From: watanaby <>
Date: Wed, 16 Sep 2009 06:52:44 +0000 (+0000)
Subject: Ver.1.5.0: removed java, added ipfw tag, cookie, sqlite, etc.
X-Git-Url: http://git.osdn.net/view?p=opengate%2Fopengate.git;a=commitdiff_plain;h=9625962041d10f1d81d13a29fb37ca92c57b3e41

Ver.1.5.0: removed java, added ipfw tag, cookie, sqlite, etc.
---

diff --git a/opengate/README b/opengate/README
index ea16655..d2db166 100644
--- a/opengate/README
+++ b/opengate/README
@@ -30,8 +30,7 @@ Content of this archive
 README		This file
 
 conf/		Configuration files
-  rc.firewall.sample	Script of sample IPv4 firewall configuration
-  rc.firewall6.sample	Script of initail IPv6 firewall configuration
+  rc.firewall.sample	Script of sample firewall configuration
   ipfwctl.pl.sample	Perl script executed by opengate(not use in default)
   opengatesrv.conf.sample	Sample file for Opengate configuration 
 
@@ -47,17 +46,12 @@ doc/		Documentation files
    errcheck.html	Error checking list(not up to date)
  
 javahtml/	Client Java Applet and HTML files
-  Opengate.class	Java Applet main executable file
-  Opengate.jar		Java Applet archive file
-  Opengate.java		Java Applet source file
-  OpengateClient.class	Java Applet sub executable file
   index.html.var	Document selector placed in DocumentRoot
   httpkeep.js		JavaScript code for http keep-alive
   md5.js		JavaScript code for MD5 hash
   favicon.ico		favorite icon
 
   en/ & ja/		HTML files for each language
-    accept-java.html	Accept message page for java mode
     accept-http.html	Accept message page for http mode
     accept-time.html	Accept message page for timeout mode
     accept2.html	Second accept message page(for start browsing)
diff --git a/opengate/conf/ipfwctrl.pl.sample b/opengate/conf/ipfwctrl.pl.sample
index 2d36837..460a15f 100644
--- a/opengate/conf/ipfwctrl.pl.sample
+++ b/opengate/conf/ipfwctrl.pl.sample
@@ -4,21 +4,21 @@
 ###   (In default this script is disabled. See opengatesrv.conf.)
 ###   (Consider setting by ipfw rule or opengatesrv.conf before use this)
 
-($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty)=@ARGV;
+($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber)=@ARGV;
 close STDOUT; close STDERR; close STDIN;
 
 
 ## add ipfw rules
 system "$ipfwpath","-q","add","$rulenumber",
-    "allow","ip","from","$clientaddr","to","any";
+    "count","tag","$ipfwtagnumber","ip","from","$clientaddr","to","any";
 
 system "$ipfwpath","-q","add","$rulenumber",
-    "allow","ip","from","any","to","$clientaddr";
+    "count","tag","$ipfwtagnumber","ip","from","any","to","$clientaddr";
 
 ## remove process attached to the same user on different ip address.
 ## if you allow multi-login, comment out next line.
 removeSameUserProc
-    ($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty);
+    ($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber);
 
 exit 0;
 
@@ -152,21 +152,22 @@ If you are confused, return to the following default script.
 =====================================================
 #!/usr/bin/perl
 
-# get parameters
-($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr)=@ARGV;
-
-# close web server I/O
+($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber)=@ARGV;
 close STDOUT; close STDERR; close STDIN;
 
-# allow all packets incomming to the client.
+
+## add ipfw rules
 system "$ipfwpath","-q","add","$rulenumber",
-    "allow","ip","from","any","to","$clientaddr";
+    "count","tag","$ipfwtagnumber","ip","from","$clientaddr","to","any";
 
-# allow all packets outgoing from the client.
 system "$ipfwpath","-q","add","$rulenumber",
-    "allow","ip","from","$clientaddr","to","any";
+    "count","tag","$ipfwtagnumber","ip","from","any","to","$clientaddr";
+
+## remove process attached to the same user on different ip address.
+## if you allow multi-login, comment out next line.
+removeSameUserProc
+    ($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty,$ipfwtagnumber);
 
 exit 0;
-__END__
 ======================================================
 
diff --git a/opengate/conf/opengatesrv.conf.sample b/opengate/conf/opengatesrv.conf.sample
index 13d3f86..7fed7b5 100644
--- a/opengate/conf/opengatesrv.conf.sample
+++ b/opengate/conf/opengatesrv.conf.sample
@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<Opengate ConfigVersion="1.4.23">
+<Opengate ConfigVersion="1.5.0">
 
 <!-- ################################################# 
      ####### NEED TO MODIFY FOLLOWING PARAMETERS #####  -->
@@ -16,7 +16,6 @@
 	<AuthServer>
 		<Protocol>pop3s</Protocol>
 		<Address>192.168.0.2</Address>
-		<Timeout>10</Timeout>
 	</AuthServer>
 
 <!-- ########################################################## 
@@ -34,7 +33,7 @@
 	<!-- Set 2 to write many information to syslog -->
 	<Debug>1</Debug>
 
-	<!-- client usage watch mode in default('Java', 'Http', or 'Time') -->
+	<!-- client usage watch mode in default('Http', or 'Time') -->
 	<WatchMode>Http</WatchMode>
 	
 	<!-- Syslog (local0, local1, .., local7)-->
@@ -43,15 +42,17 @@
 		<Facility>local1</Facility>
 	</Syslog>
 
+	<!-- SQLite database file -->
+	<SqliteDb>/tmp/opengate.db</SqliteDb>
+
 	<!-- Allowable duration for users to use network(seconds) -->
-	<!-- If no connection with java/http, network is closed after this. -->
+	<!-- If no connection with http, network is closed after this. -->
 	<Duration>
 		<Default>300</Default>
 		<Max>3600</Max>
 	</Duration>
 	
 	<!-- Client Live Check (seconds) -->
-	<!-- In JAVA connection, send HELLO and get reply. -->
 	<!-- In HTTP connection, existance of HELLO request. -->
 	<!-- In no connection, check mac address mismatch and no packet. -->
 	<ActiveCheckInterval>50</ActiveCheckInterval>
@@ -66,27 +67,16 @@
 		<SkipAgentPattern>^$</SkipAgentPattern>
 	</HttpWatch>
 
-	<!-- Watch client with Java Applet -->
-	<JavaWatch>
-		<!-- HTTP_USER_AGENT ignoring java watch mode -->
-		<!-- defined by "POSIX Extended Regular Expression" -->
-		<SkipAgentPattern>^$</SkipAgentPattern>
-	</JavaWatch>
-
-	<!-- IPFW rule number range used by opengate -->
+	<!-- IPFW rule number range and tag number used by opengate -->
 	<IpfwRule>
 		<Min>10000</Min>
 		<Max>40000</Max>
 		<Interval>2</Interval>
 	</IpfwRule>
 
-	<!-- IP6FW rule number range used by opengate -->
-	<Ip6fwRule>
-		<Min>10000</Min>
-		<Max>40000</Max>
-		<Interval>2</Interval>
-	</Ip6fwRule>
-	
+	<!-- IPFW Tag number used in rc.firewall -->
+	<IpfwTagNumber>123</IpfwTagNumber>
+
 	<!-- Port number range used by opengate -->
 	<ListenPort>
 		<Min>30000</Min>
@@ -96,9 +86,6 @@
 	<!-- communication reply timeout(second) -->
 	<CommWaitTimeout>10</CommWaitTimeout>
 
-	<!-- Java connection timeout(second) -->
-	<JavaWaitTimeout>600</JavaWaitTimeout>
-
 	<!-- http reconnect timeout(second) -->
 	<ReconnectTimeout>180</ReconnectTimeout>
 
@@ -113,7 +100,7 @@
 	<HtmlLangs>en ja</HtmlLangs>
 
 	<!-- Path to Apache Contents -->
-	<DocumentRoot>/usr/local/www/data</DocumentRoot>
+	<DocumentRoot>/usr/local/www/apache22/data</DocumentRoot>
 	<CgiDir>/cgi-bin</CgiDir>
 	<OpengateDir>/opengate</OpengateDir>
 
@@ -121,7 +108,6 @@
 	<DenyDoc>deny.html</DenyDoc>
 	<DenyDocSsl>deny-ssl.html</DenyDocSsl>
 	<AcceptDocHttp>accept-http.html</AcceptDocHttp>
-	<AcceptDocJava>accept-java.html</AcceptDocJava>
 	<AcceptDocTime>accept-time.html</AcceptDocTime>
 	<AcceptDoc2>accept2.html</AcceptDoc2>
 	<AuthDoc>index.html</AuthDoc>
@@ -129,13 +115,14 @@
 	<FwdDoc>topindex.html</FwdDoc>
 	<RetryDoc>retry.html</RetryDoc>
 	<HttpKeepDoc>httpkeep.html</HttpKeepDoc>
+	<SkipAuthDoc>skip-auth.html</SkipAuthDoc>
 
 	<!-- CGI programs -->
 	<AuthCgi>opengateauth.cgi</AuthCgi>
 	<FwdCgi>opengatefwd.cgi</FwdCgi>
 	<MainCgi>opengatesrv.cgi</MainCgi>
 
-	<!-- Java Script (in opengate dir) -->
+	<!-- JavaScript (in opengate dir) -->
 	<HttpKeepJS>httpkeep.js</HttpKeepJS>
 	<Md5JS>md5.js</Md5JS>
 
@@ -143,7 +130,7 @@
 	<ExternalUrl>http://www.google.com/</ExternalUrl>
 
 	<!-- Url to start browsing after authentication -->
-	<!-- if type=0, use acceptdoc2. if type=1, use below url -->
+	<!-- type:0=acceptdoc2.html,1=below Url,2=redirected(requested) Url -->
 	<StartPage>
 		<Type>0</Type>
 		<Url>http://www.yahoo.com/</Url>
@@ -153,7 +140,6 @@
 	<ArpPath>/usr/sbin/arp</ArpPath>
 	<NdpPath>/usr/sbin/ndp</NdpPath>
 	<IpfwPath>/sbin/ipfw</IpfwPath>
-	<Ip6fwPath>/sbin/ipfw</Ip6fwPath>
 	<PsPath>/bin/ps</PsPath>
 
 	<!-- Ipfw is opened via perl script(1) or direct from C(0) -->
@@ -162,12 +148,6 @@
 		<Path>/etc/opengate/ipfwctrl.pl</Path>
 	</IpfwScript>
 
-	<!-- Ip6fw is opened via perl script(1) or direct from C(0) -->
-	<Ip6fwScript>
-		<Enable>0</Enable>
-		<Path>/etc/opengate/ipfwctrl.pl</Path>
-	</Ip6fwScript>
-
 	<!-- Lock file for exclusive exec to prevent overlapped rule number -->
 	<LockFile>/tmp/opengate.lock</LockFile>
 
@@ -184,6 +164,8 @@
 			<Address>192.168.0.1</Address>
 			<Protocol>ftp</Protocol>
 		</AuthServer>
+		<IpfwTagNumber>999</IpfwTagNumber>
+
 	</ExtraSet>
         ## End of sample 1 ##  -->
 
@@ -212,6 +194,7 @@
 			<Facility>local2</Facility>
 		</Syslog>
 	</ExtraSet>
+	## Caution: if no userid is entered, set as userid="?"  ##
         ## End of sample 3 ##  -->
 
 </Opengate> 
diff --git a/opengate/conf/rc.firewall.sample b/opengate/conf/rc.firewall.sample
index a8a45c9..339bf53 100644
--- a/opengate/conf/rc.firewall.sample
+++ b/opengate/conf/rc.firewall.sample
@@ -55,17 +55,28 @@ $fwcmd add pass all from any to any frag
 $fwcmd add pass udp from fe80::/10 521 to ff02::9 521
 $fwcmd add pass udp from fe80::/10 521 to fe80::/10 521
 
+############Taggged rules############################
+## Opengate add following rules after authentication
+##   count tag <TagNo> ip from any to <ClientAddr>
+##   count tag <TagNo> ip from <ClientAddr> to any
+## <TagNo> : IpfwTagNumber in opengatesrv.conf
+## <ClientAddr> :IP address of authenticated client
+
+$fwcmd add 60000 allow ip from any to any tagged 123
+
+################################################
+
 ### Forwarding IPv4 http connection from unauth client 
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 443
+$fwcmd add 60100 fwd localhost tcp from ${inet}:${imask} to any 80
+$fwcmd add 60100 fwd localhost tcp from ${inet}:${imask} to any 443
 
 ### Allow http reply for forwarded request 
 ### (it is sent out from localhost but has original source address)
-$fwcmd add 60100 pass tcp from any 80 to any out
-$fwcmd add 60100 pass tcp from any 443 to any out
+$fwcmd add 60110 pass tcp from any 80 to any out
+$fwcmd add 60120 pass tcp from any 443 to any out
 
