPv4 and IPv6, and controles the both firewalls. It can be used for IPv4 control only under the FreeBSD system that does not set up IPv6 environments.</p>\r
-\r
-\r
-<!-- ***********2************** -->\r
-<h4>A.2 Install Procedure<A class=anchor href="#outline2" name=outline2>\81õ</A></h4>\r
-\r
-<p>Following is the proceddure of Opengate. The '*'mark means the mandatory items.</p>\r
-\r
-<ul> \r
- <li class="list_num">FreeBSD Install *</li>\r
- <li class="list_num">Addition of Firewall *</li>\r
- <li class="list_num">BIND9 Install and Setup</li>\r
- <li class="list_num">DHCP Install and Setup</li>\r
- <li class="list_num">Apache2 Install and Setup *</li>\r
- <li class="list_num">Opengate Install and Setup *</li></ul>\r
-\r
-\r
-<!-- ***********3************** -->\r
-<h4>A.2 Support Page<A class=anchor href="#outline3" name=outline3>\81õ</A></h4>\r
-\r
-We prepare the Opengate support page as follows.\r
-\r
-<table><tr><td><pre>\r
- http://www.cc.saga-u.ac.jp/opengate/index-e.html\r
-</pre></td></tr></table>\r
-\r
-\r
-\r
-<div align="right"><A href="#outline0">back</A> <A href="#top">top</A></div>\r
-\r
-<hr>\r
-<!-- Start:FreeBSD Install-->\r
-<h3>B FreeBSD Install<A class=anchor href="#freebsd0" name=freebsd0>\81õ</A></h3>\r
-\r
- <ul>\r
- <li class="list_num"><A href="#freebsd1">Basic Install</A></li>\r
- <li class="list_num"><A href="#freebsd2">Addition of NAT and Firewall</A></li>\r
- <li class="list_num"><A href="#freebsd3">Setup of IPv6</A></li>\r
- </ul>\r
- \r
-<!-- ************1************* -->\r
-<h4>B.1 Basic Install<A class=anchor href="#freebsd1" name=freebsd1>\81õ</A></h4>\r
-\r
-<p>Use FreeBSD4.x or later. FreeBSD6.1 or later is desirable. \r
-Choose distribution Developer(Full sources, binaries and doc) or all, because we have to prepare a kernel.</p>\r
-<p>Add next line to "/etc/rc.conf", because you enable the gateway function.</p>\r
-\r
-<table>\r
- <TR>\r
-<td><code>gateway_enable="YES"</code></td></TR>\r
-</table>\r
-\r
-<div align="right"><A href="#freebsd0">back</A> <A href="#top">top</A></div>\r
-\r
-\r
-\r
-<!-- ************ 2 ************** -->\r
-<h4>B.2 Addition of NAT and Firewall<A class=anchor href="#freebsd2" name=freebsd2>\81õ</A></h4>\r
-\r
-<p>Prepare kernel having ipfw and ip6fw functions.</p>\r
-\r
-<p>Copy kernel options file.</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /usr/src/sys/i386/conf\r
-# cp GENERIC MYKERNEL\r
-</pre></td></tr></table>\r
-\r
-<p>Add next lines to the kernel.</p>\r
-\r
-<p>(For FreeBSD6.0 or earlier)</p>\r
-\r
-<table><tr><td><pre>\r
-options IPDIVERT\r
-\r
-options IPFIREWALL\r
-options IPFIREWALL_FORWARD\r
-options IPFIREWALL_VERBOSE\r
-options IPFIREWALL_VERBOSE_LIMIT=100\r
-\r
-options IPV6FIREWALL\r
-options IPV6FIREWALL_VERBOSE\r
-options IPV6FIREWALL_VERBOSE_LIMIT=100\r
-\r
-options IPSEC\r
-options IPSEC_ESP\r
-options TCP_DROP_SYNFIN\r
-</pre></td></tr></table>\r
-\r
-<p>(For FreeBSD6.1 or later)</p>\r
-\r
-<table><tr><td><pre>\r
-options IPDIVERT\r
-\r
-options IPFIREWALL\r
-options IPFIREWALL_FORWARD\r
-options IPFIREWALL_VERBOSE\r
-options IPFIREWALL_VERBOSE_LIMIT=100\r
-\r
-options IPSEC\r
-device crypto\r
-</pre></td></tr></table>\r
-\r
-\r
-<p>compile and install kernel having ipfw (and ip6fw) supports.</p>\r
-\r
-\r
-<table><tr><td><pre>\r
-# config MYKERNEL\r
-# cd ../compile/MYKERNEL\r
-# make depend\r
-# make\r
-# make install\r
-</pre></td></tr></table>\r
-\r
-<p>"make clean" might be requested before "make depend".</p>\r
-\r
-<p>Add next lines to "/etc/rc.conf".</p>\r
-\r
-<p>(For FreeBSD6.0 or earlier)</p>\r
-\r
-<table><tr><td><pre>\r
-firewall_enable="YES"\r
-firewall_script="/etc/rc.firewall"\r
-firewall_type="open"\r
-\r
-ipv6_firewall_enable="YES"\r
-ipv6_firewall_script="/etc/rc.firewall6"\r
-ipv6_firewall_type="open"\r
-\r
-natd_enable="YES"\r
-natd_interface="fxp1"\r
-</pre></td></tr></table>\r
-\r
-<p>(For FreeBSD6.1 or later)</p>\r
-<table><tr><td><pre>\r
-firewall_enable="YES"\r
-firewall_script="/etc/rc.firewall"\r
-firewall_type="open"\r
-\r
-natd_enable="YES"\r
-natd_interface="fxp1"\r
-</pre></td></tr></table>\r
-\r
-<p>When setting the ipfw(and ip6fw) enable, be care to set the type 'OPEN' as to prevent mysteryous system behavior in installing procedure. For NAT, Enable natd and setup natd interface(Upper-side interface).</p>\r
-\r
-<p>Connect PC to the lower-side network and check the IPv4 behavior.</p>\r
-\r
-<p>As the DHCP does not setup yet, The PC network must be setup manually.</p>\r
-\r
-\r
-\r
-<div align="right"><A href="#freebsd0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************ 3 ************** -->\r
-<h4>B.3 Setup of IPv6<A class=anchor href="#freebsd3" name=freebsd3>\81õ</A></h4>\r
-\r
-<p>If you need IPv4 only, this section can be skipped. Though explanation is omitted, many pareameters like the following sample might be set in /etc/rc.conf. You must study about IPv6 and setup carefully. </p>\r
-\r
-<table><tr><td><pre>\r
-##ENABLE IPv6\r
-ipv6_enable="YES"\r
-ipv6_network_interfaces="gif0 fxp0"\r
-\r
-##TUNNELLING INTERFACE\r
-gif_interfaces="gif0"\r
-gifconfig_gif0="192.168.0.124 192.168.0.126"\r
-\r
-##IPv6 ADDRESS \r
-ipv6_prefix_fxp0="2001:5:6:7"\r
-ipv6_ifconfig_fxp0="2001:5:6:7::1 prefixlen 64"\r
-\r
-##ADVERTISE\r
-rtadvd_enable="YES"\r
-rtadvd_interfaces="fxp0"\r
-\r
-##DEFAULT GATEWAY\r
-ipv6_default_interface="gif0"\r
-ipv6_defaultrouter="fe80::a:b:c:d%gif0"\r
-\r
-##ROUTING(RIPv6)\r
-ipv6_gateway_enable="YES"\r
-ipv6_router_enable="YES"\r
-ipv6_router="/usr/sbin/route6d"\r
-ipv6_router_flags="-O 2001:5:6:7::/64,gif0"\r
-</pre></td></tr></table>\r
-\r
-<p>Connect a PC to the lower-side network and check the behavior of IPv6</p>\r
-<p>In WindowsPC, a command "ipv6 install" might be needed to activate IPv6.</p>\r
-\r
-\r
-<div align="right"><A href="#ipfw0">back</A> <A href="#top">top</A></div>\r
-\r
-<hr>\r
-\r
-\r
-<!-- Start:BIND9 Install -->\r
-<h3>C BIND9 Install(Optional)<A class=anchor href="#bind0" name=bind0>\81õ</A></h3>\r
-\r
-<ul>\r
- <li class="list_num"><A href="#bind1">Ports Install</A></li>\r
- <li class="list_num"><A href="#bind2">Making RNDC Key</A></li>\r
- <li class="list_num"><A href="#bind3">Setup of named.conf</A></li>\r
- <li class="list_num"><A href="#bind4">Setup of Zone</A></li>\r
- <li class="list_num"><A href="#bind5">Checking Behavior</A></li>\r
-</ul>\r
-\r
-<!-- ********** 1 *********** -->\r
-<h4>C.1 Ports Install<A class=anchor href="#bind1" name=bind1>\81õ</A></h4>\r
-\r
-<p>You can ignore the DNS setting, if you control with IP address base or use existing DNS servers.</p>\r
-\r
-<p>Installing BIND9 from ports is as follows. The "sysinstall" command can also be used for installation.</p> \r
-\r
-\r
-<table><tr><td><pre>\r
-# cd /usr/ports/dns/bind9/\r
-# make clean\r
-# make install clean ; rehash\r
-</pre></td></tr></table>\r
-\r
-<p>The directory "/etc/namedb(/var/named/etc/namedb)" is made in the installation.</p>\r
-\r
-\r
-<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ********** 2 ********** -->\r
-<h4>C.2 Making RNDC key<A class=anchor href="#bind2" name=bind2>\81õ</A></h4>\r
-\r
-<p>For security, BIND9 is controlled by rndc command.</p>\r
-\r
-<p>Create the rndc key as follows.</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /etc/namebd/\r
-# rndc-confgen -b 512 > rndc.conf\r
-</pre></td></tr></table>\r
-\r
-<p>By the command, following "rndc.conf" file is generated.</p>\r
-\r
-<table><tr><td><pre>\r
-# Start of rndc.conf\r
-key "rndc-key" {\r
- algorithm hmac-md5;\r
- secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";\r
-};\r
-\r
-options {\r
- default-key "rndc-key";\r
- default-server 127.0.0.1;\r
- default-port 953;\r
-};\r
-# End of rndc.conf\r
-\r
-# Use with the following in named.conf, adjusting the allow list as needed:\r
-# key "rndc-key" {\r
-# algorithm hmac-md5;\r
-# secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";\r
-# };\r
-# \r
-# controls {\r
-# inet 127.0.0.1 port 953\r
-# allow { 127.0.0.1; } keys { "rndc-key"; };\r
-# };\r
-# End of named.conf\r
-</pre></td></tr></table>\r
-\r
-\r
-<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ********* 3 ********* -->\r
-<h4>C.3 Setup of named.conf<A class=anchor href="#bind3" name=bind3>\81õ</A></h4>\r
-\r
-<p>There is "/etc/namedb/named.conf" after installation.</p>\r
-\r
-<p>Copy later half of "rndc.conf" file, remove comment, and add IPv6 configuration(if required).</p>\r
-\r
-<table><tr><td><pre>\r
-# Use with the following in named.conf, adjusting the allow list as needed:\r
-key "rndc-key" {\r
- algorithm hmac-md5;\r
- secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";\r
-};\r
-\r
-controls {\r
- inet ::1 port 953 allow { ::1; } keys { "rndc-key"; };\r
- inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };\r
-};\r
-# End of named.conf\r
-</pre></td></tr></table>\r
-\r
-<p>For security, it is better to write the "key" directive in the other file.</p>\r
-\r
-<p>Edit "options" directive in "named.conf".</p>\r
-\r
-<table><tr><td><pre>\r
-options {\r
- directory "/etc/namedb";\r
- pid-file "/var/run/named/pid";\r
- auth-nxdomain yes;\r
- listen-on-v6 { any; };\r
-};\r
-</pre></td></tr></table>\r
-\r
-<p>Make the corresponding directory to put "pid".</p>\r
-\r
-\r
-<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ******** 4 ********* -->\r
-<h4>C.4 Setup of Zone<A class=anchor href="#bind4" name=bind4>\81õ</A></h4>\r
-\r
-<p>Edit "view" and "zone" directive in "named.conf".</p>\r
-\r
-<p>The "view" directive is implemented in BIND9. Replying to the inquiry from matched-clients, BIND9 sends the information described in the corresponding view.</p>\r
-\r
-\r
-\r
-<table><tr><td><pre>\r
-view "og" {\r
- match-clients\r
- {\r
- 192.168.1.0/24;\r
- };\r
-\r
- recursion yes;\r
-\r
- zone "." {\r
- type hint;\r
- file "named.root";\r
- };\r
-\r
- zone "og.saga-u.ac.jp" {\r
- type master;\r
- file "og.saga-u.ac.jp";\r
- };\r
-\r
- zone "0.0.127.IN-ADDR.ARPA" {\r
- type master;\r
- file "master/localhost.rev";\r
- };\r
-\r
- // RFC 3152\r
- zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
- 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {\r
- type master;\r
- file "master/localhost-v6.rev";\r
- };\r
-\r
- // RFC 1886 -- deprecated\r
- zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
- 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {\r
- type master;\r
- file "master/localhost-v6.rev";\r
- };\r
-};\r
-</pre></td></tr></table>\r
-\r
-<p>Make a "zone" file for the domain as "og.saga-u.ac.jp". \r
-The domain name and IPv4/6 addresses should be modified properly. \r
-If you don't need IPv6, the line "AAAA ...." should be removed.</p>\r
-\r
-<table><tr><td><pre>\r
-$TTL 3600\r
-$ORIGIN og.saga-u.ac.jp.\r
-\r
-@ IN SOA ns.og.saga-u.ac.jp. postmaster (\r
- 2005051702 ;\r
- 3600\r
- 1200\r
- 2419200\r
- 86400 )\r
- IN NS ns.og.saga-u.ac.jp.\r
- IN A 192.168.1.1\r
- IN MX 10 opengate.og.saga-u.ac.jp.\r
-\r
-ns IN A 192.168.1.1\r
-\r
-opengate IN A 192.168.1.1\r
- AAAA 2001:5:6:7::1\r
-</pre></td></tr></table>\r
-\r
-<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ********* 5 ********* -->\r
-<h4>C.5 Checking Behavior<A class=anchor href="#bind5" name=bind5>\81õ</A></h4>\r
-\r
-<p>Confirm starting of "named" after setting was completed.</p>\r
-\r
-<table><tr><td><pre>\r
-# /usr/local/sbin/named -u bind -c /etc/namedb/named.conf\r
-</pre></td></tr></table>\r
-\r
-<p>If "named" starts without problems, Add next lines to "/etc/rc.conf" for auto start.</p>\r
-\r
-<table><tr><td><pre>named_enable="YES"\r
-named_program="/usr/local/sbin/named"\r
-named_flags="-u bind -c /etc/namedb/named.conf"\r
-</pre></td></tr></table>\r
-\r
-<p>Because the management of a DNS server is complicated, You need to read manual of BIND9 carefully, and refer other document.</p>\r
-\r
-\r
-<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
-<hr>\r
-\r
-<!-- Start:isc-dhcp3 Install -->\r
-<h3>D isc-dhcp3 Install(Optional)<A class=anchor href="#dhcp0" name=dhcp0>\81õ</A></h3>\r
-\r
-<ul>\r
- <li class="list_num"><A href="#dhcp1">Ports Install</A></li>\r
- <li class="list_num"><A href="#dhcp2">Setting of DHCP</A></li>\r
-</ul>\r
-\r
-<!-- *********** 1 ************* -->\r
-<h4>D.1 Ports Install<A class=anchor href="#dhcp1" name=dhcp1>\81õ</A></h4>\r
-\r
-<p>Many client PCs are connected. Thus the DHCP might be a desireble solution for assginment of IP addresses to these clients.</p>\r
-\r
-<p>Installing isc-dhcp3 from ports is as follows. The "sysinstall" command can also be used for intallation.</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /usr/ports/net/isc-dhcp3-server\r
-# make clean\r
-# make install clean ; rehash\r
-</pre></td></tr></table>\r
-\r
-<div align="right"><A href="#dhcp0">back</A> <A href="#top">top</A></div>\r
-\r
-\r
-<!-- ************ 2 ************** -->\r
-<h4>D.2 Setup of DHCP<A class=anchor href="#dhcp2" name=dhcp2>\81õ</A></h4>\r
-\r
-<p>There is a configuration file "/usr/local/etc/dhcpd.conf.sample" after instalation. Copy "dhcpd.conf.sample" to "dhcpd.conf" and edit the file. Following is an example setup. The lease time must be greater than the maximum usage duration (Duration/Max in opengatesrv.conf).</p>\r
-<p>The domain name and IP addresses should be modified. </p>\r
-\r
-<table><tr><td><pre>\r
-option domain-name "og.saga-u.ac.jp";\r
-option domain-name-servers 192.168.1.1;\r
-option subnet-mask 255.255.255.0;\r
-option broadcast-address 192.168.1.255;\r
-option routers 192.168.1.1;\r
-\r
-default-lease-time 86400;\r
-max-lease-time 604800;\r
-ddns-update-style none;\r
-log-facility local7;\r
-\r
-subnet 192.168.55.0 netmask 255.255.255.0 {\r
- range 192.168.1.10 192.168.1.250;\r
-}\r
-</pre></td></tr></table>\r
-\r
-<p>Add next lines to "/etc/rc.conf" for auto start.</p>\r
-\r
-<table><tr><td><pre>\r
-dhcpd_enable="YES"\r
-dhcpd_ifaces="fxp0"\r
-dhcpd_conf="/usr/local/etc/dhcpd.conf"\r
-</pre></td></tr></table>\r
-\r
-<p>In this description, the value of "dhcpd_ifaces" is the interface for DHCP service(the lower-side network).</p>\r
-\r
-<div align="right"><A href="#dhcp0">back</A> <A href="#top">top</A></div>\r
-\r
-<hr>\r
-\r
-<!-- Start:Apache2 Install-->\r
-<h3>E Apache2 Install<A class=anchor href="#apache0" name=apache0>\81õ</A></h3>\r
-<ul>\r
- <li class="list_num"><A href="#apache1">Ports Install</A></li>\r
- <li class="list_num"><A href="#apache2">Making Certificate</A></li>\r
- <li class="list_num"><A href="#apache3">Setup SSL</A></li>\r
- <li class="list_num"><A href="#apache4">Other Setting and Checking</A></li>\r
-</ul>\r
-\r
-<!-- ************ 1 ************** -->\r
-<h4>E.1 Ports Install<A class=anchor href="#apache1" name=apache1>\81õ</A></h4>\r
-\r
-<p>When using IPv6 function, Opengate needs Apache2 supporting IPv6. In default, Apache2 supports SSL which is desirable for secure authentication.</p>\r
-\r
-\r
-<p>Installing Apache2 from ports is as follows. The "sysinstall" command can also be used for installation.</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /usr/ports/www/apache22\r
-# make clean\r
-# make install clean ; rehash\r
-</pre></td></tr></table>\r
-\r
-\r
-\r
-<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************ 2 ************** -->\r
-<h4>E.2 Making Certificate<A class=anchor href="#apache2" name=apache2>\81õ</A></h4>\r
-\r
-<p>It is better to obtain a formal key from some CA. But we shows the procedure to make a self-signed private key and certificate. </p>\r
-\r
-\r
-<p>Make a private key as follows.</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /usr/local/etc/apache22\r
-# mkdir ssl.key ssl.crt\r
-# chmod 700 ssl.key ssl.crt\r
-\r
-# /usr/bin/openssl genrsa -out /usr/local/etc/apache22/server.key 1024\r
-</pre></td></tr></table>\r
-\r
-<p>Make a certificate from the key as follows.</p>\r
-\r
-<table><tr><td><pre>\r
-# /usr/bin/openssl req -new -x509 -days 365 \\r
- -key /usr/local/etc/apache22/server.key \\r
- -out /usr/local/etc/apache22/server.crt\r
-\r
-You are about to be asked to enter information that will be incorporated\r
-into your certificate request.\r
-What you are about to enter is what is called a Distinguished Name or a DN.\r
-There are quite a few fields but you can leave some blank\r
-For some fields there will be a default value,\r
-If you enter '.', the field will be left blank.\r
------\r
-Country Name (2 letter code) [AU]:JP\r
-State or Province Name (full name) [Some-State]:Saga\r
-Locality Name (eg, city) []:Saga-city\r
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university\r
-Organizational Unit Name (eg, subsection) []:Opengate Management\r
-Common Name (eg, YOUR name) []:opengate.og.saga-u.ac.jp\r
-Email Address []:administrator@opengate.og.saga-u.ac.jp\r
-\r
-Please enter the following 'extra' attributes\r
-to be sent with your certificate request\r
-A challenge password []:\r
-An optional company name []:\r
-\r
-</pre></td></tr></table>\r
-\r
-<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************ 4 ************** -->\r
-<h4>E.4  Setup of SSL<A class=anchor href="#apache3" name=apache3>\81õ</A></h4>\r
-\r
-\r
-<p>Edit "/usr/local/etc/apache22/extra/httpd-ssl.conf" like the following example.</p>\r
-\r
-<table><tr><td>ssl.conf\r
-</td></tr><tr><td><pre>\r
-<VirtualHost _default_:443>\r