 # TCP reset notice message for IPv6 http connection
-$fwcmd add 60200 reset tcp from any to any 80
-$fwcmd add 60300 reset tcp from any to any 443
+$fwcmd add 60130 reset tcp from any to any 80
+$fwcmd add 60140 reset tcp from any to any 443
 
 
diff --git a/opengate/conf/rc.firewall4.sample b/opengate/conf/rc.firewall4.sample
deleted file mode 100644
index fc838c8..0000000
--- a/opengate/conf/rc.firewall4.sample
+++ /dev/null
@@ -1,42 +0,0 @@
-### set these to your outside interface network and netmask and ip
-oif="fxp1"
-onet="192.168.0.0"
-omask="255.255.255.0"
-oip="192.168.0.124"
-
-### set these to your inside interface network and netmask and ip
-iif="fxp0"
-inet="192.168.1.0"
-imask="255.255.255.0"
-iip="192.168.1.1"
-
-fwcmd="/sbin/ipfw"
-
-### divert packet to NATD 
-$fwcmd add 1 divert natd ip from any to any via ${oif}
-
-### Stop spoofing
-$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
-$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
-
-### Allow from / to myself
-$fwcmd add pass all from ${iip} to any via ${iif}
-$fwcmd add pass all from ${oip} to any via ${oif}
-$fwcmd add pass all from any to ${iip} via ${iif}
-$fwcmd add pass all from any to ${oip} via ${oif}
-
-### Allow DNS queries out in the world
-### (if DNS is on localhost, delete passDNS)
-$fwcmd add pass udp from any 53 to any
-$fwcmd add pass udp from any to any 53
-$fwcmd add pass tcp from any to any 53
-$fwcmd add pass tcp from any 53 to any
-
-### Forwarding http connection from unauth client 
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 443
-
-### Allow http reply for forwarded request 
-### (it is sent out from localhost but has original source address)
-$fwcmd add 60100 pass tcp from any 80 to any out
-$fwcmd add 60100 pass tcp from any 443 to any out
diff --git a/opengate/conf/rc.firewall6.sample b/opengate/conf/rc.firewall6.sample
deleted file mode 100644
index 397dc75..0000000
--- a/opengate/conf/rc.firewall6.sample
+++ /dev/null
@@ -1,33 +0,0 @@
-### set these to your outside interface network and prefixlen and ip
-oif="fxp1"
-onet="fe80::"
-oprefixlen="64"
-oip="fe80::202:b3ff:fe0a:c30e"
-
-### set these to your inside interface network and prefixlen and ip
-iif="fxp0"
-inet="2001:2f8:22:802::"
-iprefixlen="64"
-iip="2001:2f8:22:802::1"
-
-### path to command "ip6fw"
-fw6cmd="/sbin/ip6fw"
-
-${fw6cmd} add pass all from ${iip} to any
-${fw6cmd} add pass all from any to ${iip}
-${fw6cmd} add pass all from ${oip} to any
-${fw6cmd} add pass all from any to ${oip}
-
-### Allow RA RS NS NA Redirect...
-${fw6cmd} add pass ipv6-icmp from any to any
-
-# Allow IP fragments to pass through
-${fw6cmd} add pass all from any to any frag
-
-# Allow RIPng
-${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521
-${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521
-
-# TCP reset notice message
-${fw6cmd} add 60200 reset tcp from any to any 80
-${fw6cmd} add 60300 reset tcp from any to any 443
diff --git a/opengate/doc/Changes.html b/opengate/doc/Changes.html
index a542a7e..f7f7454 100644
--- a/opengate/doc/Changes.html
+++ b/opengate/doc/Changes.html
@@ -619,12 +619,20 @@ Opengate History</H3>
 	Changed value of ActiveCheckInterval. Modified install.html. 
 	</DD><DT>
 	Ver.1.4.37 at 2009.8.18 
-	</DT><DD>
+	</DT><DD STYLE="margin-bottom: 0.2in">
 	Fixed Radius error. 
 	</DD><DT>
-	Ver.1.4.38 at 2009.9.1
+	Ver.1.4.38 at 2009.8.28
 	</DT><DD>
 	Modified english document.(No modification to source) 
+	</DD><DT>
+	Ver.1.5.0 at 2009.9.11
+	</DT><DD>
+	Removed JavaApplet mode. Removed ip6fw command.  
+	Added firewall tag rule. Added Sqlite3 database.
+	Added cookie authentication. 
+	Added function to return to requested url.
+	Use carefully, as this is a preliminary	release. 
 	</DD>
 	</DL>
 <P>
diff --git a/opengate/doc/en/errcheck.html b/opengate/doc/en/errcheck.html
index 3b64df4..163373e 100644
--- a/opengate/doc/en/errcheck.html
+++ b/opengate/doc/en/errcheck.html
@@ -21,7 +21,6 @@ Opengate uses following files, where the directorys are default. Is these files
 <br>
  /usr/local/www/data/index.html.var<br>
  /usr/local/www/cgi-bin/opengate/(opengatesrv.cgi, opengatefwd.cgi, opengateauth.cgi)<br>
- /usr/local/www/data/opengate/(Opengate.jar, Opengate.class, OpengateOlient.class)<br>
  /usr/local/www/data/opengate/(ja, en)/(topindex.html, index.html, index-ssl.html, accept.html, accept2.hmtl, deny.html, deny-ssl.html, retry.html)<br>
  /etc/opengate/(opengatesrv.conf, rc.firewall, rc.irewall6, ipfwctrl.pl): Copy from *.sample<br>
  /var/log/opengate.log<br>
@@ -167,7 +166,7 @@ Following is the list of errors and the descriptions at each execution step in t
 <LI>Apache server sends back EndWebAndRetry Page.</LI>
 <UL>
 <LI>Opengate denys the overlapped request from the client already opened. </LI>
-<LI>For no-java client, opengate cannot close the network immediately at browser closing. The network for the client is opened for a while.</LI>
+<LI>For no-javascript client, opengate cannot close the network immediately at browser closing. The network for the client is opened for a while.</LI>
 </UL>
 
 <LI>Apache sends back Internal error or FileNotFound error.</LI>
@@ -183,10 +182,7 @@ Following is the list of errors and the descriptions at each execution step in t
 <UL>
 <LI>Yellow bar is not displayed.</LI>
 <UL>
-<LI>Java Applet does not run. Set up Java VM.</LI>
-<LI>If ClassNotFound message is displayed, check the directory of Java-class/jar files and applet description in the page.</LI>
-<LI>In no-Java mode, the network is opened for a while. the closing occurs when (a)specified duration is passed, (b)terminate link is clicked, (c)correspondence between IP address and MAC address is changed, (d)no packet is passed during a specific time length.</LI>
-<LI>If you want to be compatible with Microsoft VM, the applet should be compiled as "javac -target 1.1 Opengate.java". In some environment, additional option "-source 1.2" or "-source 1.3" might be needed.</LI>
+<LI>In no-Javascript mode, the network is opened for a while. the closing occurs when (a)specified duration is passed, (b)terminate link is clicked, (c)correspondence between IP address and MAC address is changed, (d)no packet is passed during a specific time length.</LI>
 </UL>
 </UL>
 <P></P>
@@ -199,7 +195,7 @@ Following is the list of errors and the descriptions at each execution step in t
 <UL>
 <LI>If JavaScript is disabled, the window is not popped up.</LI>
 <LI>If the browser does not permit popup, the window is not popped up.</LI>
-<LI>To cope with these client, the start page link is prepared. Another window is prepared to save the window that runs Java Applet.</LI>
+<LI>To cope with these client, the start page link is prepared. Another window is prepared to save the window that runs JavaScript.</LI>
 </UL>
 </UL>
 <P></P>
@@ -216,8 +212,8 @@ Following is the list of errors and the descriptions at each execution step in t
 
 <LI>The communication is permitted for a while, but is not after some duration.</LI>
 <UL>
-<LI>For no-Java mode, see above description.</LI>
-<LI>When Java runs, the network is closed in the following conditions, (a)Java Applet is terminated (includes browser or OS termination), (b)Java Applet returns no reply to hello, (c)no packet is passed during a specific time length.</LI>
+<LI>For no-JavaScript mode, see above description.</LI>
+<LI>When JavaScript runs, the network is closed in the following conditions, (a)JavaScript is terminated (includes browser or OS termination), (b)JavaScript returns no reply to hello.</LI>
 </UL>
 
 </UL>
@@ -225,7 +221,7 @@ Following is the list of errors and the descriptions at each execution step in t
 
 <!-- ******************** -->
 
-<LI>The message in yellow bar is changed every 10 minutes.</LI>
+<LI>The message in yellow bar is changed every few minutes.</LI>
 