- DocumentRoot "/usr/local/www/apache22/data"\r
- ServerName opengate.og.saga-u.ac.jp:443\r
- ServerAdmin administrator@opengate.og.saga-u.ac.jp\r
- ErrorLog "|/usr/bin/logger -p local6.info"\r
- CustomLog "|/usr/bin/logger -p local5.info" combined\r
-\r
- SSLEngine on\r
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
- SSLCertificateFile /usr/local/etc/apache22/server.crt\r
- SSLCertificateKeyFile /usr/local/etc/apache22/server.key\r
-</VirtualHost>\r
-</pre></td></tr></table>\r
-\r
-<p>As Apache2 has many settings, be familiar with Apache2 configuration for adequate control.</p>\r
-\r
-\r
-\r
-<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************ 5 ************** -->\r
-<h4>E.5 Other Setting and Checking<A class=anchor href="#apache4" name=apache4>\81õ</A></h4>\r
-\r
-<p>Edit "/usr/local/etc/apache22/httpd.conf" as follows.</p>\r
-\r
-<p>Opengate send back the authentication page for any kind of HTTP request. To do so, add next line to httpd.conf. This means that the top page is sent back at HTTP_ERROR 404(file not found) error.</p>\r
-\r
-\r
-\r
-<table><tr><td><pre>\r
-ErrorDocument 404 /\r
-</pre></td></tr></table>\r
-\r
-<p>Add ExecCGI to execute CGI program in cgi-bin directory.</p>\r
-<table><tr><td><pre>\r
-<Directory "/usr/local/www/cgi-bin">\r
- ...\r
- Options ExecCGI\r
- ...\r
-</Directory>\r
-</pre></td></tr></table>\r
-\r
-<p>\r
-Remove the comment mark to enable the following setting\r
-<table><tr><td><pre>\r
-AddHandler cgi-script .cgi\r
-AddHandler type-map .var\r
-</pre></td></tr></table>\r
-</p>\r
-\r
-<p>\r
-Add "index.html.var" into DirectoryIndex.\r
-<table><tr><td><pre>\r
-DirectoryIndex index.html.var index.html\r
-</pre></td></tr></table>\r
-</p>\r
-\r
-<p>\r
-Include ssl conf file.\r
-<table><tr><td><pre>\r
-Include etc/apache22/extra/httpd-ssl.conf\r
-</pre></td></tr></table>\r
-</p>\r
-\r
-<p>\r
-Set Server name.\r
-<table><tr><td><pre>\r
-ServerName opengate.og.saga-u.ac.jp\r
-</pre></td></tr></table>\r
-</p>\r
-\r
-<p>Start Apache2 with "apachectl start" and check the normal action. \r
-Then add next lines to "/etc/rc.conf" for auto start.</p>\r
-\r
-<table><tr><td><pre>\r
-apache22_enable="YES"\r
-apache22ssl_enable="YES"\r
-</pre></td></tr></table>\r
-\r
-<p>\r
-If the system shows "Failed to enable the 'httpready' Accept Filter",\r
-add following into /boot/loader.conf\r
-<table><tr><td><pre>\r
-accf_http_load="YES"\r
-</pre></td></tr></table>\r
-</p>\r
-\r
-<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
-\r
-<hr>\r
-\r
-<!-- Start:Opengate Install -->\r
-<h3>F Opengate Install<A class=anchor href="#opengate0" name=opengate0>\81õ</A></h3>\r
-\r
- <ul>\r
- <li class="list_num"><A href="#opengate1">Opengate Package</A></li>\r
- <li class="list_num"><A href="#opengate2">Install</A></li>\r
- <li class="list_num"><A href="#opengate3">Setup of Config File</A></li>\r
- <li class="list_num"><A href="#opengate4">Setup of ipfw</A></li>\r
- <li class="list_num"><A href="#opengate5">Setup of ip6fw</A></li>\r
- <li class="list_num"><A href="#opengate6">Setup of syslog</A></li>\r
- <li class="list_num"><A href="#opengate7">Checking Behavior</A></li>\r
- </ul>\r
- \r
-<!-- ************1************* -->\r
-<h4>F.1 Opengate Package<A class=anchor href="#opengate1" name=opengate1>\81õ</A></h4>\r
-\r
-<p>Unfold the package of Opengate. </p>\r
-\r
-<table><tr><td><pre>\r
-# tar xzvf opengatexxxx.tar.gz\r
-</pre></td></tr></table>\r
-\r
-<p>It have following directorys.</p>\r
-\r
-<table>\r
-<tr><td><pre>\r
-doc: Documentations\r
-conf: Configuration file and firewall control perl script sample\r
-javahtml: Client Java Programs and HTML files\r
-opengatesrv: Server CGI programs\r
-tools: Some related tools\r
-ezxml: XML parser (Copyright Aaron Voisine)\r
-</pre>\r
-</td></tr>\r
-</table>\r
-<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************2************* -->\r
-\r
-<h4>F.2 Install<A class=anchor href="#opengate2" name=opengate2>\81õ</A></h4>\r
-\r
-<p>Check setting in "opengatesrv/Makefile" and modify properly.</p>\r
-\r
-<table>\r
-<tr><td><pre>\r
-HTMLTOP = /usr/local/www/apache22\r
-DOCDIR = /data\r
-CGIDIR = /cgi-bin\r
-OPENGATEDIR = /opengate\r
-CONFIGPATH = /etc/opengate\r
-</pre>\r
-</td></tr>\r
-</table>\r
-\r
-<p>Compile and Install.</p>\r
-\r
-<table><tr><td><pre>\r
-# make clean\r
-# make install\r
-</pre></td></tr></table>\r
-\r
-\r
-<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
-\r
-\r
-<!-- ************ 3 ************** -->\r
-<h4>F.3 Setup of Config File<A class=anchor href="#opengate3" name=opengate3>\81õ</A></h4>\r
-\r
-\r
-<p>Copy sample config file "/etc/opengate/opengatesrv.conf.sample" to "/etc/opengate/opengatesrv.conf" and modify. Following settings must be changed.</p>\r
-\r
-<table><tr><td><pre>\r
- <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>\r
-\r
- <AuthServer>\r
- <Protocol>pop3s</Protocol>\r
- <Address>192.168.0.2</Address>\r
- </AuthServer>\r
-</pre></td></tr></table>\r
-\r
-<p>In <OpengateServerName>, set HOSTNAME(FQDN) or IP address of opengate gateway server. If you \r
-want to use IPv6 function, you need to set FQDN corresponding to IPv4 and IPv6 both addresses.</p>\r
-<p>In <AuthServer>, set the information of authentication server. Opengate support various auth protocols. See the config file for details. To separate the problem between auth server and opengate server, try the following setting firstly. This means that any userid and password are accepted.</p>\r
-\r
-\r
-<table><tr><td><pre>\r
- ****Do not use this setting in real service****\r
- <AuthServer>\r
- <Protocol>accept</Protocol> \r
- <AuthServer>\r
-</pre></td></tr></table>\r
-\r
-<p>The config file is XML form. The # mark in the file does not mean the start of a comment. Use XML-formed comment as <!-- Comment String --> to disable description.</p>\r
-\r
-<p>Opengate can switch auth setting with "userid@extid" pattern. See the config file for details. By this function, you can divide the authentication servers for many sections or guests.</P>\r
-\r
-<p>When default auth server is not replied, Opengate can re-request to other auth servers. See the config file for details.</P>\r
-\r
-<p>Caution: Do not delete the IPv6 related setting in config file. The IPv6 access is executed when the FQDN for IPv6 is prepared.</P>\r
-\r
-<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
-\r
-\r
-<!-- ************ 4 ************** -->\r
-<h4>F.4 Setup of ipfw<A class=anchor href="#opengate4" name=opengate4>\81õ</A></h4>\r
-\r
-<p>Write ipfw rules for Opengate. \r
-\r
-\r
-<p>(For FreeBSD6.0 or earlier)</p>\r
-\r
-<p>IPv4 packets are controlled by ipfw, and IPv6 packets by ip6fw.</p>\r
-<p>Sample setup scripts for both commands are prepared as "/etc/opengate/rc.firewall4.sample" and "/etc/opengate/rc.firewall6.sample"</p>\r
-<p>Copy these script and modify properly.</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /etc/opengate\r
-# cp rc.firewall4.sample rc.firewall4\r
-# cp rc.firewall6.sample rc.firewall6\r
-# vi rc.firewall4\r
-# vi rc.firewall6\r
-</pre></td></tr></table>\r
-\r
-<p>Modify firewall setting in /erc/rc.conf as follows. Be care that accesses after this setting might be denied by the firewall.</p>\r
-\r
-<table><tr><td><pre>\r
-firewall_enable="YES"\r
-firewall_script="/etc/opengate/rc.firewall4"\r
-\r
-ipv6_firewall_enable="YES"\r
-ipv6_firewall_script="/etc/opengate/rc.firewall6"\r
-</pre></td></tr></table>\r
-\r
-<p>Then modify "/etc/opengatesrv.conf" from <Ip6fwPath>/sbin/ipfw</Ip6fwPath> to <Ip6fwPath>/sbin/ip6fw</Ip6fwPath> </p>\r
-\r
-\r
-<p>(For FreeBSD6.1 or later)</p>\r
-\r
-<p>Both of IPv4 and IPv6 packets are controlled by ipfw.</p>\r
-<p>Sample setup scripts for the system are prepared as "/etc/opengate/rc.firewall.sample"</p>\r
-<p>Copy the script and modify properly. If you don't know IPv6, set IPv6 addresses as localhost(*net6="0", *ip6="::1").</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /etc/opengate\r
-# cp rc.firewall.sample rc.firewall\r
-# vi rc.virewall\r
-</pre></td></tr></table>\r
-\r
-<p>Modify firewall setting in /erc/rc.conf as follows. Be care that accesses after this setting might be denied by the firewall.</p>\r
-\r
-<table><tr><td><pre>\r
-firewall_enable="YES"\r
-firewall_script="/etc/opengate/rc.firewall"\r
-</pre></td></tr></table>\r
-\r
-\r
-<p>Be familiar with the ipfw command. Opengate is a software to send out ipfw add/delete command.</p>\r
-\r
-<p>Opengate adds/removes the allow rule (rule number:10000-40000) for the authenticated terminals. And the forward rule is exists in less priority position(rule number:60000) in the initial setting. Thus the packets for authenticated terminals pass the gateway, and the Web access from other terminals results the authentication page.\r
-</p>\r
-\r
-<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************ 5 ************** -->\r
-<h4>F.5 Setup of syslog<A class=anchor href="#opengate5" name=opengate5>\81õ</A></h4>\r
-\r
-<p>Edit /etc/syslog.conf to save log file for Opengate.</p>\r
-\r
-<table><tr><td><pre>\r
- | Separeted by TAB code\r
- V\r
-local1.* /var/log/opengate.log\r
-</pre></td></tr></table>\r
-\r
-<p>Make the log file as follows. Be care to control the size of this log file.</p>\r
-\r
-<table><tr><td><pre>\r
-# touch /var/log/opengate.log\r
-</pre></td></tr></table>\r
-\r
-<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************ 6 ************** -->\r
-<h4>F.6 Checking Behavior<A class=anchor href="#opengate6" name=opengate6>\81õ</A></h4>\r
-\r
-<p>Connect a PC to the lower-side network and access to a site in the upper-side network. If it does not work properly, refer doc/progflow.html and doc/protocol.txt to understand the procedure. And see the log file for Opengate, httpd, system and others. To dump more information from Opengate, set the <Debug> switch "2" in opengatesrv.conf. Check also the functions of related software. The error checking document(errcheck.html) and Q and A document (qa.html, recentqa.html in web) might be used for problem solving.</p>\r
-\r
-<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************ 7 ************** -->\r
-<h4>F.7 Modification of Pages<A class=anchor href="#opengate7" name=opengate7>\81õ</A></h4>\r
-\r
-<p>\r
-If you want to modify the contents of web pages, edit the html files in Opengate directories. The relative path cannot use in httpkeep.html. Use the URL of full description. The descriptions such as %%XXX%% are variables replaced with some proper values in CGI. </p>\r
-\r
-<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
-\r
-\r
-<hr>\r
-<!-- Start:Install MRTG -->\r
-<h3>G MRTG Install(Optional)<A class=anchor href="#mrtg0" name=mrtg0>†</A></h3>\r
-\r
-<ul>\r
- <li class="list_num"><A href="#mrtg1">Install (ports)</A></li>\r
- <li class="list_num"><A href="#mrtg2">Setup MRTG</A></li>\r
- <li class="list_num"><A href="#mrtg3">Start confirmation</A></li>\r
- <li class="list_num"><A href="#mrtg4">Setup crontab</A></li>\r
-</ul>\r
-\r
-<!-- ************ 1 ************** -->\r
-<h4>G.1 Ports Install<A class=anchor href="#mrtg1" name=mrtg1>†</A></h4>\r
-\r
-<p>This is optional. When you want to watch the state of Opengate, MRTG can be used but is not required usually.</p>\r
-\r
-<p><a href="http://people.ee.ethz.ch/~oetiker/webtools/mrtg/" target="_blank">MRTG</a>(Multi Router Traffic Grapher) is system to watch network traffic. \r
-MRTG makes graphic images and HTML files. </p>\r
-\r
-<p>You can install MRTG to gateway server or another server. If you must watch plural Opengate, you \r
-had better install MRTG to another server.</p>\r
-\r
-<table><tr><td><pre>\r
-# cd /usr/ports/net-mgmt/mrtg/\r
-# make clean\r
-# make install clean ; rehash\r
-</pre></td></tr></table>\r
-\r
-<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div><!-- ************ 2 ************** -->\r
-<h4>G.2 Setup of MRTG<A class=anchor href="#mrtg2" name=mrtg2>†</A></h4>\r
-\r
-<p>There is "/usr/local/etc/mrtg/mrtg.cfg.sample" as configuration file after instalation. \r
-Copy mrtg.cfg.sample to opengate.cfg and edit configuration file.</p>\r
-\r
-<table><tr><td><pre>\r
-##################################################\r
-# opengate user counter\r
-\r
-WorkDir: /usr/home/user/public_html/mrtg/opengate/\r
-\r
-##### Options\r
-Options[^]: growright,gauge,nopercent,integer\r
-\r
-Target[opengate]:`/usr/home/user/bin/input.sh`\r
-Title[opengate]: Opengate user counter\r
-\r
-PageTop[opengate]: <h1>Opengate user counter</h1>\r
- <p>Show the number of people using Opengate</p>\r
-\r
-# Max Number\r
-MaxBytes[opengate]: 200\r
-\r
-# Title of Y axis\r
-YLegend[opengate]: Opengate User\r
-# unit\r
-ShortLegend[opengate]: s\r
-# Title of graph LegendI: first line LegendO: second line\r
-LegendI[opengate]: IPv6 Users\r
-LegendO[opengate]: Total Users\r
-</pre></td></tr></table>\r
-\r
-<p>make a directory which you appointed in "WorkDir". MRTG makes graphic images and HTML files in WorkDir.</p>\r
-\r
-<p>"Target[opengate]" is path to program to hand data to MRTG. explain below th details.</p>\r
-\r
-\r
-\r
-<h5>G.2.1 Case of gateway server<A class=anchor href="#mrtg21" name=mrtg21>†</A></h5>\r
-\r
-<p>Put this shellscript as "/usr/home/user/bin/input.sh".</p>\r
-\r
-<table><tr><td><pre>\r
-#!/bin/sh\r
-\r
-#######################################\r
-##\r
-## show opengate status for MRTG\r
-##\r
-## 1 line : IPv6 Users\r
-## 2 line : Total Users\r
-## 3 line : uptime\r
-## 4 line : comment for data\r
-##\r
-#######################################\r
-\r
-LANG=C\r
-COLUMNS=256\r
-\r
-export LANG\r
-export COLUMNS\r
-\r
-### IPv6 prefix\r
-prefix="2001:2f8:22:801:"\r
-###opengateprocessname\r
-process="opengatesrv.cgi" \r
-\r
-###tmp file name\r
-tmp_all="/tmp/og_count_all.tmp"\r
-tmp_6="/tmp/og_count_6.tmp"\r
-\r
-######################################################\r
-psax | grep $process > $tmp_all\r
-COUNT = `wc-l $tmp_all | awk '{print $1}'` \r
-grep $prefix $tmp_all > $tmp_6\r
-COUNT6=`wc -l $tmp_6 | awk '{print $1}'`\r
-UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`\r
-\r
-rm $tmp_all\r
-rm $tmp_6\r
-\r
-echo "$COUNT6"\r
-echo "$COUNT"\r
-echo "$UPTIME"\r
-echo "Opengate User Counter"\r
-</pre></td></tr></table>\r
-\r
-<p>carry out this shell script alone and confirm that you can acquire the following data.</p>\r
-\r
-<table><tr><td><pre>5\r
-48\r
-10days\r
-Opengate User Counter\r
-</pre></td></tr></table>\r
-\r
-\r
-<h5>G.2.2 Case of another server<A class=anchor href="#mrtg22" name=mrtg22>†</A></h5>\r
-\r
-<p>Put this shellscript as "/usr/home/user/bin/input.sh" on another server.</p>\r
-\r
-<table><tr><td><pre>\r
-#!/bin/sh\r
-\r
-#######################################\r
-##\r
-## input data for MRTG\r
-##\r
-## 1 line : IPv6 Users\r
-## 2 line : Total Users\r
-## 3 line : uptime\r
-## 4 line : comment for data\r
-##\r
-#######################################\r
-\r
-# tmp file name\r
-file="/tmp/opengate.tmp"\r
-\r
-# URL of output.sh at opengate\r
-url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh"\r
-\r
-fetch -o $file $url &> /dev/null\r
-\r
-more $file\r
-</pre></td></tr></table>\r
-\r
-<p>Put this shell script as "/usr/local/apache2/cgi-bin/output.sh" on Opengate server. \r
-And set this URL to $url in script explained by the above.</p>\r
-\r
-<table><tr><td><pre>\r
-#!/bin/sh\r
-\r
-#######################################\r
-##\r
-## show opengate status for MRTG\r
-##\r
-## 1 line : IPv6 Users\r
-## 2 line : Total Users\r
-## 3 line : uptime\r
-## 4 line : comment for data\r
-##\r
-#######################################\r
-\r
-LANG=C\r
-COLUMNS=256\r
-\r
-export LANG\r
-export COLUMNS\r
-\r
-### IPv6 prefix\r
-prefix="2001:2f8:22:801:"\r
-###opengateprocessname\r
-process="opengatesrv.cgi" \r
-\r
-###tmp file name\r
-tmp_all="/tmp/og_count_all.tmp"\r
-tmp_6="/tmp/og_count_6.tmp"\r
-\r
-######################################################\r
-psax | grep $process > $tmp_all \r
-COUNT = `wc-l $tmp_all | awk '{print $1}'` \r
-grep $prefix $tmp_all > $tmp_6\r
-COUNT6=`wc -l $tmp_6 | awk '{print $1}'`\r
-UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`\r
-rm $tmp_all\r
-rm $tmp_6\r
-\r
-echo "Content-type: text/plain; charset=iso-8859-1"\r
-echo\r
-\r
-echo "$COUNT6"\r
-echo "$COUNT"\r
-echo "$UPTIME"\r
-echo "Opengate User Counter"\r
-</pre></td></tr></table>\r
-\r
-<p>carry out "input.sh" shell script on another server and confirm that you can acquire the following data.</p>\r
-\r
-<table><tr><td><pre>5\r
-48\r
-10days\r
-Opengate User Counter\r
-</pre></td></tr></table>\r
-\r
-<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div><!-- ************ 3 ************** -->\r
-<h4>G.3 Start confirmation<A class=anchor href="#mrtg3" name=mrtg3>†</A></h4>\r
-\r
-<p>Confirm after setting was completed.</p>\r
-\r
-<table><tr><td><pre>\r
-# /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg\r
-</pre></td></tr></table>\r
-\r
-<p>Various WARNING is output the first and second time.</p>\r
-\r
-<p>There is some files in "WorkDir".</p>\r
-\r
-<table><tr><td><pre>> ls -l\r
--rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png\r
--rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png\r
--rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png\r
--rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png\r
--rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png\r
--rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png\r
--rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png\r
--rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html\r
--rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log\r
--rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old\r
-</pre></td></tr></table>\r
-\r
-<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
-\r
-<!-- ************ 4 ************** -->\r
-<h4>G.4 Setup crontab<A class=anchor href="#mrtg4" name=mrtg4>†</A></h4>\r
-\r
-<p>Add next line to "/etc/crontab".</p>\r
-\r
-<table><tr><td><pre>\r
-*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg\r
-</pre></td></tr></table>\r
-\r
-<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
-\r
-\r
-<!-- ************ 1 ************** -->\r
-<h3>H rulechk Install(Optional)<A class=anchor href="#rulechk" name=rulechk>†</A></h3>\r
-\r
-<p>This is optional. At the abnormal termination of Opengate process, superfluous rule might be left bihind. \r
-Though it is very rare, a script dealing with the case is prepared in tools/rulechk. This script is compatible with Opengate Ver1.3.1 or later.\r
-This script compares the Opengate process list and the firewall rule list, and deletes the superfluous rules.\r
-</p>\r
-<div align="right"><A href="#rulechk">back</A> <A href="#top">top</A></div>\r
-\r
-</body>\r
-</html>\r
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML>
+<HEAD>
+ <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
+ <TITLE>Opengate Install</TITLE>
+
+</HEAD>
+<BODY LANG="en-US" BGCOLOR="#fafff0" DIR="ltr">
+<H2><A href="#top" name=top><FONT SIZE=4>Opengate Installation
+Procedure</FONT></A></H2>
+
+<!-- Start:content table -->
+<UL>
+ <LI><A href="#outline0">Outline</A>
+
+ <UL>
+ <LI><A href="#outline1">System Configuration</A> </LI>
+ <LI><A href="#outline2">Installation Procedure</A> </LI>
+ <LI><A href="#outline3">Support Page</A></LI>
+ </UL>
+ <LI><A href="#freebsd0">FreeBSD Installation</A> </LI>
+ <UL>
+ <LI><A href="#freebsd1">Basic Installation</A> </LI>
+ <LI><A href="#freebsd2">Adding NAT and Firewall</A> </LI>
+ <LI><A href="#freebsd3">Setting up IPv6</A></LI>
+ </UL>
+ <LI><A href="#bind0">BIND9 Installation (Optional)</A> </LI>
+ <UL>
+ <LI><A href="#bind1">Ports Installation</A> </LI>
+ <LI><A href="#bind2">Making RNDC Key</A> </LI>
+ <LI><A href="#bind3">Setting up named.conf</A> </LI>
+ <LI><A href="#bind4">Creating a Zone file</A> </LI>
+ <LI><A href="#bind5">Checking Behavior</A></LI>
+ </UL>
+ <LI><A href="#dhcp0">isc-dhcp3 Installation (Optional)</A>
+ <UL>
+ <LI><A href="#dhcp1">Ports Installation</A> </LI>
+ <LI><A href="#dhcp2">Setting up DHCP</A></LI>
+ </UL>
+ <LI><A href="#apache0">Apache2 Installation</A> </LI>
+ <UL>
+ <LI><A href="#apache1">Ports Installation</A> </LI>
+ <LI><A href="#apache2">Making Certificates</A> </LI>
+ <LI><A href="#apache3">Setting up VirtualHost</A> </LI>
+ <LI><A href="#apache4">Other Settings and Checking the Installation</A></LI>
+ </UL>
+ <LI><A href="#opengate0">Opengate Installation</A> </LI>
+ <UL>
+ <LI><A href="#opengate1">Opengate Package</A> </LI>
+ <LI><A href="#opengate2">Installation</A> </LI>
+ <LI><A href="#opengate3">Setting up Config File</A> </LI>
+ <LI><A href="#opengate4">Setting up IPFW</A> </LI>
+ <LI><A href="#opengate5">Setting up Syslog</A> </LI>
+ <LI><A href="#opengate6">Checking Behavior</A> </LI>
+ <LI><A href="#opengate7">Modifying Pages</A> </LI>
+ </UL>
+ <LI><A href="#mrtg0">MRTG Install(Optional)</A> </LI>
+ <UL>
+ <LI><A href="#mrtg1">Ports Installation</A> </LI>
+ <LI><A href="#mrtg2">Setting up MRTG</A> </LI>
+ <LI><A href="#mrtg3">Confirming MRTG Startup Operation</A> </LI>
+ <LI><A href="#mrtg4">Registering to Crontab</A> </LI>
+ </UL>
+ <LI><A href="#rulechk">rulechk Installation (Optional)</A> </LI>
+</UL>
+
+<BR><BR>
+<P></P><!-- End:content table --><!-- Start:Outline -->
+
+
+<H3><A href="#outline0" name=outline0>A Outline</A></H3>
+<UL>
+ <LI><A href="#outline1">System Configuration</A> </LI>
+
+ <LI><A href="#outline2">Installation Procedure</A> </LI>
+</UL>
+
+<H4><!-- ************1************* -->
+<A href="#outline1" name=outline1>A.1 System
+Configuration</A></H4>
+<UL>
+ <LI>Gateway Machine </LI>
+ <UL>
+ <LI>FreeBSD Ver 4.x, 5.x, 6.x or 7.x </LI>
+ <LI>Having two or more NICs </LI>
+ </UL></LI>
+</UL>
+<P>In this document, we use the system configuration as follows. The
+network connecting terminals is called "lower-side network" and
+the network having servers is called "upper-side network".</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>upper-side network:192.168.0.0/24, 2001:1:2:3/64
+Gateway to upper-side network:fxp1, 192.168.0.124, 2001:1:2:3::4
+Gateway to lower-side network:fxp0, 192.168.1.1, 2001:5:6:7::1
+lower-side network:192.168.1.0/24, 2001:5:6:7/64</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Opengate recognizes both IPv4 and IPv6 addresses, and controls
+both firewalls. It can be used for IPv4 control only if the FreeBSD
+environment is not set up for IPv6.</P>
+
+
+<H4><!-- ***********2************** -->
+<A href="#outline2" name=outline2>A.2 Installation
+Procedure</A></H4>
+<P>The following steps are necessary to complete the installation of
+Opengate. <BR>Items marked with '*' are mandatory.</P>
+<UL>
+ <LI>FreeBSD Installation * </LI>
+
+ <LI>Adding the Firewall * </LI>
+
+ <LI>BIND9 Installation and Setup </LI>
+
+ <LI>DHCP Installation and Setup </LI>
+
+ <LI>Apache2 Installation and Setup *</LI>
+
+ <LI>Opengate Installation and Setup *</LI>
+</UL>
+
+
+<H4><!-- ***********3************** -->
+<A href="#outline3" name=outline3>A.2 Support Page</A></H4>
+<P STYLE="MARGIN-BOTTOM: 0in">The Opengate support page can be
+consulted at:
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE> http://www.cc.saga-u.ac.jp/opengate/index-e.html</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#outline0">back</A> <A href="#top">top</A></P>
+<HR>
+
+
+<!-- Start:FreeBSD Install-->
+<H3><A href="#freebsd0" name=freebsd0>B FreeBSD Installation</A></H3>
+<UL>
+ <LI><A href="#freebsd1">Basic Installation</A> </LI>
+ <LI><A href="#freebsd2">Adding NAT and Firewall</A> </LI>
+ <LI><A href="#freebsd3">Setting up IPv6</A> </LI>
+</UL>
+
+
+<H4><!-- ************1************* -->
+<A href="#freebsd1" name=freebsd1>B.1 Basic Installation</A></H4>
+
+<P>Use FreeBSD4.x or later. FreeBSD6.1 or later is preferred. <BR>Choose
+distribution "Developer (Full sources, binaries and doc)" or
+"all" because we have to compile a custom kernel.</P>
+<P>Add the following line to "/etc/rc.conf", to enable the
+gateway function:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <P><CODE>gateway_enable="YES"</CODE></P>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#freebsd0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 2 ************** --><A href="#freebsd2" name=freebsd2>B.2 Adding
+NAT and Firewall</A></H4>
+<P>Preparing the kernel to include IPFW and IP6FW functionality.</P>
+<P>Copy the kernel configuration file:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /usr/src/sys/i386/conf
+# cp GENERIC MYKERNEL</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Add the following lines to the kernel configuration file:</P>
+<P>A. FreeBSD6.0 or earlier</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>options IPDIVERT
+
+options IPFIREWALL
+options IPFIREWALL_FORWARD
+options IPFIREWALL_VERBOSE
+options IPFIREWALL_VERBOSE_LIMIT=100
+
+options IPV6FIREWALL
+options IPV6FIREWALL_VERBOSE
+options IPV6FIREWALL_VERBOSE_LIMIT=100
+
+options IPSEC
+options IPSEC_ESP
+options TCP_DROP_SYNFIN</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>B. FreeBSD6.1 or later</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>options IPDIVERT
+
+options IPFIREWALL
+options IPFIREWALL_FORWARD
+options IPFIREWALL_VERBOSE
+options IPFIREWALL_VERBOSE_LIMIT=100
+
+options IPSEC
+device crypto</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>compile and install the new kernel (incl. added support for IPFW
+and IP6FW).</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+<TR><TD>
+<PRE>#cd /usr/src
+#make buildkernel KERNCONF=MYKERNEL
+#make installkernel KERNCONF=MYKERNEL
+</PRE>
+</TD></TR>
+</TABLE>
+<P>It might be failed in old FreeBSD. In the case, execute the following.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+<TR><TD>
+<PRE># config MYKERNEL
+# cd ../compile/MYKERNEL
+# make depend
+# make
+# make install</PRE>
+</TD></TR>
+</TABLE>
+<P>"make clean" might be requested before "make
+depend".