 <UL>
 <LI>The message is not changed.</LI>
@@ -243,7 +239,7 @@ Following is the list of errors and the descriptions at each execution step in t
 <UL>
 <LI>The authetication is not requested and accessed external page is displayed.</LI>
 <UL>
-<LI>When JavaApplet is not active, closing the network is delayed for a while. </LI>
+<LI>When JavaScript is not active, closing the network is delayed for a while. </LI>
 <LI>The deletion of allow rule in ipfw might be skipped when the opengate process is terminated abnormally. A script is prepared in tools directory to cope with the mistake.</LI>
 <LI>In some OS, the close button might mean resident behind the display.</LI>
 </UL>
diff --git a/opengate/doc/en/install.html b/opengate/doc/en/install.html
index 81c21ce..cf66478 100644
--- a/opengate/doc/en/install.html
+++ b/opengate/doc/en/install.html
@@ -1,1403 +1,1428 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<HTML>
-<HEAD>
-	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
-	<TITLE>Opengate Install</TITLE>
-
-</HEAD>
-<BODY LANG="en-US" BGCOLOR="#fafff0" DIR="ltr">
-<H2><A href="#top" name=top><FONT SIZE=4>Opengate Installation
-Procedure</FONT></A></H2>
-
-<!-- Start:content table -->
-<UL>
-	<LI><A href="#outline0">Outline</A>
-		
-	<UL>
-		<LI><A href="#outline1">System Configuration</A>  </LI>
-		<LI><A href="#outline2">Installation Procedure</A>  </LI>
-		<LI><A href="#outline3">Support Page</A></LI>
-	</UL>
-	<LI><A href="#freebsd0">FreeBSD Installation</A>  </LI>
-	<UL>
-		<LI><A href="#freebsd1">Basic Installation</A>  </LI>
-		<LI><A href="#freebsd2">Adding NAT and Firewall</A>  </LI>
-		<LI><A href="#freebsd3">Setting up IPv6</A></LI>
-	</UL>
-	<LI><A href="#bind0">BIND9 Installation (Optional)</A>  </LI>
-	<UL>
-		<LI><A href="#bind1">Ports Installation</A> </LI>
-		<LI><A href="#bind2">Making RNDC Key</A> </LI>
-		<LI><A href="#bind3">Setting up named.conf</A>  </LI>
-		<LI><A href="#bind4">Creating a Zone file</A>  </LI>
-		<LI><A href="#bind5">Checking Behavior</A></LI>
-	</UL>
-	<LI><A href="#dhcp0">isc-dhcp3 Installation (Optional)</A> 
-	<UL>
-		<LI><A href="#dhcp1">Ports Installation</A> </LI>
-		<LI><A href="#dhcp2">Setting up DHCP</A></LI>
-	</UL>
-	<LI><A href="#apache0">Apache2 Installation</A> </LI>
-	<UL>
-		<LI><A href="#apache1">Ports Installation</A> </LI>
-		<LI><A href="#apache2">Making Certificates</A>  </LI>
-		<LI><A href="#apache3">Setting up VirtualHost</A>  </LI>
-		<LI><A href="#apache4">Other Settings and Checking the Installation</A></LI>
-	</UL>
-	<LI><A href="#opengate0">Opengate Installation</A> </LI>
-	<UL>
-		<LI><A href="#opengate1">Opengate Package</A>  </LI>
-		<LI><A href="#opengate2">Installation</A> </LI>
-		<LI><A href="#opengate3">Setting up Config File</A>  </LI>
-		<LI><A href="#opengate4">Setting up IPFW</A>  </LI>
-		<LI><A href="#opengate5">Setting up Syslog</A>  </LI>
-		<LI><A href="#opengate6">Checking Behavior</A>  </LI>
-		<LI><A href="#opengate7">Modifying Pages</A>  </LI>
-			</UL>
-	<LI><A href="#mrtg0">MRTG Install(Optional)</A>  </LI>
-	<UL>
-		<LI><A href="#mrtg1">Ports Installation</A> </LI>
-		<LI><A href="#mrtg2">Setting up MRTG</A> </LI>
-		<LI><A href="#mrtg3">Confirming MRTG Startup Operation</A> </LI>
-		<LI><A href="#mrtg4">Registering to Crontab</A> </LI>
-	</UL>
-	<LI><A href="#rulechk">rulechk Installation (Optional)</A> </LI>
-</UL>
-
-<BR><BR>
-<P></P><!-- End:content table --><!-- Start:Outline -->
-
-
-<H3><A href="#outline0" name=outline0>A&nbsp;Outline</A></H3>
-<UL>
-	<LI><A href="#outline1">System Configuration</A>  </LI>
-
-	<LI><A href="#outline2">Installation Procedure</A> </LI>
-</UL>
-
-<H4><!-- ************1************* -->
-<A href="#outline1" name=outline1>A.1&nbsp;System
-Configuration</A></H4>
-<UL>
-	<LI>Gateway Machine </LI>
-	<UL>
-		<LI>FreeBSD Ver 4.x, 5.x, 6.x or 7.x </LI>
-		<LI>Having two or more NICs </LI>
-	</UL></LI>
-</UL>
-<P>In this document, we use the system configuration as follows. The
-network connecting terminals is called "lower-side network" and
-the network having servers is called "upper-side network".</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>upper-side network:192.168.0.0/24, 2001:1:2:3/64
-Gateway to upper-side network:fxp1, 192.168.0.124, 2001:1:2:3::4
-Gateway to lower-side network:fxp0, 192.168.1.1, 2001:5:6:7::1
-lower-side network:192.168.1.0/24, 2001:5:6:7/64</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Opengate recognizes both IPv4 and IPv6 addresses, and controls
-both firewalls. It can be used for IPv4 control only if the FreeBSD
-environment is not set up for IPv6.</P>
-
-
-<H4><!-- ***********2************** -->
-<A href="#outline2" name=outline2>A.2&nbsp;Installation
-Procedure</A></H4>
-<P>The following steps are necessary to complete the installation of
-Opengate. <BR>Items marked with '*' are mandatory.</P>
-<UL>
-	<LI>FreeBSD Installation&nbsp;* </LI>
-
-	<LI>Adding the Firewall&nbsp;* </LI>
-
-	<LI>BIND9 Installation and Setup </LI>
-
-	<LI>DHCP Installation and Setup </LI>
-
-	<LI>Apache2 Installation and Setup&nbsp;*</LI>
-
-	<LI>Opengate Installation and Setup&nbsp;*</LI>
-</UL>
-
-
-<H4><!-- ***********3************** -->
-<A href="#outline3" name=outline3>A.2&nbsp;Support Page</A></H4>
-<P STYLE="MARGIN-BOTTOM: 0in">The Opengate support page can be
-consulted at: 
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>  http://www.cc.saga-u.ac.jp/opengate/index-e.html</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#outline0">back</A>&nbsp;<A href="#top">top</A></P>
-<HR>
-
-
-<!-- Start:FreeBSD Install-->
-<H3><A href="#freebsd0" name=freebsd0>B&nbsp;FreeBSD Installation</A></H3>
-<UL>
-	<LI><A href="#freebsd1">Basic Installation</A> </LI>
-	<LI><A href="#freebsd2">Adding NAT and Firewall</A> </LI>
-	<LI><A href="#freebsd3">Setting up IPv6</A> </LI>
-</UL>
-
-
-<H4><!-- ************1************* -->
-<A href="#freebsd1" name=freebsd1>B.1&nbsp;Basic Installation</A></H4>
-
-<P>Use FreeBSD4.x or later. FreeBSD6.1 or later is preferred. <BR>Choose
-distribution "Developer (Full sources, binaries and doc)" or
-"all" because we have to compile a custom kernel.</P>
-<P>Add the following line to "/etc/rc.conf", to enable the
-gateway function:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<P><CODE>gateway_enable="YES"</CODE></P>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#freebsd0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 2 ************** --><A href="#freebsd2" name=freebsd2>B.2&nbsp;Adding
-NAT and Firewall</A></H4>
-<P>Preparing the kernel to include IPFW and IP6FW functionality.</P>
-<P>Copy the kernel configuration file:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /usr/src/sys/i386/conf
-# cp GENERIC MYKERNEL</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Add the following lines to the kernel configuration file:</P>
-<P>A. FreeBSD6.0 or earlier</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>options IPDIVERT
-
-options IPFIREWALL
-options IPFIREWALL_FORWARD
-options IPFIREWALL_VERBOSE
-options IPFIREWALL_VERBOSE_LIMIT=100
-
-options IPV6FIREWALL
-options IPV6FIREWALL_VERBOSE
-options IPV6FIREWALL_VERBOSE_LIMIT=100
-
-options IPSEC
-options IPSEC_ESP
-options TCP_DROP_SYNFIN</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>B. FreeBSD6.1 or later</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>options IPDIVERT
-
-options IPFIREWALL
-options IPFIREWALL_FORWARD
-options IPFIREWALL_VERBOSE
-options IPFIREWALL_VERBOSE_LIMIT=100
-
-options IPSEC
-device crypto</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>compile and install the new kernel (incl. added support for IPFW
-and IP6FW).</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-<TR><TD>
-<PRE>#cd /usr/src
-#make buildkernel KERNCONF=MYKERNEL
-#make installkernel KERNCONF=MYKERNEL
-</PRE>
-</TD></TR>
-</TABLE>
-<P>It might be failed in old FreeBSD.&nbsp;&nbsp;In the case, execute the following.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-<TR><TD>
-<PRE># config MYKERNEL
-# cd ../compile/MYKERNEL
-# make depend
-# make
-# make install</PRE>
-</TD></TR>
-</TABLE>
-<P>"make clean" might be requested before "make
-depend". 
-</P>
-<P>Add the following lines to "/etc/rc.conf":</P>
-<P>a. FreeBSD6.0 or earlier</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>firewall_enable="YES"
-firewall_script="/etc/rc.firewall"
-firewall_type="open"
-
-ipv6_firewall_enable="YES"
-ipv6_firewall_script="/etc/rc.firewall6"
-ipv6_firewall_type="open"
-
-natd_enable="YES"
-natd_interface="fxp1"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>b. FreeBSD6.1 or later</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>firewall_enable="YES"
-firewall_script="/etc/rc.firewall"
-firewall_type="open"
-
-natd_enable="YES"
-natd_interface="fxp1"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>When enabling IPFW (and IP6FW), make sure
-to also set the firewall_type to 'OPEN', to prevent  unpredictable
-system behavior during installation. <BR>To enable NAT, set
-natd_enable to 'YES' and define the natd interface (Upper-side
-interface).</P>
-<P>Connect a client pc to the lower-side
-network and check the IPv4 behavior.<BR>Since DHCP is not yet set up,
-the client's network settings must be configured manually.</P>
-<P ALIGN=right><A href="#freebsd0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 3 ************** -->
-<A href="#freebsd3" name=freebsd3>B.3&nbsp;Setting up IPv6</A></H4>
-<P>If you need IPv4 only, this section can
-be skipped. <BR>Though explanation is omitted, many parameters, like
-the ones used in the following sample, can be set in /etc/rc.conf.
-<BR>It is advised to read up on IPv6 and carefully set up its
-parameters. 
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>##ENABLE IPv6
-ipv6_enable="YES"
-ipv6_network_interfaces="gif0 fxp0"
-
-##TUNNELLING INTERFACE
-gif_interfaces="gif0"
-gifconfig_gif0="192.168.0.124 192.168.0.126"
-
-##IPv6 ADDRESS 
-ipv6_prefix_fxp0="2001:5:6:7"
-ipv6_ifconfig_fxp0="2001:5:6:7::1 prefixlen 64"
-
-##ADVERTISE
-rtadvd_enable="YES"
-rtadvd_interfaces="fxp0"
-
-##DEFAULT GATEWAY
-ipv6_default_interface="gif0"
-ipv6_defaultrouter="fe80::a:b:c:d%gif0"
-
-##ROUTING(RIPv6)
-ipv6_gateway_enable="YES"
-ipv6_router_enable="YES"
-ipv6_router="/usr/sbin/route6d"
-ipv6_router_flags="-O 2001:5:6:7::/64,gif0"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Connect a client pc to the lower-side
-network and check the behavior of IPv6.<BR>On a Windows pc, the
-command "ipv6 install" might be needed to activate IPv6.</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#ipfw0">back</A>&nbsp;<A href="#top">top</A></P>
-<HR>
-
-
-<H3><!-- Start:BIND9 Install --><A href="#bind0" name=bind0>C&nbsp;BIND9
-Install(Optional)</A></H3>
-<UL>
-	<LI><A href="#bind1">Ports Install</A></LI>
-	<LI><A href="#bind2">Making RNDC Key</A></LI>
-	<LI><A href="#bind3">Setting up named.conf</A></LI>
-	<LI><A href="#bind4">Creating up a Zone file</A> </LI>
-	<LI><A href="#bind5">Checking Behavior</A> </LI>
-</UL>
-
-
-<H4><!-- ********** 1 *********** -->
-<A href="#bind1" name=bind1>C.1&nbsp;Ports Install</A></H4>
-
-<P>	You can ignore DNS
-settings, if you control with IP address base
-or use existing DNS servers.</P>
-<P>	Installing BIND9 from
-ports:<BR>	
-Note: The "sysinstall" command can also be used.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /usr/ports/dns/bind9/
-# make clean
-# make install clean ; rehash</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>During installation  the directory "/etc/namedb
-(/var/named/etc/namedb)" is created.</P>
-<P ALIGN=right><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ********** 2 ********** -->
-<A href="#bind2" name=bind2>C.2&nbsp;Making RNDC key</A></H4>
-<P>Use the "rndc" command to further secure BIND9.</P>
-<P>Create the rndc key as follows:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /etc/namebd/
-# rndc-confgen -b 512 &gt; rndc.conf</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>This will generate the "rndc.conf" file.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># Start of rndc.conf
-key "rndc-key" {
-        algorithm hmac-md5;
-        secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
-};
-
-options {
-        default-key "rndc-key";
-        default-server 127.0.0.1;
-        default-port 953;
-};
-# End of rndc.conf
-
-# Use with the following in named.conf, adjusting the allow list as needed:
-# key "rndc-key" {
-#       algorithm hmac-md5;
-#       secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
-# };
-# 
-# controls {
-#       inet 127.0.0.1 port 953
-#               allow { 127.0.0.1; } keys { "rndc-key"; };
-# };
-# End of named.conf</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ********* 3 ********* -->
-<A href="#bind3" name=bind3>C.3&nbsp;Setting up named.conf</A></H4>
-<P>After installation,  look for the
-"/etc/namedb/named.conf" file and copy the last half of the
-"rndc.conf" file to it, making sure to remove comments, and
-add IPv6 configuration where/if required.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># Use with the following in named.conf, adjusting the allow list as needed:
-key "rndc-key" {
-        algorithm hmac-md5;
-        secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
-};
-
-controls {
-        inet ::1 port 953 allow { ::1; } keys { "rndc-key"; };
-        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
-};
-# End of named.conf</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>For security reasons, it is better to write the "key"
-directive in the other file.</P>
-<P>Edit the "options" directive in "named.conf":</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>options {
-        directory "/etc/namedb";
-        pid-file "/var/run/named/pid";
-        auth-nxdomain yes;
-        listen-on-v6 { any; };
-};</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Create the corresponding "pid" directory.</P>
-<P ALIGN=right><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ******** 4 ********* -->
-<A href="#bind4" name=bind4>C.4&nbsp;Creating a  Zone file</A></H4>
-<P>Edit the "view" and "zone" directives in "named.conf".</P>
-<P>The "view" directive is implemented in BIND9. Replying
-to the inquiries from matched-clients, BIND9 sends the information as
-described in the corresponding "view"</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>view "og" {
-        match-clients
-        {
-        192.168.1.0/24;
-        };
-
-        recursion yes;
-
-        zone "." {
-                type hint;
-                file "named.root";
-        };
-
-        zone "og.saga-u.ac.jp" {
-                type master;
-                file "og.saga-u.ac.jp";
-        };
-
-        zone "0.0.127.IN-ADDR.ARPA" {
-                type master;
-                file "master/localhost.rev";
-        };
-
-        // RFC 3152
-        zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
-              0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
-                type master;
-                file "master/localhost-v6.rev";
-        };
-
-        // RFC 1886 -- deprecated
-        zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
-              0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
-                type master;
-                file "master/localhost-v6.rev";
-        };
-};</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P><BR>Make a "zone" file for the domain "og.saga-u.ac.jp".
-<BR>The domain name and IPv4/6 addresses should be modified properly.
-If you don't need IPv6, remove the line containing "AAAA ....".</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>$TTL    3600
-$ORIGIN og.saga-u.ac.jp.
-
-@       IN      SOA     ns.og.saga-u.ac.jp. postmaster (
-                        2005051702 ;
-                        3600
-                        1200
-                        2419200
-                        86400 )
-                IN      NS      ns.og.saga-u.ac.jp.
-                IN      A       192.168.1.1
-                IN      MX      10 opengate.og.saga-u.ac.jp.
-
-ns              IN      A       192.168.1.1
-
-opengate        IN      A       192.168.1.1
-                        AAAA    2001:5:6:7::1</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ********* 5 ********* -->
-<A href="#bind5" name=bind5>C.5&nbsp;Checking Behavior</A></H4>
-<P>Confirm starting of "named" after completings its
-configuration.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># /usr/local/sbin/named -u bind -c /etc/namedb/named.conf</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>If "named" starts without problems, add the following
-lines to "/etc/rc.conf" to allow it to automatically start
-on boot up.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>named_enable="YES"
-named_program="/usr/local/sbin/named"