+</P>
+<P>Add the following lines to "/etc/rc.conf":</P>
+<P>a. FreeBSD6.0 or earlier</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>firewall_enable="YES"
+firewall_script="/etc/rc.firewall"
+firewall_type="open"
+
+ipv6_firewall_enable="YES"
+ipv6_firewall_script="/etc/rc.firewall6"
+ipv6_firewall_type="open"
+
+natd_enable="YES"
+natd_interface="fxp1"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>b. FreeBSD6.1 or later</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>firewall_enable="YES"
+firewall_script="/etc/rc.firewall"
+firewall_type="open"
+
+natd_enable="YES"
+natd_interface="fxp1"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>When enabling IPFW (and IP6FW), make sure
+to also set the firewall_type to 'OPEN', to prevent unpredictable
+system behavior during installation. <BR>To enable NAT, set
+natd_enable to 'YES' and define the natd interface (Upper-side
+interface).</P>
+<P>Connect a client pc to the lower-side
+network and check the IPv4 behavior.<BR>Since DHCP is not yet set up,
+the client's network settings must be configured manually.</P>
+<P ALIGN=right><A href="#freebsd0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 3 ************** -->
+<A href="#freebsd3" name=freebsd3>B.3 Setting up IPv6</A></H4>
+<P>If you need IPv4 only, this section can
+be skipped. <BR>Though explanation is omitted, many parameters, like
+the ones used in the following sample, can be set in /etc/rc.conf.
+<BR>It is advised to read up on IPv6 and carefully set up its
+parameters.
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>##ENABLE IPv6
+ipv6_enable="YES"
+ipv6_network_interfaces="gif0 fxp0"
+
+##TUNNELLING INTERFACE
+gif_interfaces="gif0"
+gifconfig_gif0="192.168.0.124 192.168.0.126"
+
+##IPv6 ADDRESS
+ipv6_prefix_fxp0="2001:5:6:7"
+ipv6_ifconfig_fxp0="2001:5:6:7::1 prefixlen 64"
+
+##ADVERTISE
+rtadvd_enable="YES"
+rtadvd_interfaces="fxp0"
+
+##DEFAULT GATEWAY
+ipv6_default_interface="gif0"
+ipv6_defaultrouter="fe80::a:b:c:d%gif0"
+
+##ROUTING(RIPv6)
+ipv6_gateway_enable="YES"
+ipv6_router_enable="YES"
+ipv6_router="/usr/sbin/route6d"
+ipv6_router_flags="-O 2001:5:6:7::/64,gif0"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Connect a client pc to the lower-side
+network and check the behavior of IPv6.<BR>On a Windows pc, the
+command "ipv6 install" might be needed to activate IPv6.</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#ipfw0">back</A> <A href="#top">top</A></P>
+<HR>
+
+
+<H3><!-- Start:BIND9 Install --><A href="#bind0" name=bind0>C BIND9
+Install(Optional)</A></H3>
+<UL>
+ <LI><A href="#bind1">Ports Install</A></LI>
+ <LI><A href="#bind2">Making RNDC Key</A></LI>
+ <LI><A href="#bind3">Setting up named.conf</A></LI>
+ <LI><A href="#bind4">Creating up a Zone file</A> </LI>
+ <LI><A href="#bind5">Checking Behavior</A> </LI>
+</UL>
+
+
+<H4><!-- ********** 1 *********** -->
+<A href="#bind1" name=bind1>C.1 Ports Install</A></H4>
+
+<P> You can ignore DNS
+settings, if you control with IP address base
+or use existing DNS servers.</P>
+<P> Installing BIND9 from
+ports:<BR>
+Note: The "sysinstall" command can also be used.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /usr/ports/dns/bind9/
+# make clean
+# make install clean ; rehash</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>During installation the directory "/etc/namedb
+(/var/named/etc/namedb)" is created.</P>
+<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ********** 2 ********** -->
+<A href="#bind2" name=bind2>C.2 Making RNDC key</A></H4>
+<P>Use the "rndc" command to further secure BIND9.</P>
+<P>Create the rndc key as follows:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /etc/namebd/
+# rndc-confgen -b 512 > rndc.conf</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>This will generate the "rndc.conf" file.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># Start of rndc.conf
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
+};
+
+options {
+ default-key "rndc-key";
+ default-server 127.0.0.1;
+ default-port 953;
+};
+# End of rndc.conf
+
+# Use with the following in named.conf, adjusting the allow list as needed:
+# key "rndc-key" {
+# algorithm hmac-md5;
+# secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
+# };
+#
+# controls {
+# inet 127.0.0.1 port 953
+# allow { 127.0.0.1; } keys { "rndc-key"; };
+# };
+# End of named.conf</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ********* 3 ********* -->
+<A href="#bind3" name=bind3>C.3 Setting up named.conf</A></H4>
+<P>After installation, look for the
+"/etc/namedb/named.conf" file and copy the last half of the
+"rndc.conf" file to it, making sure to remove comments, and
+add IPv6 configuration where/if required.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># Use with the following in named.conf, adjusting the allow list as needed:
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
+};
+
+controls {
+ inet ::1 port 953 allow { ::1; } keys { "rndc-key"; };
+ inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
+};
+# End of named.conf</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>For security reasons, it is better to write the "key"
+directive in the other file.</P>
+<P>Edit the "options" directive in "named.conf":</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>options {
+ directory "/etc/namedb";
+ pid-file "/var/run/named/pid";
+ auth-nxdomain yes;
+ listen-on-v6 { any; };
+};</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Create the corresponding "pid" directory.</P>
+<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ******** 4 ********* -->
+<A href="#bind4" name=bind4>C.4 Creating a Zone file</A></H4>
+<P>Edit the "view" and "zone" directives in "named.conf".</P>
+<P>The "view" directive is implemented in BIND9. Replying
+to the inquiries from matched-clients, BIND9 sends the information as
+described in the corresponding "view"</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>view "og" {
+ match-clients
+ {
+ 192.168.1.0/24;
+ };
+
+ recursion yes;
+
+ zone "." {
+ type hint;
+ file "named.root";
+ };
+
+ zone "og.saga-u.ac.jp" {
+ type master;
+ file "og.saga-u.ac.jp";
+ };
+
+ zone "0.0.127.IN-ADDR.ARPA" {
+ type master;
+ file "master/localhost.rev";
+ };
+
+ // RFC 3152
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
+ type master;
+ file "master/localhost-v6.rev";
+ };
+
+ // RFC 1886 -- deprecated
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
+ type master;
+ file "master/localhost-v6.rev";
+ };
+};</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P><BR>Make a "zone" file for the domain "og.saga-u.ac.jp".
+<BR>The domain name and IPv4/6 addresses should be modified properly.
+If you don't need IPv6, remove the line containing "AAAA ....".</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>$TTL 3600
+$ORIGIN og.saga-u.ac.jp.
+
+@ IN SOA ns.og.saga-u.ac.jp. postmaster (
+ 2005051702 ;
+ 3600
+ 1200
+ 2419200
+ 86400 )
+ IN NS ns.og.saga-u.ac.jp.
+ IN A 192.168.1.1
+ IN MX 10 opengate.og.saga-u.ac.jp.
+
+ns IN A 192.168.1.1
+
+opengate IN A 192.168.1.1
+ AAAA 2001:5:6:7::1</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#bind0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ********* 5 ********* -->
+<A href="#bind5" name=bind5>C.5 Checking Behavior</A></H4>
+<P>Confirm starting of "named" after completings its
+configuration.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># /usr/local/sbin/named -u bind -c /etc/namedb/named.conf</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>If "named" starts without problems, add the following
+lines to "/etc/rc.conf" to allow it to automatically start
+on boot up.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>named_enable="YES"
+named_program="/usr/local/sbin/named"
+named_flags="-u bind -c /etc/namedb/named.conf"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Because the management of a DNS server
+can be complicated, it is strongly advised to carefully read the
+BIND9 manual, and/or consult other documentation.</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#bind0">back</A> <A href="#top">top</A></P>
+
+
+<HR>
+<H3><!-- Start:isc-dhcp3 Install -->
+<A href="#dhcp0" name=dhcp0>D isc-dhcp3 Installation (Optional)</A></H3>
+<UL>
+ <LI><A href="#dhcp1">Ports Installation</A>
+ <LI><A href="#dhcp2">Setting up DHCP</A> </LI>
+</UL>
+
+
+<H4><!-- *********** 1 ************* -->
+<A href="#dhcp1" name=dhcp1>D.1 Ports Install</A></H4>
+<P>If many client PCs are going to be
+connected, using the DHCP service might be a desirable solution for
+assigning IP addresses to these clients.</P>
+<P>Installing isc-dhcp3 from ports:<BR>Note:
+the "sysinstall" command can also be used.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /usr/ports/net/isc-dhcp3-server
+# make clean
+# make install clean ; rehash</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#dhcp0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 2 ************** -->
+<A href="#dhcp2" name=dhcp2>D.2 Setting up DHCP</A></H4>
+<P>The"/usr/local/etc/dhcpd.conf.sample"
+ configuration file is created during installation. <BR>Copy
+"dhcpd.conf.sample" to "dhcpd.conf" and edit the
+file. <BR><BR>The following is an example setup: <BR>The lease time
+must be greater than the maximum usage duration (Duration/Max in
+opengatesrv.conf).<BR>The domain name and IP addresses should be
+modified.