-named_flags="-u bind -c /etc/namedb/named.conf"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Because the management of a DNS server
-can be complicated,  it is strongly advised to carefully read the
-BIND9 manual, and/or consult other documentation.</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<HR>
-<H3><!-- Start:isc-dhcp3 Install -->
-<A href="#dhcp0" name=dhcp0>D&nbsp;isc-dhcp3 Installation (Optional)</A></H3>
-<UL>
-	<LI><A href="#dhcp1">Ports Installation</A> 
-	<LI><A href="#dhcp2">Setting up DHCP</A> </LI>
-</UL>
-
-
-<H4><!-- *********** 1 ************* -->
-<A href="#dhcp1" name=dhcp1>D.1&nbsp;Ports Install</A></H4>
-<P>If many client PCs are going to be
-connected, using the DHCP service might be a desirable solution for
-assigning IP addresses to these clients.</P>
-<P>Installing isc-dhcp3 from ports:<BR>Note:
-the "sysinstall" command can also be used.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /usr/ports/net/isc-dhcp3-server
-# make clean
-# make install clean ; rehash</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#dhcp0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 2 ************** -->
-<A href="#dhcp2" name=dhcp2>D.2&nbsp;Setting up DHCP</A></H4>
-<P>The"/usr/local/etc/dhcpd.conf.sample"
- configuration file is created during installation. <BR>Copy
-"dhcpd.conf.sample" to "dhcpd.conf" and edit the
-file. <BR><BR>The following is an example setup: <BR>The lease time
-must be greater than the maximum usage duration (Duration/Max in
-opengatesrv.conf).<BR>The domain name and IP addresses should be
-modified. 
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>option domain-name "og.saga-u.ac.jp";
-option domain-name-servers 192.168.1.1;
-option subnet-mask 255.255.255.0;
-option broadcast-address 192.168.1.255;
-option routers 192.168.1.1;
-
-default-lease-time 86400;
-max-lease-time 604800;
-ddns-update-style none;
-log-facility local7;
-
-subnet 192.168.55.0 netmask 255.255.255.0 {
-  range 192.168.1.10 192.168.1.250;
-}</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Add the following lines to "/etc/rc.conf" to allow it to
-automatically start on boot up.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>dhcpd_enable="YES"
-dhcpd_ifaces="fxp0"
-dhcpd_conf="/usr/local/etc/dhcpd.conf"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>In this example, the value of
-"dhcpd_ifaces" is the interface providing the DHCP service
-<BR>(to the lower-side network).</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#dhcp0">back</A>&nbsp;<A href="#top">top</A></P>
-<HR>
-
-
-<H3><!-- Start:Apache2 Install--><A href="#apache0" name=apache0>E&nbsp;Apache2
-Installation</A></H3>
-<UL>
-	<LI><A href="#apache1">Ports Installation</A> </LI>
-	<LI><A href="#apache2">Making Certificates</A> </LI>
-	<LI><A href="#apache3">Setting up SSL</A></LI>
-	<LI><A href="#apache4">Other Settings and Checking the installation</A> </LI>
-</UL>
-
-
-<H4><!-- ************ 1 ************** --><A href="#apache1" name=apache1>E.1&nbsp;Ports
-Install</A></H4>
-<P>When using IPv6, Opengate needs Apache2
-to support IPv6. <BR>By default, Apache2 supports SSL which is
-preferred for secure authentication.</P>
-<P>Installing Apache2 from ports:<BR>Note:
-The "sysinstall" command can also be used.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /usr/ports/www/apache22
-# make clean
-# make install clean ; rehash</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#apache0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 2 ************** --><A href="#apache2" name=apache2>E.2&nbsp;Making
-Certificates</A></H4>
-<P>It is better to obtain a formal key from
-some CA. But we will show you how to create a self-signed private key
-and certificate. 
-</P>
-<P>Creating a private key:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /usr/local/etc/apache22
-# mkdir ssl.key ssl.crt
-# chmod 700 ssl.key ssl.crt
-
-# /usr/bin/openssl genrsa -out /usr/local/etc/apache22/server.key 1024</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P><BR>Making a certificate from the created key:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># /usr/bin/openssl req -new -x509 -days 365 \
-    -key /usr/local/etc/apache22/server.key \
-    -out /usr/local/etc/apache22/server.crt
-
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:JP
-State or Province Name (full name) [Some-State]:Saga
-Locality Name (eg, city) []:Saga-city
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
-Organizational Unit Name (eg, subsection) []:Opengate Management
-Common Name (eg, YOUR name) []:opengate.og.saga-u.ac.jp
-Email Address []:administrator@opengate.og.saga-u.ac.jp
-
-Please enter the following 'extra' attributes
-to be sent with your certificate request
-A challenge password []:
-An optional company name []:</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#apache0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 3 ************** --><A href="#apache3" name=apache3>E.3&nbsp;
-Setting up SSL</A></H4>
-<P>Edit "/usr/local/etc/apache22/extra/httpd-ssl.conf" as
-shown in the following example:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<P>ssl.conf 
-			</P>
-		</TD>
-	</TR>
-	<TR>
-		<TD>
-			<PRE>&lt;VirtualHost _default_:443&gt;
-    DocumentRoot "/usr/local/www/apache22/data"
-    ServerName opengate.og.saga-u.ac.jp:443
-    ServerAdmin administrator@opengate.og.saga-u.ac.jp
-    ErrorLog "|/usr/bin/logger -p local6.info"
-    CustomLog "|/usr/bin/logger -p local5.info" combined
-
-    SSLEngine on
-    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-    SSLCertificateFile /usr/local/etc/apache22/server.crt
-    SSLCertificateKeyFile /usr/local/etc/apache22/server.key
-&lt;/VirtualHost&gt;</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Since Apache2 has many settings,
-familiarize yourself with the Apache2 configuration options for
-adequate control.</P>
-<P ALIGN=right><A href="#apache0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 4 ************** --><A href="#apache4" name=apache4>E.4&nbsp;Other
-Settings and Checking the Installation</A></H4>
-<P>Edit "/usr/local/etc/apache22/httpd.conf" as follows:</P>
-<P>Opengate should send back the
-authentication page in response to any kind of HTTP request. <BR>To
-do so, add the following line to httpd.conf: <BR> (the top page will
-be sent back on an HTTP_ERROR 404 [file not found] error).</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>ErrorDocument 404 /</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P><BR>Add "ExecCGI" to allow executing CGI programs in the
-cgi-bin directory.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>&lt;Directory "/usr/local/www/cgi-bin"&gt;
-    ...
-    Options ExecCGI
-    ...
-&lt;/Directory&gt;</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Remove the comment mark ("#") to
-enable the following setting: 
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>AddHandler cgi-script .cgi
-AddHandler type-map .var</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Add "index.html.var" to
-DirectoryIndex: 
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>DirectoryIndex index.html.var index.html</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Include ssl conf file:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>Include etc/apache22/extra/httpd-ssl.conf</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Set ServerName: 
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>ServerName opengate.og.saga-u.ac.jp</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Start Apache2 with "apachectl start"
-and check for errors. <BR>If no errors are displayed, add the
-following lines to "/etc/rc.conf" to allow Apache to start
-on boot up:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>apache22_enable="YES"
-apache22ssl_enable="YES"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>If the system shows "Failed to
-enable the 'httpready' Accept Filter", add the following to
-/boot/loader.conf :</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>accf_http_load="YES"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Should the certificate require a PASSPHRASE, Apache will ask for it during
-boot up.<BR> If you do not enter the passphrase (reboot due to
-power outage, remote reboot, ,...), this will prevent <BR> the server from starting Apache normally, 
-i.e. leaving you with a possible "crippled" server.</P>
-<BLOCKQUOTE>
-<P>
-Easy fix:<BR>
-1. create a simple script containing the following:<BR>
-#!/bin/sh<BR>
-echo "&lt;passphrase goes here&gt;"<BR>
-<BR>2. add the following to	httpd.conf:<BR>
-SSLPassPhraseDialog exec:/path/to/above/script
-</P></BLOCKQUOTE>
-
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#apache0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<HR>
-<H3><!-- Start:Opengate Install -->
-<A href="#opengate0" name=opengate0>F&nbsp;Opengate Installation</A></H3>
-<UL>
-	<LI><A href="#opengate1">Opengate Package</A> 
-	<LI><A href="#opengate2">Installation</A> </LI>
-	<LI><A href="#opengate3">Setting up Config File</A> </LI>
-	<LI><A href="#opengate4">Setting up IPFW</A> </LI>
-	<LI><A href="#opengate5">Setting up syslog</A> </LI>
-	<LI><A href="#opengate6">Checking Behavior</A> </LI>
-	<LI><A href="#opengate7">Modifying Pages</A> </LI>
-</UL>
-
-
-<H4><!-- ************1************* -->
-<A href="#opengate1" name=opengate1>F.1&nbsp;Opengate
-Package</A></H4>
-<P>Unpack the Opengate compressed file: 
-</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># tar xzvf opengatexxxx.tar.gz</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>It contains the following directories:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>doc: Documentation
-conf: Configuration files and firewall control Perl script sample
-javahtml: Client Java Programs and  HTML files
-opengatesrv: Server CGI programs
-tools: Some related tools
-ezxml: XML parser (Copyright Aaron Voisine)</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************2************* -->
-<A href="#opengate2" name=opengate2>F.2&nbsp;Installation</A></H4>
-<P>Check the settings in "opengatesrv/Makefile" and modify
-if needed:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>HTMLTOP = /usr/local/www/apache22
-DOCDIR = /data
-CGIDIR = /cgi-bin
-OPENGATEDIR = /opengate
-CONFIGPATH = /etc/opengate</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Compile and Install:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># make clean
-# make install</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 3 ************** -->
-<A href="#opengate3" name=opengate3>F.3&nbsp;Setting up Config File</A></H4>
-
-<P>Copy the sample configuration file
-"/etc/opengate/opengatesrv.conf.sample" to
-"/etc/opengate/opengatesrv.conf" and modify. <BR>The
-following settings must be changed:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>        &lt;OpengateServerName&gt;opengate.og.saga-u.ac.jp&lt;/OpengateServerName&gt;
-
-        &lt;AuthServer&gt;
-                &lt;Protocol&gt;pop3s&lt;/Protocol&gt;
-                &lt;Address&gt;192.168.0.2&lt;/Address&gt;
-        &lt;/AuthServer&gt;</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>In &lt;OpengateServerName&gt;, set the
-HOSTNAME(FQDN) or IP address of the opengate gateway server. If you
-want to use IPv6, you need to set the FQDN corresponding to both IPv4
-and IPv6 addresses.</P>
-<P>In &lt;AuthServer&gt;, set the
-information for the authentication server. Opengate supports various
-authentication protocols. See the config file for details. <BR>To
-differentiate between erorrs caused by authentication server or those
-caused by the opengate server, try the following setting first. This
-means that any userid and password combination is accepted.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE> ****Do not use this setting in real service****
-        &lt;AuthServer&gt;
-                &lt;Protocol&gt;accept&lt;/Protocol&gt; 
-        &lt;AuthServer&gt;</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>The config file is XML. "#" marks in
-the file do not represent the start of a comment. <BR>Use
-XML-formatted comments like &lt;!-- Comment String --&gt; to disable
-a description.</P>
-<P>Opengate can pass authentication settings
-in the form of "userid@extid". <BR>See the config file for
-more details. <BR>By using this function, you can use different
-authentication servers for many sections or guests.</P>
-<P>When the primary authentication server
-does not reply, Opengate can resend the request to other
-authentication servers. See the config file for more details.</P>
-<P>Caution: Do not delete the IPv6 related
-settings in the config file! <BR>	   The IPv6 access is executed when
-the FQDN for IPv6 is prepared.</P>
-
-<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 4 ************** -->
-<A href="#opengate4" name=opengate4>F.4&nbsp;Setting up IPFW</A></H4>
-<P>Write IPFW rules for Opengate. 
-</P>
-<P>a. For FreeBSD6.0 or earlier</P>
-<P>IPv4 and Ipv6 rules are controlled by IPFW and IP6FW respectively
-.</P>
-<P>  Sample rule sets for both firewall
-types are prepared as "/etc/opengate/rc.firewall4.sample"
-and "/etc/opengate/rc.firewall6.sample"</P>
-<P>Copy these scripts and modify according to your needs.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /etc/opengate
-# cp rc.firewall4.sample rc.firewall4
-# cp rc.firewall6.sample rc.firewall6
-# vi rc.firewall4
-# vi rc.firewall6</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Modify the firewall settings in /etc/rc.conf as follows: <BR>  Be
-careful not to lock yourself out of the system after reloading the
-firewall.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>firewall_enable="YES"
-firewall_script="/etc/opengate/rc.firewall4"
-
-ipv6_firewall_enable="YES"
-ipv6_firewall_script="/etc/opengate/rc.firewall6"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>For Ipv6 support, change the path in "/etc/opengatesrv.conf"
-from &lt;Ip6fwPath&gt;/sbin/ipfw&lt;/Ip6fwPath&gt; to
-&lt;Ip6fwPath&gt;/sbin/ip6fw&lt;/Ip6fwPath&gt; 
-</P>
-<P>b. For FreeBSD6.1 or later</P>
-<P>Both IPv4 and IPv6 packets are controlled by IPFW.</P>
-<P>A sample rule set for IPFW can be found in
-"/etc/opengate/rc.firewall.sample"</P>
-<P>Copy the script and modify to fit your needs. <BR>   If you are
-not familiar with Ipv6, set IPv6 addresses as localhost (*net6="0",
-*ip6="::1").</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /etc/opengate
-# cp rc.firewall.sample rc.firewall
-# vi rc.firewall</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Modify the firewall settings in /etc/rc.conf as follows:<BR>  Be
-careful not to lock yourself out of the system after reloading the
-firewall.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>firewall_enable="YES"
-firewall_script="/etc/opengate/rc.firewall"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Familiarise yourself with the "ipfw" command. <BR>  The
-Opengate software sends out ipfw add/delete commands.</P>
-<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 5 ************** -->
-<A href="#opengate5" name=opengate5>F.5&nbsp;Setting
-up syslog</A></H4>
-<P>Edit /etc/syslog.conf to save log entries for Opengate.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>         | Separated by TAB code
-         V
-local1.*   /var/log/opengate.log</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Make the log file as follows: <BR>  Consider using log rotation to
-control the size of this log file.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># touch /var/log/opengate.log</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 6 ************** -->
-<A href="#opengate6" name=opengate6>F.6&nbsp;Checking
-Behavior</A></H4>
-<P>Connect a PC to the lower-side network
-and try to access a site in the upper-side network. <BR>If it does
-not work properly, consult doc/progflow.html and doc/protocol.txt to
-better understand the procedure. Also check the log files for
-Opengate, httpd, system and others. To dump more information from
-Opengate, set the &lt;Debug&gt; switch to "2" in
-opengatesrv.conf.  Also check the functions of related software. The
-error checking document (errcheck.html) and Q&amp;A documents
-(qa.html, recentqa.html on the web) can be used for problem solving.</P>
-<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 7 ************** -->
-<A href="#opengate7" name=opengate7>F.7&nbsp;Modifying
-Pages</A></H4>
-<P>If you want to modify the contents of the
-web pages, edit the html files in the Opengate directories. The
-relative path cannot be used in httpkeep.html. Use the full URL
-description. The descriptions such as %%XXX%% are variables replaced
-by their proper values during CGI runtime. 
-</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
-<HR>
-
-
-
-<HR>
-<H3><!-- Start:Install MRTG -->
-<A href="#mrtg0" name=mrtg0>G&nbsp;MRTG Installion (Optional)</A></H3>
-<UL>
-	<LI><A href="#mrtg1">Ports Installation</A> </LI>
-	<LI><A href="#mrtg2">Setting up MRTG</A> </LI>
-	<LI><A href="#mrtg3">Confirming proper startup</A>  </LI>
-	<LI><A href="#mrtg4">Setting up crontab</A> </LI>
-</UL>
-
-<H4><!-- ************ 1 ************** -->
-<A href="#mrtg1" name=mrtg1>G.1&nbsp;Ports Installation</A></H4>
-
-<P>This section is optional. <BR>   If you want to graphically
-monitor the state of Opengate, MRTG can be used but is not required.</P>
-<P><A HREF="http://people.ee.ethz.ch/%7Eoetiker/webtools/mrtg/" TARGET="_blank">MRTG<SPAN STYLE="TEXT-DECORATION: none">
-</SPAN></A>(Multi Router Traffic Grapher) is a system to monitor
-network traffic. MRTG produces graphic images and HTML files. 
-</P>
-<P>You can install MRTG on the gateway
-server or another server. If you need to monitor multiple Opengate
-systems, it is advised to install MRTG on a separate server.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># cd /usr/ports/net-mgmt/mrtg/
-# make clean
-# make install clean ; rehash</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H4><!-- ************ 2 ************** -->
-<A href="#mrtg2" name=mrtg2>G.2&nbsp;Setting up MRTG</A></H4>
-<P>MRTG creates
-"/usr/local/etc/mrtg/mrtg.cfg.sample" as the sample
-configuration file during installation. Copy mrtg.cfg.sample to
-opengate.cfg and edit the file:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>##################################################
-#  opengate user counter
-
-WorkDir: /usr/home/user/public_html/mrtg/opengate/
-
-##### Options
-Options[^]: growright,gauge,nopercent,integer
-
-Target[opengate]:`/usr/home/user/bin/input.sh`
-Title[opengate]: Opengate user counter
-
-PageTop[opengate]: &lt;h1&gt;Opengate user counter&lt;/h1&gt;
- &lt;p&gt;Show the number of people using Opengate&lt;/p&gt;
-
-# Max Number
-MaxBytes[opengate]: 200
-
-# Title of Y axis
-YLegend[opengate]: Opengate User
-# unit
-ShortLegend[opengate]: s
-# Title of graph LegendI: first line LegendO: second line
-LegendI[opengate]: IPv6 Users
-LegendO[opengate]: Total Users</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Be sure to actually create the directory
-which you appointed in "WorkDir". MRTG creates its graphic
-images and HTML files in "WorkDir"</P>
-<P>"Target[opengate]" contains the
-path to the program that hands its data to MRTG. <BR>(details
-explained below)</P>
-
-<H5>G.2.1&nbsp;Scenario 1: Running MRTG on the gateway server</H5>
-<P>Create the shell script "/usr/home/user/bin/input.sh"
-with the following contents:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>#!/bin/sh
-
-#######################################
-##
-## show opengate status for MRTG
-##
-##   1 line : IPv6 Users
-##   2 line : Total Users
-##   3 line : uptime
-##   4 line : comment for data
-##
-#######################################
-
-LANG=C
-COLUMNS=256
-
-export LANG
-export COLUMNS
-
-### IPv6 prefix
-prefix="2001:2f8:22:801:"
-###opengateprocessname
-process="opengatesrv.cgi" 
-
-###tmp file  name
-tmp_all="/tmp/og_count_all.tmp"
-tmp_6="/tmp/og_count_6.tmp"
-
-######################################################
-psax | grep $process &gt; $tmp_all
-COUNT = `wc-l $tmp_all | awk '{print $1}'` 
-grep $prefix $tmp_all &gt;  $tmp_6
-COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
-UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
-
-rm $tmp_all
-rm $tmp_6
-
-echo "$COUNT6"
-echo "$COUNT"
-echo "$UPTIME"
-echo "Opengate User Counter"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Run this shell script as standalone and confirm that you can
-acquire the following data:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>5
-48
-10days
-Opengate User Counter</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<H5>G.2.2&nbsp;Scenario 2: Running MRTG on a separate server</H5>
-<P>Create the shell script "/usr/home/user/bin/input.sh" on
-a separate server.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>#!/bin/sh
-
-#######################################
-##
-## input data for MRTG
-##
-##   1 line : IPv6 Users
-##   2 line : Total Users
-##   3 line : uptime
-##   4 line : comment for data
-##
-#######################################
-
-# tmp file name
-file="/tmp/opengate.tmp"
-
-# URL of output.sh at opengate
-url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh"
-
-fetch -o $file $url &amp;&gt; /dev/null
-
-more $file</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P STYLE="TEXT-INDENT: 0in">Create the shell script
-"/usr/local/apache2/cgi-bin/output.sh" on the Opengate
-(gateway) server, and set the URL to $url, as explained above.</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>#!/bin/sh
-
-#######################################
-##
-## show opengate status for MRTG
-##
-##   1 line : IPv6 Users
-##   2 line : Total Users
-##   3 line : uptime
-##   4 line : comment for data
-##
-#######################################
-
-LANG=C
-COLUMNS=256
-
-export LANG
-export COLUMNS
-
-### IPv6 prefix
-prefix="2001:2f8:22:801:"
-###opengateprocessname
-process="opengatesrv.cgi" 
-
-###tmp file name
-tmp_all="/tmp/og_count_all.tmp"
-tmp_6="/tmp/og_count_6.tmp"
-
-######################################################
-psax | grep $process &gt; $tmp_all 
-COUNT = `wc-l $tmp_all | awk '{print $1}'` 
-grep $prefix $tmp_all &gt;  $tmp_6
-COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
-UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
-rm $tmp_all
-rm $tmp_6
-
-echo "Content-type: text/plain; charset=iso-8859-1"
-echo
-
-echo "$COUNT6"
-echo "$COUNT"
-echo "$UPTIME"
-echo "Opengate User Counter"</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P>Run "input.sh" on another server and confirm that you
-can acquire the following data:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>5
-48
-10days
-Opengate User Counter</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></P>
-
-<H4><!-- ************ 3 ************** -->
-<A href="#mrtg3" name=mrtg3>G.3&nbsp;Confirming MRTG Startup Operation:</A></H4>
-
-<P>Use the following command to confirm MRTG is working with your
-config:</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE># /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P STYLE="TEXT-INDENT: 0in">Various WARNING messages are output the
-first and second time, this is normal behavior <BR>(as explained in
-the MRTG documentation)!<BR>Some files are created in "WorkDir".</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>&gt; ls -l
--rw-r--r--  1 root  wheel    538 12 14 04:40 mrtg-l.png
--rw-r--r--  1 root  wheel    414 12 14 04:40 mrtg-m.png
--rw-r--r--  1 root  wheel   1759 12 14 04:40 mrtg-r.png
--rw-r--r--  1 root  wheel   2941 12 20 15:15 opengate-day.png
--rw-r--r--  1 root  wheel   2146 12 20 14:35 opengate-month.png
--rw-r--r--  1 root  wheel   2867 12 20 14:55 opengate-week.png
--rw-r--r--  1 root  wheel   1897 12 20 05:00 opengate-year.png
--rw-r--r--  1 root  wheel   5961 12 20 15:15 opengate.html
--rw-r--r--  1 root  wheel  48786 12 20 15:15 opengate.log
--rw-r--r--  1 root  wheel  48784 12 20 15:10 opengate.old</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></P>
-
-<H4><!-- ************ 4 ************** -->
-<A href="#mrtg4" name=mrtg4>G.4&nbsp;Registering to Crontab</A></H4>
-
-<P>Add the following line to "/etc/crontab":</P>
-<TABLE CELLPADDING=2 CELLSPACING=2>
-	<TR>
-		<TD>
-			<PRE>*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>
-		</TD>
-	</TR>
-</TABLE>
-<P ALIGN=right><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></P>
-
-
-<H3><!-- Start:Install rulechk -->
-<A href="#rulechk" name=rulechk>H&nbsp;rulechk Installation (Optional)</A></H3>
-
-<P>This section is optional. <BR>When the
-Opengate process is not exited normally, superfluous rules might be
-left behind. <BR>Though it is 
-very rare, the tools/rulechk script is made to handle such situations. This 
-script compares the Opengate process list and the firewall rule list, and 
-deletes the obsolete rules.<BR>This script is compatible with Opengate Ver1.3.1 or above. 
-</P>
-<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#rulechk">back</A>&nbsp;<A href="#top">top</A></P>
-</BODY>
-</HTML>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML>
+<HEAD>
+	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
+	<TITLE>Opengate Install</TITLE>
+
+</HEAD>
+<BODY LANG="en-US" BGCOLOR="#fafff0" DIR="ltr">
+<H2><A href="#top" name=top><FONT SIZE=4>Opengate Installation
+Procedure</FONT></A></H2>
+
+<!-- Start:content table -->
+<UL>
+	<LI><A href="#outline0">Outline</A>
+		
+	<UL>
+		<LI><A href="#outline1">System Configuration</A>  </LI>
+		<LI><A href="#outline2">Installation Procedure</A>  </LI>
+		<LI><A href="#outline3">Support Page</A></LI>
+	</UL>
+	<LI><A href="#freebsd0">FreeBSD Installation</A>  </LI>
+	<UL>
+		<LI><A href="#freebsd1">Basic Installation</A>  </LI>
+		<LI><A href="#freebsd2">Adding NAT and Firewall</A>  </LI>
+		<LI><A href="#freebsd3">Setting up IPv6</A></LI>
+	</UL>
+	<LI><A href="#bind0">BIND9 Installation (Optional)</A>  </LI>
+	<UL>
+		<LI><A href="#bind1">Ports Installation</A> </LI>
+		<LI><A href="#bind2">Making RNDC Key</A> </LI>
+		<LI><A href="#bind3">Setting up named.conf</A>  </LI>
+		<LI><A href="#bind4">Creating a Zone file</A>  </LI>
+		<LI><A href="#bind5">Checking Behavior</A></LI>
+	</UL>
+	<LI><A href="#dhcp0">isc-dhcp3 Installation (Optional)</A> 
+	<UL>
+		<LI><A href="#dhcp1">Ports Installation</A> </LI>
+		<LI><A href="#dhcp2">Setting up DHCP</A></LI>
+	</UL>
+	<LI><A href="#apache0">Apache2 Installation</A> </LI>
+	<UL>
+		<LI><A href="#apache1">Ports Installation</A> </LI>
+		<LI><A href="#apache2">Making Certificates</A>  </LI>
+		<LI><A href="#apache3">Setting up VirtualHost</A>  </LI>
+		<LI><A href="#apache4">Other Settings and Checking the Installation</A></LI>
+	</UL>
+	<li class="list_alpha"><A href="#sqlite0">SQLite3 Installation</A>
+	<ul>
+		<li class="list_num"><A href="#sqlite1">Installation</A></li>
+		<li class="list_num"><A href="#sqlite2">Checking</A></li>
+	</ul></li>
+	<LI><A href="#opengate0">Opengate Installation</A> </LI>
+	<UL>
+		<LI><A href="#opengate1">Opengate Package</A>  </LI>
+		<LI><A href="#opengate2">Installation</A> </LI>
+		<LI><A href="#opengate3">Setting up Config File</A>  </LI>
+		<LI><A href="#opengate4">Setting up IPFW</A>  </LI>
+		<LI><A href="#opengate5">Setting up Syslog</A>  </LI>
+		<LI><A href="#opengate6">Checking Behavior</A>  </LI>
+		<LI><A href="#opengate7">Modifying Pages</A>  </LI>
+		<LI><A href="#opengate8">Setting up SQLite3</A>  </LI>
+			</UL>
+	<LI><A href="#mrtg0">MRTG Install(Optional)</A>  </LI>
+	<UL>
+		<LI><A href="#mrtg1">Ports Installation</A> </LI>
+		<LI><A href="#mrtg2">Setting up MRTG</A> </LI>
+		<LI><A href="#mrtg3">Confirming MRTG Startup Operation</A> </LI>
+		<LI><A href="#mrtg4">Registering to Crontab</A> </LI>
+	</UL>
+	<LI><A href="#rulechk">rulechk Installation (Optional)</A> </LI>
+</UL>
+
+<BR><BR>
+<P></P><!-- End:content table --><!-- Start:Outline -->
+
+
+<H3><A href="#outline0" name=outline0>A&nbsp;Outline</A></H3>
+<UL>
+	<LI><A href="#outline1">System Configuration</A>  </LI>
+
+	<LI><A href="#outline2">Installation Procedure</A> </LI>
+</UL>
+
+<H4><!-- ************1************* -->
+<A href="#outline1" name=outline1>A.1&nbsp;System
+Configuration</A></H4>
+<UL>
+	<LI>Gateway Machine </LI>
+	<UL>
+		<LI>FreeBSD Ver 6.1 or later </LI>
+		<LI>Having two or more NICs </LI>
+	</UL></LI>
+</UL>
+<P>In this document, we use the system configuration as follows. The
+network connecting terminals is called "lower-side network" and
+the network having servers is called "upper-side network".</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>upper-side network:192.168.0.0/24, 2001:1:2:3/64
+Gateway to upper-side network:fxp1, 192.168.0.124, 2001:1:2:3::4
+Gateway to lower-side network:fxp0, 192.168.1.1, 2001:5:6:7::1
+lower-side network:192.168.1.0/24, 2001:5:6:7/64</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Opengate recognizes both IPv4 and IPv6 addresses, and controls
+both firewalls. It can be used for IPv4 control only if the FreeBSD
+environment is not set up for IPv6.</P>
+
+
+<H4><!-- ***********2************** -->
+<A href="#outline2" name=outline2>A.2&nbsp;Installation
+Procedure</A></H4>
+<P>The following steps are necessary to complete the installation of
+Opengate. <BR>Items marked with '*' are mandatory.</P>
+<UL>
+	<LI>FreeBSD Installation&nbsp;* </LI>
+
+	<LI>Adding the Firewall&nbsp;* </LI>
+
+	<LI>BIND9 Installation and Setup </LI>
+
+	<LI>DHCP Installation and Setup </LI>
+
+	<LI>Apache2 Installation and Setup&nbsp;*</LI>
+
+	<LI>Opengate Installation and Setup&nbsp;*</LI>
+</UL>
+
+
+<H4><!-- ***********3************** -->
+<A href="#outline3" name=outline3>A.2&nbsp;Support Page</A></H4>
+<P STYLE="MARGIN-BOTTOM: 0in">The Opengate support page can be
+consulted at: 
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>  http://www.cc.saga-u.ac.jp/opengate/index-e.html</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#outline0">back</A>&nbsp;<A href="#top">top</A></P>
+<HR>
+
+
+<!-- Start:FreeBSD Install-->
+<H3><A href="#freebsd0" name=freebsd0>B&nbsp;FreeBSD Installation</A></H3>
+<UL>
+	<LI><A href="#freebsd1">Basic Installation</A> </LI>
+	<LI><A href="#freebsd2">Adding NAT and Firewall</A> </LI>
+	<LI><A href="#freebsd3">Setting up IPv6</A> </LI>
+</UL>
+
+
+<H4><!-- ************1************* -->
+<A href="#freebsd1" name=freebsd1>B.1&nbsp;Basic Installation</A></H4>
+
+<P>Use FreeBSD4.x or later. FreeBSD6.1 or later is preferred. <BR>Choose
+distribution "Developer (Full sources, binaries and doc)" or
+"all" because we have to compile a custom kernel.</P>
+<P>Add the following line to "/etc/rc.conf", to enable the
+gateway function:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<P><CODE>gateway_enable="YES"</CODE></P>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#freebsd0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 2 ************** --><A href="#freebsd2" name=freebsd2>B.2&nbsp;Adding
+NAT and Firewall</A></H4>
+<P>Preparing the kernel to include IPFW and IP6FW functionality.</P>
+<P>Copy the kernel configuration file:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># cd /usr/src/sys/i386/conf
+# cp GENERIC MYKERNEL</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Add the following lines to the kernel configuration file:</P>
+
+
+<TABLE CELLPADDING=2 CELLSPACING=2>
+<TR><TD>
+<PRE>options IPDIVERT
+
+options IPFIREWALL
+options IPFIREWALL_FORWARD
+options IPFIREWALL_VERBOSE
+options IPFIREWALL_VERBOSE_LIMIT=100
+
+options IPSEC
+device crypto</PRE>
+</TD></TR>
+</TABLE>
+
+<P>compile and install the new kernel (incl. added support for IPFW
+and IP6FW).</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+<TR><TD>
+<PRE>#cd /usr/src
+#make buildkernel KERNCONF=MYKERNEL
+#make installkernel KERNCONF=MYKERNEL
+</PRE>
+</TD></TR>
+</TABLE>
+<P>It might be failed in old FreeBSD.&nbsp;&nbsp;In the case, execute the following.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+<TR><TD>
+<PRE># config MYKERNEL
+# cd ../compile/MYKERNEL
+# make depend
+# make
+# make install</PRE>
+</TD></TR>
+</TABLE>
+<P>"make clean" might be requested before "make
+depend". 
+</P>
+<P>Add the following lines to "/etc/rc.conf":</P>
+<P>a. FreeBSD6.0 or earlier</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>firewall_enable="YES"
+firewall_script="/etc/rc.firewall"
+firewall_type="open"
+
+ipv6_firewall_enable="YES"
+ipv6_firewall_script="/etc/rc.firewall6"
+ipv6_firewall_type="open"
+
+natd_enable="YES"
+natd_interface="fxp1"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>b. FreeBSD6.1 or later</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>firewall_enable="YES"
+firewall_script="/etc/rc.firewall"
+firewall_type="open"
+
+natd_enable="YES"
+natd_interface="fxp1"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>When enabling IPFW (and IP6FW), make sure
+to also set the firewall_type to 'OPEN', to prevent  unpredictable
+system behavior during installation. <BR>To enable NAT, set
+natd_enable to 'YES' and define the natd interface (Upper-side
+interface).</P>
+<P>Connect a client pc to the lower-side
+network and check the IPv4 behavior.<BR>Since DHCP is not yet set up,
+the client's network settings must be configured manually.</P>
+<P ALIGN=right><A href="#freebsd0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 3 ************** -->
+<A href="#freebsd3" name=freebsd3>B.3&nbsp;Setting up IPv6</A></H4>
+<P>If you need IPv4 only, this section can
+be skipped. <BR>Though explanation is omitted, many parameters, like
+the ones used in the following sample, can be set in /etc/rc.conf.
+<BR>It is advised to read up on IPv6 and carefully set up its
+parameters. 
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>##ENABLE IPv6
+ipv6_enable="YES"
+ipv6_network_interfaces="gif0 fxp0"
+