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>option domain-name "og.saga-u.ac.jp";
+option domain-name-servers 192.168.1.1;
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.1.255;
+option routers 192.168.1.1;
+
+default-lease-time 86400;
+max-lease-time 604800;
+ddns-update-style none;
+log-facility local7;
+
+subnet 192.168.55.0 netmask 255.255.255.0 {
+ range 192.168.1.10 192.168.1.250;
+}</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Add the following lines to "/etc/rc.conf" to allow it to
+automatically start on boot up.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>dhcpd_enable="YES"
+dhcpd_ifaces="fxp0"
+dhcpd_conf="/usr/local/etc/dhcpd.conf"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>In this example, the value of
+"dhcpd_ifaces" is the interface providing the DHCP service
+<BR>(to the lower-side network).</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#dhcp0">back</A> <A href="#top">top</A></P>
+<HR>
+
+
+<H3><!-- Start:Apache2 Install--><A href="#apache0" name=apache0>E Apache2
+Installation</A></H3>
+<UL>
+ <LI><A href="#apache1">Ports Installation</A> </LI>
+ <LI><A href="#apache2">Making Certificates</A> </LI>
+ <LI><A href="#apache3">Setting up SSL</A></LI>
+ <LI><A href="#apache4">Other Settings and Checking the installation</A> </LI>
+</UL>
+
+
+<H4><!-- ************ 1 ************** --><A href="#apache1" name=apache1>E.1 Ports
+Install</A></H4>
+<P>When using IPv6, Opengate needs Apache2
+to support IPv6. <BR>By default, Apache2 supports SSL which is
+preferred for secure authentication.</P>
+<P>Installing Apache2 from ports:<BR>Note:
+The "sysinstall" command can also be used.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /usr/ports/www/apache22
+# make clean
+# make install clean ; rehash</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 2 ************** --><A href="#apache2" name=apache2>E.2 Making
+Certificates</A></H4>
+<P>It is better to obtain a formal key from
+some CA. But we will show you how to create a self-signed private key
+and certificate.
+</P>
+<P>Creating a private key:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /usr/local/etc/apache22
+# mkdir ssl.key ssl.crt
+# chmod 700 ssl.key ssl.crt
+
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache22/server.key 1024</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P><BR>Making a certificate from the created key:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># /usr/bin/openssl req -new -x509 -days 365 \
+ -key /usr/local/etc/apache22/server.key \
+ -out /usr/local/etc/apache22/server.crt
+
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:JP
+State or Province Name (full name) [Some-State]:Saga
+Locality Name (eg, city) []:Saga-city
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
+Organizational Unit Name (eg, subsection) []:Opengate Management
+Common Name (eg, YOUR name) []:opengate.og.saga-u.ac.jp
+Email Address []:administrator@opengate.og.saga-u.ac.jp
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 3 ************** --><A href="#apache3" name=apache3>E.3
+Setting up SSL</A></H4>
+<P>Edit "/usr/local/etc/apache22/extra/httpd-ssl.conf" as
+shown in the following example:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <P>ssl.conf
+ </P>
+ </TD>
+ </TR>
+ <TR>
+ <TD>
+ <PRE><VirtualHost _default_:443>
+ DocumentRoot "/usr/local/www/apache22/data"
+ ServerName opengate.og.saga-u.ac.jp:443
+ ServerAdmin administrator@opengate.og.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+
+ SSLEngine on
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /usr/local/etc/apache22/server.crt
+ SSLCertificateKeyFile /usr/local/etc/apache22/server.key
+</VirtualHost></PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Since Apache2 has many settings,
+familiarize yourself with the Apache2 configuration options for
+adequate control.</P>
+<P ALIGN=right><A href="#apache0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 4 ************** --><A href="#apache4" name=apache4>E.4 Other
+Settings and Checking the Installation</A></H4>
+<P>Edit "/usr/local/etc/apache22/httpd.conf" as follows:</P>
+<P>Opengate should send back the
+authentication page in response to any kind of HTTP request. <BR>To
+do so, add the following line to httpd.conf: <BR> (the top page will
+be sent back on an HTTP_ERROR 404 [file not found] error).</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>ErrorDocument 404 /</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P><BR>Add "ExecCGI" to allow executing CGI programs in the
+cgi-bin directory.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE><Directory "/usr/local/www/cgi-bin">
+ ...
+ Options ExecCGI
+ ...
+</Directory></PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Remove the comment mark ("#") to
+enable the following setting:
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>AddHandler cgi-script .cgi
+AddHandler type-map .var</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Add "index.html.var" to
+DirectoryIndex:
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>DirectoryIndex index.html.var index.html</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Include ssl conf file:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>Include etc/apache22/extra/httpd-ssl.conf</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Set ServerName:
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>ServerName opengate.og.saga-u.ac.jp</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Start Apache2 with "apachectl start"
+and check for errors. <BR>If no errors are displayed, add the
+following lines to "/etc/rc.conf" to allow Apache to start
+on boot up:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>apache22_enable="YES"
+apache22ssl_enable="YES"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>If the system shows "Failed to
+enable the 'httpready' Accept Filter", add the following to
+/boot/loader.conf :</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>accf_http_load="YES"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Should the certificate require a PASSPHRASE, Apache will ask for it during
+boot up.<BR> If you do not enter the passphrase (reboot due to
+power outage, remote reboot, ,...), this will prevent <BR> the server from starting Apache normally,
+i.e. leaving you with a possible "crippled" server.</P>
+<BLOCKQUOTE>
+<P>
+Easy fix:<BR>
+1. create a simple script containing the following:<BR>
+#!/bin/sh<BR>
+echo "<passphrase goes here>"<BR>
+<BR>2. add the following to httpd.conf:<BR>
+SSLPassPhraseDialog exec:/path/to/above/script
+</P></BLOCKQUOTE>
+
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#apache0">back</A> <A href="#top">top</A></P>
+
+
+<HR>
+<H3><!-- Start:Opengate Install -->
+<A href="#opengate0" name=opengate0>F Opengate Installation</A></H3>
+<UL>
+ <LI><A href="#opengate1">Opengate Package</A>
+ <LI><A href="#opengate2">Installation</A> </LI>
+ <LI><A href="#opengate3">Setting up Config File</A> </LI>
+ <LI><A href="#opengate4">Setting up IPFW</A> </LI>
+ <LI><A href="#opengate5">Setting up syslog</A> </LI>
+ <LI><A href="#opengate6">Checking Behavior</A> </LI>
+ <LI><A href="#opengate7">Modifying Pages</A> </LI>
+</UL>
+
+
+<H4><!-- ************1************* -->
+<A href="#opengate1" name=opengate1>F.1 Opengate
+Package</A></H4>
+<P>Unpack the Opengate compressed file:
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># tar xzvf opengatexxxx.tar.gz</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>It contains the following directories:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>doc: Documentation
+conf: Configuration files and firewall control Perl script sample
+javahtml: Client Java Programs and HTML files
+opengatesrv: Server CGI programs
+tools: Some related tools
+ezxml: XML parser (Copyright Aaron Voisine)</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************2************* -->
+<A href="#opengate2" name=opengate2>F.2 Installation</A></H4>
+<P>Check the settings in "opengatesrv/Makefile" and modify
+if needed:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>HTMLTOP = /usr/local/www/apache22
+DOCDIR = /data
+CGIDIR = /cgi-bin
+OPENGATEDIR = /opengate
+CONFIGPATH = /etc/opengate</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Compile and Install:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># make clean
+# make install</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 3 ************** -->
+<A href="#opengate3" name=opengate3>F.3 Setting up Config File</A></H4>
+
+<P>Copy the sample configuration file
+"/etc/opengate/opengatesrv.conf.sample" to
+"/etc/opengate/opengatesrv.conf" and modify. <BR>The
+following settings must be changed:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE> <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>
+
+ <AuthServer>
+ <Protocol>pop3s</Protocol>
+ <Address>192.168.0.2</Address>
+ </AuthServer></PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>In <OpengateServerName>, set the
+HOSTNAME(FQDN) or IP address of the opengate gateway server. If you
+want to use IPv6, you need to set the FQDN corresponding to both IPv4
+and IPv6 addresses.</P>
+<P>In <AuthServer>, set the
+information for the authentication server. Opengate supports various
+authentication protocols. See the config file for details. <BR>To
+differentiate between erorrs caused by authentication server or those
+caused by the opengate server, try the following setting first. This
+means that any userid and password combination is accepted.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE> ****Do not use this setting in real service****
+ <AuthServer>
+ <Protocol>accept</Protocol>
+ <AuthServer></PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>The config file is XML. "#" marks in
+the file do not represent the start of a comment. <BR>Use
+XML-formatted comments like <!-- Comment String --> to disable
+a description.</P>
+<P>Opengate can pass authentication settings
+in the form of "userid@extid". <BR>See the config file for
+more details. <BR>By using this function, you can use different
+authentication servers for many sections or guests.</P>
+<P>When the primary authentication server
+does not reply, Opengate can resend the request to other
+authentication servers. See the config file for more details.</P>
+<P>Caution: Do not delete the IPv6 related
+settings in the config file! <BR> The IPv6 access is executed when
+the FQDN for IPv6 is prepared.</P>
+
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 4 ************** -->
+<A href="#opengate4" name=opengate4>F.4 Setting up IPFW</A></H4>
+<P>Write IPFW rules for Opengate.