+##TUNNELLING INTERFACE
+gif_interfaces="gif0"
+gifconfig_gif0="192.168.0.124 192.168.0.126"
+
+##IPv6 ADDRESS 
+ipv6_prefix_fxp0="2001:5:6:7"
+ipv6_ifconfig_fxp0="2001:5:6:7::1 prefixlen 64"
+
+##ADVERTISE
+rtadvd_enable="YES"
+rtadvd_interfaces="fxp0"
+
+##DEFAULT GATEWAY
+ipv6_default_interface="gif0"
+ipv6_defaultrouter="fe80::a:b:c:d%gif0"
+
+##ROUTING(RIPv6)
+ipv6_gateway_enable="YES"
+ipv6_router_enable="YES"
+ipv6_router="/usr/sbin/route6d"
+ipv6_router_flags="-O 2001:5:6:7::/64,gif0"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Connect a client pc to the lower-side
+network and check the behavior of IPv6.<BR>On a Windows pc, the
+command "ipv6 install" might be needed to activate IPv6.</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#ipfw0">back</A>&nbsp;<A href="#top">top</A></P>
+<HR>
+
+
+<H3><!-- Start:BIND9 Install --><A href="#bind0" name=bind0>C&nbsp;BIND9
+Install(Optional)</A></H3>
+<UL>
+	<LI><A href="#bind1">Ports Install</A></LI>
+	<LI><A href="#bind2">Making RNDC Key</A></LI>
+	<LI><A href="#bind3">Setting up named.conf</A></LI>
+	<LI><A href="#bind4">Creating up a Zone file</A> </LI>
+	<LI><A href="#bind5">Checking Behavior</A> </LI>
+</UL>
+
+
+<H4><!-- ********** 1 *********** -->
+<A href="#bind1" name=bind1>C.1&nbsp;Ports Install</A></H4>
+
+<P>	You can ignore DNS
+settings, if you control with IP address base
+or use existing DNS servers.</P>
+<P>	Installing BIND9 from
+ports:<BR>	
+Note: The "sysinstall" command can also be used.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># cd /usr/ports/dns/bind9/
+# make clean
+# make install clean ; rehash</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>During installation  the directory "/etc/namedb
+(/var/named/etc/namedb)" is created.</P>
+<P ALIGN=right><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ********** 2 ********** -->
+<A href="#bind2" name=bind2>C.2&nbsp;Making RNDC key</A></H4>
+<P>Use the "rndc" command to further secure BIND9.</P>
+<P>Create the rndc key as follows:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># cd /etc/namebd/
+# rndc-confgen -b 512 &gt; rndc.conf</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>This will generate the "rndc.conf" file.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># Start of rndc.conf
+key "rndc-key" {
+        algorithm hmac-md5;
+        secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
+};
+
+options {
+        default-key "rndc-key";
+        default-server 127.0.0.1;
+        default-port 953;
+};
+# End of rndc.conf
+
+# Use with the following in named.conf, adjusting the allow list as needed:
+# key "rndc-key" {
+#       algorithm hmac-md5;
+#       secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
+# };
+# 
+# controls {
+#       inet 127.0.0.1 port 953
+#               allow { 127.0.0.1; } keys { "rndc-key"; };
+# };
+# End of named.conf</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ********* 3 ********* -->
+<A href="#bind3" name=bind3>C.3&nbsp;Setting up named.conf</A></H4>
+<P>After installation,  look for the
+"/etc/namedb/named.conf" file and copy the last half of the
+"rndc.conf" file to it, making sure to remove comments, and
+add IPv6 configuration where/if required.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># Use with the following in named.conf, adjusting the allow list as needed:
+key "rndc-key" {
+        algorithm hmac-md5;
+        secret "wMpASEmnRVnD602MtEb+RqtMee5+n0RVgpaUrlAHvPpgH3SoK7f2nRZBUH7a0urvmyBuAg0dwtk/Otg9Ker3gA==";
+};
+
+controls {
+        inet ::1 port 953 allow { ::1; } keys { "rndc-key"; };
+        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
+};
+# End of named.conf</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>For security reasons, it is better to write the "key"
+directive in the other file.</P>
+<P>Edit the "options" directive in "named.conf":</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>options {
+        directory "/etc/namedb";
+        pid-file "/var/run/named/pid";
+        auth-nxdomain yes;
+        listen-on-v6 { any; };
+};</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Create the corresponding "pid" directory.</P>
+<P ALIGN=right><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ******** 4 ********* -->
+<A href="#bind4" name=bind4>C.4&nbsp;Creating a  Zone file</A></H4>
+<P>Edit the "view" and "zone" directives in "named.conf".</P>
+<P>The "view" directive is implemented in BIND9. Replying
+to the inquiries from matched-clients, BIND9 sends the information as
+described in the corresponding "view"</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>view "og" {
+        match-clients
+        {
+        192.168.1.0/24;
+        };
+
+        recursion yes;
+
+        zone "." {
+                type hint;
+                file "named.root";
+        };
+
+        zone "og.saga-u.ac.jp" {
+                type master;
+                file "og.saga-u.ac.jp";
+        };
+
+        zone "0.0.127.IN-ADDR.ARPA" {
+                type master;
+                file "master/localhost.rev";
+        };
+
+        // RFC 3152
+        zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
+              0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
+                type master;
+                file "master/localhost-v6.rev";
+        };
+
+        // RFC 1886 -- deprecated
+        zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
+              0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
+                type master;
+                file "master/localhost-v6.rev";
+        };
+};</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P><BR>Make a "zone" file for the domain "og.saga-u.ac.jp".
+<BR>The domain name and IPv4/6 addresses should be modified properly.
+If you don't need IPv6, remove the line containing "AAAA ....".</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>$TTL    3600
+$ORIGIN og.saga-u.ac.jp.
+
+@       IN      SOA     ns.og.saga-u.ac.jp. postmaster (
+                        2005051702 ;
+                        3600
+                        1200
+                        2419200
+                        86400 )
+                IN      NS      ns.og.saga-u.ac.jp.
+                IN      A       192.168.1.1
+                IN      MX      10 opengate.og.saga-u.ac.jp.
+
+ns              IN      A       192.168.1.1
+
+opengate        IN      A       192.168.1.1
+                        AAAA    2001:5:6:7::1</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ********* 5 ********* -->
+<A href="#bind5" name=bind5>C.5&nbsp;Checking Behavior</A></H4>
+<P>Confirm starting of "named" after completings its
+configuration.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># /usr/local/sbin/named -u bind -c /etc/namedb/named.conf</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>If "named" starts without problems, add the following
+lines to "/etc/rc.conf" to allow it to automatically start
+on boot up.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>named_enable="YES"
+named_program="/usr/local/sbin/named"
+named_flags="-u bind -c /etc/namedb/named.conf"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Because the management of a DNS server
+can be complicated,  it is strongly advised to carefully read the
+BIND9 manual, and/or consult other documentation.</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#bind0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<HR>
+<H3><!-- Start:isc-dhcp3 Install -->
+<A href="#dhcp0" name=dhcp0>D&nbsp;isc-dhcp3 Installation (Optional)</A></H3>
+<UL>
+	<LI><A href="#dhcp1">Ports Installation</A> 
+	<LI><A href="#dhcp2">Setting up DHCP</A> </LI>
+</UL>
+
+
+<H4><!-- *********** 1 ************* -->
+<A href="#dhcp1" name=dhcp1>D.1&nbsp;Ports Install</A></H4>
+<P>If many client PCs are going to be
+connected, using the DHCP service might be a desirable solution for
+assigning IP addresses to these clients.</P>
+<P>Installing isc-dhcp3 from ports:<BR>Note:
+the "sysinstall" command can also be used.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># cd /usr/ports/net/isc-dhcp3-server
+# make clean
+# make install clean ; rehash</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#dhcp0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 2 ************** -->
+<A href="#dhcp2" name=dhcp2>D.2&nbsp;Setting up DHCP</A></H4>
+<P>The"/usr/local/etc/dhcpd.conf.sample"
+ configuration file is created during installation. <BR>Copy
+"dhcpd.conf.sample" to "dhcpd.conf" and edit the
+file. <BR><BR>The following is an example setup: <BR>The lease time
+must be greater than the maximum usage duration (Duration/Max in
+opengatesrv.conf).<BR>The domain name and IP addresses should be
+modified. 
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>option domain-name "og.saga-u.ac.jp";
+option domain-name-servers 192.168.1.1;
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.1.255;
+option routers 192.168.1.1;
+
+default-lease-time 86400;
+max-lease-time 604800;
+ddns-update-style none;
+log-facility local7;
+
+subnet 192.168.55.0 netmask 255.255.255.0 {
+  range 192.168.1.10 192.168.1.250;
+}</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Add the following lines to "/etc/rc.conf" to allow it to
+automatically start on boot up.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>dhcpd_enable="YES"
+dhcpd_ifaces="fxp0"
+dhcpd_conf="/usr/local/etc/dhcpd.conf"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>In this example, the value of
+"dhcpd_ifaces" is the interface providing the DHCP service
+<BR>(to the lower-side network).</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#dhcp0">back</A>&nbsp;<A href="#top">top</A></P>
+<HR>
+
+
+<H3><!-- Start:Apache2 Install--><A href="#apache0" name=apache0>E&nbsp;Apache2
+Installation</A></H3>
+<UL>
+	<LI><A href="#apache1">Ports Installation</A> </LI>
+	<LI><A href="#apache2">Making Certificates</A> </LI>
+	<LI><A href="#apache3">Setting up SSL</A></LI>
+	<LI><A href="#apache4">Other Settings and Checking the installation</A> </LI>
+</UL>
+
+
+<H4><!-- ************ 1 ************** --><A href="#apache1" name=apache1>E.1&nbsp;Ports
+Install</A></H4>
+<P>When using IPv6, Opengate needs Apache2
+to support IPv6. <BR>By default, Apache2 supports SSL which is
+preferred for secure authentication.</P>
+<P>Installing Apache2 from ports:<BR>Note:
+The "sysinstall" command can also be used.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># cd /usr/ports/www/apache22
+# make clean
+# make install clean ; rehash</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#apache0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 2 ************** --><A href="#apache2" name=apache2>E.2&nbsp;Making
+Certificates</A></H4>
+<P>It is better to obtain a formal key from
+some CA. But we will show you how to create a self-signed private key
+and certificate. 
+</P>
+<P>Creating a private key:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># cd /usr/local/etc/apache22
+# mkdir ssl.key ssl.crt
+# chmod 700 ssl.key ssl.crt
+
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache22/server.key 1024</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P><BR>Making a certificate from the created key:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># /usr/bin/openssl req -new -x509 -days 365 \
+    -key /usr/local/etc/apache22/server.key \
+    -out /usr/local/etc/apache22/server.crt
+
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:JP
+State or Province Name (full name) [Some-State]:Saga
+Locality Name (eg, city) []:Saga-city
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
+Organizational Unit Name (eg, subsection) []:Opengate Management
+Common Name (eg, YOUR name) []:opengate.og.saga-u.ac.jp
+Email Address []:administrator@opengate.og.saga-u.ac.jp
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#apache0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 3 ************** --><A href="#apache3" name=apache3>E.3&nbsp;
+Setting up SSL</A></H4>
+<P>Edit "/usr/local/etc/apache22/extra/httpd-ssl.conf" as
+shown in the following example:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<P>ssl.conf 
+			</P>
+		</TD>
+	</TR>
+	<TR>
+		<TD>
+			<PRE>&lt;VirtualHost _default_:443&gt;
+    DocumentRoot "/usr/local/www/apache22/data"
+    ServerName opengate.og.saga-u.ac.jp:443
+    ServerAdmin administrator@opengate.og.saga-u.ac.jp
+    ErrorLog "|/usr/bin/logger -p local6.info"
+    CustomLog "|/usr/bin/logger -p local5.info" combined
+
+    SSLEngine on
+    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+    SSLCertificateFile /usr/local/etc/apache22/server.crt
+    SSLCertificateKeyFile /usr/local/etc/apache22/server.key
+&lt;/VirtualHost&gt;</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Since Apache2 has many settings,
+familiarize yourself with the Apache2 configuration options for
+adequate control.</P>
+<P ALIGN=right><A href="#apache0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 4 ************** --><A href="#apache4" name=apache4>E.4&nbsp;Other
+Settings and Checking the Installation</A></H4>
+<P>Edit "/usr/local/etc/apache22/httpd.conf" as follows:</P>
+<P>Opengate should send back the
+authentication page in response to any kind of HTTP request. <BR>To
+do so, add the following line to httpd.conf: <BR> (the top page will
+be sent back on an HTTP_ERROR 404 [file not found] error).</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>ErrorDocument 404 /</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P><BR>Add "ExecCGI" to allow executing CGI programs in the
+cgi-bin directory.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>&lt;Directory "/usr/local/www/cgi-bin"&gt;
+    ...
+    Options ExecCGI
+    ...
+&lt;/Directory&gt;</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Remove the comment mark ("#") to
+enable the following setting: 
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>AddHandler cgi-script .cgi
+AddHandler type-map .var</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Add "index.html.var" to
+DirectoryIndex: 
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>DirectoryIndex index.html.var index.html</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Include ssl conf file:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>Include etc/apache22/extra/httpd-ssl.conf</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Set ServerName: 
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>ServerName opengate.og.saga-u.ac.jp</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Start Apache2 with "apachectl start"
+and check for errors. <BR>If no errors are displayed, add the
+following lines to "/etc/rc.conf" to allow Apache to start
+on boot up:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>apache22_enable="YES"
+apache22ssl_enable="YES"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>If the system shows "Failed to
+enable the 'httpready' Accept Filter", add the following to
+/boot/loader.conf :</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>accf_http_load="YES"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Should the certificate require a PASSPHRASE, Apache will ask for it during
+boot up.<BR> If you do not enter the passphrase (reboot due to
+power outage, remote reboot, ,...), this will prevent <BR> the server from starting Apache normally, 
+i.e. leaving you with a possible "crippled" server.</P>
+<BLOCKQUOTE>
+<P>
+Easy fix:<BR>
+1. create a simple script containing the following:<BR>
+#!/bin/sh<BR>
+echo "&lt;passphrase goes here&gt;"<BR>
+<BR>2. add the following to	httpd.conf:<BR>
+SSLPassPhraseDialog exec:/path/to/above/script
+</P></BLOCKQUOTE>
+
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#apache0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<!-- Start:SQLite3 Installation -->
+<h3><A class=anchor href="#sqlite0" name=sqlite0>F&nbsp;SQLite3 Installation</A></h3>
+<ul>
+	<li class="list_num"><A href="#sqlite1">Inatallation</A></li>
+	<li class="list_num"><A href="#sqlite2">Checking</A></li>
+</ul>
+
+<!-- ************ 1 ************** -->
+<h4><A class=anchor href="#sqlite1" name=sqlite1>F.1&nbsp;Installation</A></h4>
+
+
+<p>Download archive file from SQLite site(www.sqlite.org).  Install it as follows.</p>
+
+<table><tr><td><pre>
+# tar xzvf sqlite-amalgamation-3.xx.xx.tar.gz
+# cd sqlite-3.xx.xx
+# ./configure
+# make
+# make install
+</pre></td></tr></table>
+
+<div align="right"><A href="#sqlite0">back</A>&nbsp;<A href="#top">top</A></div>
+
+<!-- ************ 2 ************** -->
+<h4><A class=anchor href="#sqlite2" name=sqlite2>F.2&nbsp;Checking</A></h4>
+
+<p>
+Check the normal execution.
+
+<table><tr><td><pre>
+# sqlite3
+SQLite version 3.xx.xx
+Enter ".help" for instructions
+Enter SQL statements terminated with a ";"
+sqlite&gt; .quit
+#
+</pre></td></tr></table>
+
+<div align="right"><A href="#sqlite0">back</A>&nbsp;<A href="#top">top</A></div>