+</P>
+<P>a. For FreeBSD6.0 or earlier</P>
+<P>IPv4 and Ipv6 rules are controlled by IPFW and IP6FW respectively
+.</P>
+<P> Sample rule sets for both firewall
+types are prepared as "/etc/opengate/rc.firewall4.sample"
+and "/etc/opengate/rc.firewall6.sample"</P>
+<P>Copy these scripts and modify according to your needs.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /etc/opengate
+# cp rc.firewall4.sample rc.firewall4
+# cp rc.firewall6.sample rc.firewall6
+# vi rc.firewall4
+# vi rc.firewall6</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Modify the firewall settings in /etc/rc.conf as follows: <BR> Be
+careful not to lock yourself out of the system after reloading the
+firewall.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>firewall_enable="YES"
+firewall_script="/etc/opengate/rc.firewall4"
+
+ipv6_firewall_enable="YES"
+ipv6_firewall_script="/etc/opengate/rc.firewall6"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>For Ipv6 support, change the path in "/etc/opengatesrv.conf"
+from <Ip6fwPath>/sbin/ipfw</Ip6fwPath> to
+<Ip6fwPath>/sbin/ip6fw</Ip6fwPath>
+</P>
+<P>b. For FreeBSD6.1 or later</P>
+<P>Both IPv4 and IPv6 packets are controlled by IPFW.</P>
+<P>A sample rule set for IPFW can be found in
+"/etc/opengate/rc.firewall.sample"</P>
+<P>Copy the script and modify to fit your needs. <BR> If you are
+not familiar with Ipv6, set IPv6 addresses as localhost (*net6="0",
+*ip6="::1").</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /etc/opengate
+# cp rc.firewall.sample rc.firewall
+# vi rc.firewall</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Modify the firewall settings in /etc/rc.conf as follows:<BR> Be
+careful not to lock yourself out of the system after reloading the
+firewall.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>firewall_enable="YES"
+firewall_script="/etc/opengate/rc.firewall"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Familiarise yourself with the "ipfw" command. <BR> The
+Opengate software sends out ipfw add/delete commands.</P>
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 5 ************** -->
+<A href="#opengate5" name=opengate5>F.5 Setting
+up syslog</A></H4>
+<P>Edit /etc/syslog.conf to save log entries for Opengate.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE> | Separated by TAB code
+ V
+local1.* /var/log/opengate.log</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Make the log file as follows: <BR> Consider using log rotation to
+control the size of this log file.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># touch /var/log/opengate.log</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 6 ************** -->
+<A href="#opengate6" name=opengate6>F.6 Checking
+Behavior</A></H4>
+<P>Connect a PC to the lower-side network
+and try to access a site in the upper-side network. <BR>If it does
+not work properly, consult doc/progflow.html and doc/protocol.txt to
+better understand the procedure. Also check the log files for
+Opengate, httpd, system and others. To dump more information from
+Opengate, set the <Debug> switch to "2" in
+opengatesrv.conf. Also check the functions of related software. The
+error checking document (errcheck.html) and Q&A documents
+(qa.html, recentqa.html on the web) can be used for problem solving.</P>
+<P ALIGN=right><A href="#opengate0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 7 ************** -->
+<A href="#opengate7" name=opengate7>F.7 Modifying
+Pages</A></H4>
+<P>If you want to modify the contents of the
+web pages, edit the html files in the Opengate directories. The
+relative path cannot be used in httpkeep.html. Use the full URL
+description. The descriptions such as %%XXX%% are variables replaced
+by their proper values during CGI runtime.
+</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#opengate0">back</A> <A href="#top">top</A></P>
+<HR>
+
+
+
+<HR>
+<H3><!-- Start:Install MRTG -->
+<A href="#mrtg0" name=mrtg0>G MRTG Installion (Optional)</A></H3>
+<UL>
+ <LI><A href="#mrtg1">Ports Installation</A> </LI>
+ <LI><A href="#mrtg2">Setting up MRTG</A> </LI>
+ <LI><A href="#mrtg3">Confirming proper startup</A> </LI>
+ <LI><A href="#mrtg4">Setting up crontab</A> </LI>
+</UL>
+
+<H4><!-- ************ 1 ************** -->
+<A href="#mrtg1" name=mrtg1>G.1 Ports Installation</A></H4>
+
+<P>This section is optional. <BR> If you want to graphically
+monitor the state of Opengate, MRTG can be used but is not required.</P>
+<P><A HREF="http://people.ee.ethz.ch/%7Eoetiker/webtools/mrtg/" TARGET="_blank">MRTG<SPAN STYLE="TEXT-DECORATION: none">
+</SPAN></A>(Multi Router Traffic Grapher) is a system to monitor
+network traffic. MRTG produces graphic images and HTML files.
+</P>
+<P>You can install MRTG on the gateway
+server or another server. If you need to monitor multiple Opengate
+systems, it is advised to install MRTG on a separate server.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># cd /usr/ports/net-mgmt/mrtg/
+# make clean
+# make install clean ; rehash</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>
+
+
+<H4><!-- ************ 2 ************** -->
+<A href="#mrtg2" name=mrtg2>G.2 Setting up MRTG</A></H4>
+<P>MRTG creates
+"/usr/local/etc/mrtg/mrtg.cfg.sample" as the sample
+configuration file during installation. Copy mrtg.cfg.sample to
+opengate.cfg and edit the file:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>##################################################
+# opengate user counter
+
+WorkDir: /usr/home/user/public_html/mrtg/opengate/
+
+##### Options
+Options[^]: growright,gauge,nopercent,integer
+
+Target[opengate]:`/usr/home/user/bin/input.sh`
+Title[opengate]: Opengate user counter
+
+PageTop[opengate]: <h1>Opengate user counter</h1>
+ <p>Show the number of people using Opengate</p>
+
+# Max Number
+MaxBytes[opengate]: 200
+
+# Title of Y axis
+YLegend[opengate]: Opengate User
+# unit
+ShortLegend[opengate]: s
+# Title of graph LegendI: first line LegendO: second line
+LegendI[opengate]: IPv6 Users
+LegendO[opengate]: Total Users</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Be sure to actually create the directory
+which you appointed in "WorkDir". MRTG creates its graphic
+images and HTML files in "WorkDir"</P>
+<P>"Target[opengate]" contains the
+path to the program that hands its data to MRTG. <BR>(details
+explained below)</P>
+
+<H5>G.2.1 Scenario 1: Running MRTG on the gateway server</H5>
+<P>Create the shell script "/usr/home/user/bin/input.sh"
+with the following contents:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>#!/bin/sh
+
+#######################################
+##
+## show opengate status for MRTG
+##
+## 1 line : IPv6 Users
+## 2 line : Total Users
+## 3 line : uptime
+## 4 line : comment for data
+##
+#######################################
+
+LANG=C
+COLUMNS=256
+
+export LANG
+export COLUMNS
+
+### IPv6 prefix
+prefix="2001:2f8:22:801:"
+###opengateprocessname
+process="opengatesrv.cgi"
+
+###tmp file name
+tmp_all="/tmp/og_count_all.tmp"
+tmp_6="/tmp/og_count_6.tmp"
+
+######################################################
+psax | grep $process > $tmp_all
+COUNT = `wc-l $tmp_all | awk '{print $1}'`
+grep $prefix $tmp_all > $tmp_6
+COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
+UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
+
+rm $tmp_all
+rm $tmp_6
+
+echo "$COUNT6"
+echo "$COUNT"
+echo "$UPTIME"
+echo "Opengate User Counter"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Run this shell script as standalone and confirm that you can
+acquire the following data:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>5
+48
+10days
+Opengate User Counter</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<H5>G.2.2 Scenario 2: Running MRTG on a separate server</H5>
+<P>Create the shell script "/usr/home/user/bin/input.sh" on
+a separate server.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>#!/bin/sh
+
+#######################################
+##
+## input data for MRTG
+##
+## 1 line : IPv6 Users
+## 2 line : Total Users
+## 3 line : uptime
+## 4 line : comment for data
+##
+#######################################
+
+# tmp file name
+file="/tmp/opengate.tmp"
+
+# URL of output.sh at opengate
+url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh"
+
+fetch -o $file $url &> /dev/null
+
+more $file</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P STYLE="TEXT-INDENT: 0in">Create the shell script
+"/usr/local/apache2/cgi-bin/output.sh" on the Opengate
+(gateway) server, and set the URL to $url, as explained above.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>#!/bin/sh
+
+#######################################
+##
+## show opengate status for MRTG
+##
+## 1 line : IPv6 Users
+## 2 line : Total Users
+## 3 line : uptime
+## 4 line : comment for data
+##
+#######################################
+
+LANG=C
+COLUMNS=256
+
+export LANG
+export COLUMNS
+
+### IPv6 prefix
+prefix="2001:2f8:22:801:"
+###opengateprocessname
+process="opengatesrv.cgi"
+
+###tmp file name
+tmp_all="/tmp/og_count_all.tmp"
+tmp_6="/tmp/og_count_6.tmp"
+
+######################################################
+psax | grep $process > $tmp_all
+COUNT = `wc-l $tmp_all | awk '{print $1}'`
+grep $prefix $tmp_all > $tmp_6
+COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
+UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
+rm $tmp_all
+rm $tmp_6
+
+echo "Content-type: text/plain; charset=iso-8859-1"
+echo
+
+echo "$COUNT6"
+echo "$COUNT"
+echo "$UPTIME"
+echo "Opengate User Counter"</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P>Run "input.sh" on another server and confirm that you
+can acquire the following data:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>5
+48
+10days
+Opengate User Counter</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>
+
+<H4><!-- ************ 3 ************** -->
+<A href="#mrtg3" name=mrtg3>G.3 Confirming MRTG Startup Operation:</A></H4>
+
+<P>Use the following command to confirm MRTG is working with your
+config:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE># /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P STYLE="TEXT-INDENT: 0in">Various WARNING messages are output the
+first and second time, this is normal behavior <BR>(as explained in
+the MRTG documentation)!<BR>Some files are created in "WorkDir".</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>> ls -l
+-rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png
+-rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png
+-rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png
+-rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png
+-rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png
+-rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png
+-rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png
+-rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html
+-rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log
+-rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>
+
+<H4><!-- ************ 4 ************** -->
+<A href="#mrtg4" name=mrtg4>G.4 Registering to Crontab</A></H4>
+
+<P>Add the following line to "/etc/crontab":</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+ <TR>
+ <TD>
+ <PRE>*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>
+ </TD>
+ </TR>
+</TABLE>
+<P ALIGN=right><A href="#mrtg0">back</A> <A href="#top">top</A></P>
+
+
+<H3><!-- Start:Install rulechk -->
+<A href="#rulechk" name=rulechk>H rulechk Installation (Optional)</A></H3>
+
+<P>This section is optional. <BR>When the
+Opengate process is not exited normally, superfluous rules might be
+left behind. <BR>Though it is
+very rare, the tools/rulechk script is made to handle such situations. This
+script compares the Opengate process list and the firewall rule list, and
+deletes the obsolete rules.<BR>This script is compatible with Opengate Ver1.3.1 or above.
+</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#rulechk">back</A> <A href="#top">top</A></P>
+</BODY>
+</HTML>
OSDN Git Service