+
+<HR>
+<H3><!-- Start:Opengate Install -->
+<A href="#opengate0" name=opengate0>G&nbsp;Opengate Installation</A></H3>
+<UL>
+	<LI><A href="#opengate1">Opengate Package</A> 
+	<LI><A href="#opengate2">Installation</A> </LI>
+	<LI><A href="#opengate3">Setting up Config File</A> </LI>
+	<LI><A href="#opengate4">Setting up IPFW</A> </LI>
+	<LI><A href="#opengate5">Setting up syslog</A> </LI>
+	<LI><A href="#opengate6">Checking Behavior</A> </LI>
+	<LI><A href="#opengate7">Modifying Pages</A> </LI>
+	<LI><A href="#opengate8">Setting up SQLite3</A> </LI>
+</UL>
+
+
+<H4><!-- ************1************* -->
+<A href="#opengate1" name=opengate1>G.1&nbsp;Opengate
+Package</A></H4>
+<P>Unpack the Opengate compressed file: 
+</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># tar xzvf opengatexxxx.tar.gz</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>It contains the following directories:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>doc: Documentation
+conf: Configuration files and firewall control Perl script sample
+javahtml: Client Programs and  HTML files
+opengatesrv: Server CGI programs
+tools: Some related tools
+ezxml: XML parser (Copyright Aaron Voisine)</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************2************* -->
+<A href="#opengate2" name=opengate2>G.2&nbsp;Installation</A></H4>
+<P>Check the settings in "opengatesrv/Makefile" and modify
+if needed:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>HTMLTOP = /usr/local/www/apache22
+DOCDIR = /data
+CGIDIR = /cgi-bin
+OPENGATEDIR = /opengate
+CONFIGPATH = /etc/opengate</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Compile and Install:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># make clean
+# make install</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 3 ************** -->
+<A href="#opengate3" name=opengate3>G.3&nbsp;Setting up Config File</A></H4>
+
+<P>Copy the sample configuration file
+"/etc/opengate/opengatesrv.conf.sample" to
+"/etc/opengate/opengatesrv.conf" and modify. <BR>The
+following settings must be changed:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>        &lt;OpengateServerName&gt;opengate.og.saga-u.ac.jp&lt;/OpengateServerName&gt;
+
+        &lt;AuthServer&gt;
+                &lt;Protocol&gt;pop3s&lt;/Protocol&gt;
+                &lt;Address&gt;192.168.0.2&lt;/Address&gt;
+        &lt;/AuthServer&gt;</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>In &lt;OpengateServerName&gt;, set the
+HOSTNAME(FQDN) or IP address of the opengate gateway server. If you
+want to use IPv6, you need to set the FQDN corresponding to both IPv4
+and IPv6 addresses.</P>
+<P>In &lt;AuthServer&gt;, set the
+information for the authentication server. Opengate supports various
+authentication protocols. See the config file for details. <BR>To
+differentiate between erorrs caused by authentication server or those
+caused by the opengate server, try the following setting first. This
+means that any userid and password combination is accepted.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE> ****Do not use this setting in real service****
+        &lt;AuthServer&gt;
+                &lt;Protocol&gt;accept&lt;/Protocol&gt; 
+        &lt;AuthServer&gt;</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>The config file is XML. "#" marks in
+the file do not represent the start of a comment. <BR>Use
+XML-formatted comments like &lt;!-- Comment String --&gt; to disable
+a description.</P>
+<P>Opengate can pass authentication settings
+in the form of "userid@extid". <BR>See the config file for
+more details. <BR>By using this function, you can use different
+authentication servers for many sections or guests.</P>
+<P>When the primary authentication server
+does not reply, Opengate can resend the request to other
+authentication servers. See the config file for more details.</P>
+<P>Caution: Do not delete the IPv6 related
+settings in the config file! <BR>	   The IPv6 access is executed when
+the FQDN for IPv6 is prepared.</P>
+
+<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 4 ************** -->
+<A href="#opengate4" name=opengate4>G.4&nbsp;Setting up IPFW</A></H4>
+<P>Write IPFW rules for Opengate. 
+</P>
+<P>Both IPv4 and IPv6 packets are controlled by IPFW.</P>
+<P>A sample rule set for IPFW can be found in
+"/etc/opengate/rc.firewall.sample"</P>
+<P>Copy the script and modify to fit your needs. <BR>   If you are
+not familiar with Ipv6, set IPv6 addresses as localhost (*net6="0",
+*ip6="::1").</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># cd /etc/opengate
+# cp rc.firewall.sample rc.firewall
+# vi rc.firewall</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Modify the firewall settings in /etc/rc.conf as follows:<BR>  Be
+careful not to lock yourself out of the system after reloading the
+firewall.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>firewall_enable="YES"
+firewall_script="/etc/opengate/rc.firewall"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Familiarise yourself with the "ipfw" command. <BR>  The
+Opengate software sends out ipfw add/delete commands.</P>
+<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 5 ************** -->
+<A href="#opengate5" name=opengate5>G.5&nbsp;Setting
+up syslog</A></H4>
+<P>Edit /etc/syslog.conf to save log entries for Opengate.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>         | Separated by TAB code
+         V
+local1.*   /var/log/opengate.log</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Make the log file as follows: <BR>  Consider using log rotation to
+control the size of this log file.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># touch /var/log/opengate.log</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 6 ************** -->
+<A href="#opengate6" name=opengate6>G.6&nbsp;Checking
+Behavior</A></H4>
+<P>Connect a PC to the lower-side network
+and try to access a site in the upper-side network. <BR>If it does
+not work properly, consult doc/progflow.html and doc/protocol.txt to
+better understand the procedure. Also check the log files for
+Opengate, httpd, system and others. To dump more information from
+Opengate, set the &lt;Debug&gt; switch to "2" in
+opengatesrv.conf.  Also check the functions of related software. The
+error checking document (errcheck.html) and Q&amp;A documents
+(qa.html, recentqa.html on the web) can be used for problem solving.</P>
+<P ALIGN=right><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 7 ************** -->
+<A href="#opengate7" name=opengate7>G.7&nbsp;Modifying
+Pages</A></H4>
+<P>If you want to modify the contents of the
+web pages, edit the html files in the Opengate directories. The
+relative path cannot be used in httpkeep.html. Use the full URL
+description. The descriptions such as %%XXX%% are variables replaced
+by their proper values during CGI runtime. 
+</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<!-- ************ 8 ************** -->
+<h4><A class=anchor href="#opengate8" name=opengate8>G.8&nbsp;Setting up SQLite3</A></h4>
+
+<p>
+Opengate uses the SQLite3 database to hold session information. 
+The path of the database file is indicated with &lt;SqliteDb&gt; 
+in opengatesrv.conf.
+It is recommended to change the default value 
+to the proper directory.
+WWW sholud have write permission for the directory.
+</p>
+<table><tr><td><pre>
+Example:
+-- opengatesrv.conf --
+&lt;SqliteDb&gt;/home/sqlitedb/opengate.db&lt;/SqliteDb&gt;
+
+-- shell commands --
+# mkdir /home/sqlitedb
+# chown www /home/sqlitedb
+</pre></td></tr></table>
+<p> 
+The file and database table are created automatically.
+</p>
+
+As the file size incleases steadily, you should periodically trim or remove the file with cron (or manually). Following is a sample script to delete 3 day old records.</p>
+
+<table>
+<tr><td><pre>
+#!/bin/sh
+echo "delete from session where closeTime &lt; datetime('now','localtime','-3days');" | sqlite3 /tmp/opengate.db
+exit 0
+</pre></td></tr>
+</table>
+
+<div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
+
+<hr>
+
+
+<H3><!-- Start:Install MRTG -->
+<A href="#mrtg0" name=mrtg0>H&nbsp;MRTG Installion (Optional)</A></H3>
+<UL>
+	<LI><A href="#mrtg1">Ports Installation</A> </LI>
+	<LI><A href="#mrtg2">Setting up MRTG</A> </LI>
+	<LI><A href="#mrtg3">Confirming proper startup</A>  </LI>
+	<LI><A href="#mrtg4">Setting up crontab</A> </LI>
+</UL>
+
+<H4><!-- ************ 1 ************** -->
+<A href="#mrtg1" name=mrtg1>H.1&nbsp;Ports Installation</A></H4>
+
+<P>This section is optional. <BR>   If you want to graphically
+monitor the state of Opengate, MRTG can be used but is not required.</P>
+<P><A HREF="http://people.ee.ethz.ch/%7Eoetiker/webtools/mrtg/" TARGET="_blank">MRTG<SPAN STYLE="TEXT-DECORATION: none">
+</SPAN></A>(Multi Router Traffic Grapher) is a system to monitor
+network traffic. MRTG produces graphic images and HTML files. 
+</P>
+<P>You can install MRTG on the gateway
+server or another server. If you need to monitor multiple Opengate
+systems, it is advised to install MRTG on a separate server.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># cd /usr/ports/net-mgmt/mrtg/
+# make clean
+# make install clean ; rehash</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></P>
+
+
+<H4><!-- ************ 2 ************** -->
+<A href="#mrtg2" name=mrtg2>H.2&nbsp;Setting up MRTG</A></H4>
+<P>MRTG creates
+"/usr/local/etc/mrtg/mrtg.cfg.sample" as the sample
+configuration file during installation. Copy mrtg.cfg.sample to
+opengate.cfg and edit the file:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>##################################################
+#  opengate user counter
+
+WorkDir: /usr/home/user/public_html/mrtg/opengate/
+
+##### Options
+Options[^]: growright,gauge,nopercent,integer
+
+Target[opengate]:`/usr/home/user/bin/input.sh`
+Title[opengate]: Opengate user counter
+
+PageTop[opengate]: &lt;h1&gt;Opengate user counter&lt;/h1&gt;
+ &lt;p&gt;Show the number of people using Opengate&lt;/p&gt;
+
+# Max Number
+MaxBytes[opengate]: 200
+
+# Title of Y axis
+YLegend[opengate]: Opengate User
+# unit
+ShortLegend[opengate]: s
+# Title of graph LegendI: first line LegendO: second line
+LegendI[opengate]: IPv6 Users
+LegendO[opengate]: Total Users</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Be sure to actually create the directory
+which you appointed in "WorkDir". MRTG creates its graphic
+images and HTML files in "WorkDir"</P>
+<P>"Target[opengate]" contains the
+path to the program that hands its data to MRTG. <BR>(details
+explained below)</P>
+
+<H5>H.2.1&nbsp;Scenario 1: Running MRTG on the gateway server</H5>
+<P>Create the shell script "/usr/home/user/bin/input.sh"
+with the following contents:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>#!/bin/sh
+
+#######################################
+##
+## show opengate status for MRTG
+##
+##   1 line : IPv6 Users
+##   2 line : Total Users
+##   3 line : uptime
+##   4 line : comment for data
+##
+#######################################
+
+LANG=C
+COLUMNS=256
+
+export LANG
+export COLUMNS
+
+### IPv6 prefix
+prefix="2001:2f8:22:801:"
+###opengateprocessname
+process="opengatesrv.cgi" 
+
+###tmp file  name
+tmp_all="/tmp/og_count_all.tmp"
+tmp_6="/tmp/og_count_6.tmp"
+
+######################################################
+psax | grep $process &gt; $tmp_all
+COUNT = `wc-l $tmp_all | awk '{print $1}'` 
+grep $prefix $tmp_all &gt;  $tmp_6
+COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
+UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
+
+rm $tmp_all
+rm $tmp_6
+
+echo "$COUNT6"
+echo "$COUNT"
+echo "$UPTIME"
+echo "Opengate User Counter"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Run this shell script as standalone and confirm that you can
+acquire the following data:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>5
+48
+10days
+Opengate User Counter</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<H5>H.2.2&nbsp;Scenario 2: Running MRTG on a separate server</H5>
+<P>Create the shell script "/usr/home/user/bin/input.sh" on
+a separate server.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>#!/bin/sh
+
+#######################################
+##
+## input data for MRTG
+##
+##   1 line : IPv6 Users
+##   2 line : Total Users
+##   3 line : uptime
+##   4 line : comment for data
+##
+#######################################
+
+# tmp file name
+file="/tmp/opengate.tmp"
+
+# URL of output.sh at opengate
+url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh"
+
+fetch -o $file $url &amp;&gt; /dev/null
+
+more $file</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P STYLE="TEXT-INDENT: 0in">Create the shell script
+"/usr/local/apache2/cgi-bin/output.sh" on the Opengate
+(gateway) server, and set the URL to $url, as explained above.</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>#!/bin/sh
+
+#######################################
+##
+## show opengate status for MRTG
+##
+##   1 line : IPv6 Users
+##   2 line : Total Users
+##   3 line : uptime
+##   4 line : comment for data
+##
+#######################################
+
+LANG=C
+COLUMNS=256
+
+export LANG
+export COLUMNS
+
+### IPv6 prefix
+prefix="2001:2f8:22:801:"
+###opengateprocessname
+process="opengatesrv.cgi" 
+
+###tmp file name
+tmp_all="/tmp/og_count_all.tmp"
+tmp_6="/tmp/og_count_6.tmp"
+
+######################################################
+psax | grep $process &gt; $tmp_all 
+COUNT = `wc-l $tmp_all | awk '{print $1}'` 
+grep $prefix $tmp_all &gt;  $tmp_6
+COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
+UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
+rm $tmp_all
+rm $tmp_6
+
+echo "Content-type: text/plain; charset=iso-8859-1"
+echo
+
+echo "$COUNT6"
+echo "$COUNT"
+echo "$UPTIME"
+echo "Opengate User Counter"</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P>Run "input.sh" on another server and confirm that you
+can acquire the following data:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>5
+48
+10days
+Opengate User Counter</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></P>
+
+<H4><!-- ************ 3 ************** -->
+<A href="#mrtg3" name=mrtg3>H.3&nbsp;Confirming MRTG Startup Operation:</A></H4>
+
+<P>Use the following command to confirm MRTG is working with your
+config:</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE># /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P STYLE="TEXT-INDENT: 0in">Various WARNING messages are output the
+first and second time, this is normal behavior <BR>(as explained in
+the MRTG documentation)!<BR>Some files are created in "WorkDir".</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>&gt; ls -l
+-rw-r--r--  1 root  wheel    538 12 14 04:40 mrtg-l.png
+-rw-r--r--  1 root  wheel    414 12 14 04:40 mrtg-m.png
+-rw-r--r--  1 root  wheel   1759 12 14 04:40 mrtg-r.png
+-rw-r--r--  1 root  wheel   2941 12 20 15:15 opengate-day.png
+-rw-r--r--  1 root  wheel   2146 12 20 14:35 opengate-month.png
+-rw-r--r--  1 root  wheel   2867 12 20 14:55 opengate-week.png
+-rw-r--r--  1 root  wheel   1897 12 20 05:00 opengate-year.png
+-rw-r--r--  1 root  wheel   5961 12 20 15:15 opengate.html
+-rw-r--r--  1 root  wheel  48786 12 20 15:15 opengate.log
+-rw-r--r--  1 root  wheel  48784 12 20 15:10 opengate.old</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></P>
+
+<H4><!-- ************ 4 ************** -->
+<A href="#mrtg4" name=mrtg4>H.4&nbsp;Registering to Crontab</A></H4>
+
+<P>Add the following line to "/etc/crontab":</P>
+<TABLE CELLPADDING=2 CELLSPACING=2>
+	<TR>
+		<TD>
+			<PRE>*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg</PRE>
+		</TD>
+	</TR>
+</TABLE>
+<P ALIGN=right><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></P>
+
+<HR>
+<H3><!-- Start:Install rulechk -->
+<A href="#rulechk" name=rulechk>I&nbsp;rulechk Installation (Optional)</A></H3>
+
+<P>This section is optional. <BR>When the
+Opengate process is not exited normally, superfluous rules might be
+left behind. <BR>Though it is 
+very rare, the tools/rulechk script is made to handle such situations. This 
+script compares the Opengate process list and the firewall rule list, and 
+deletes the obsolete rules.<BR>This script is compatible with Opengate Ver1.3.1 or above. 
+</P>
+<P ALIGN=right STYLE="MARGIN-BOTTOM: 0in"><A href="#rulechk">back</A>&nbsp;<A href="#top">top</A></P>
+</BODY>
+</HTML>
diff --git a/opengate/doc/en/qa.html b/opengate/doc/en/qa.html
index 67905ba..f2a43e7 100644
--- a/opengate/doc/en/qa.html
+++ b/opengate/doc/en/qa.html
@@ -67,7 +67,7 @@ For example, it might be used as the gateway from intra-net to extra-net or the
 What to do for No Java terminals?
 <BLOCKQUOTE>
 The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall.  The user can also close the network by clicking the TERMINATE link in accept page.
-
+From Version 1.4, JavaScript is used instead of Java.
 </BLOCKQUOTE></LI>
 
 
@@ -170,7 +170,7 @@ As the web pages are described in html files, it is easy to modify the design.
 Can I display web pages with other language.
 
 <BLOCKQUOTE>
-Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var. To change the Java Applet message, modify the source of Java.
+Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var. 
 </BLOCKQUOTE>
 
 <LI>
diff --git a/opengate/doc/en/spec.html b/opengate/doc/en/spec.html
index b4c1f6c..15d84f4 100644
--- a/opengate/doc/en/spec.html
+++ b/opengate/doc/en/spec.html
@@ -51,7 +51,7 @@
 			<P>Necessity</P>
 		</TD>
 		<TD>
-			<P>Web browser can run on the client. Ajax or JavaVM is desired.</P>
+			<P>Web browser can run on the client. Ajax is desired.</P>
 		</TD>
 	</TR>
 	<TR>
@@ -67,7 +67,7 @@
 			<P>Condition to close network</P>
 		</TD>
 		<TD>
-			<P>When (Ajax or JavaVM) is enabled and the usage duration is not
+			<P>When Ajax is enabled and the usage duration is not
 			entered:<BR>      - Close Web browser or OS<BR>      - Fail
 			periodic live check<BR>Other cases<BR>      - A fixed time length
 			passes.<BR>      - No packet passed from/to the client for a long
diff --git a/opengate/doc/ja/errcheck.html b/opengate/doc/ja/errcheck.html
index 83d2e57..2db4f04 100644
--- a/opengate/doc/ja/errcheck.html
+++ b/opengate/doc/ja/errcheck.html
@@ -20,9 +20,8 @@ Opengate
 Opengate‚͈ȉº‚̃tƒ@ƒCƒ‹‚ð—˜—p‚µ‚Ü‚·B‚±‚ê‚ç‚͐³‚µ‚­”z’u‚³‚ê‚Ä‚¢‚Ü‚·‚©BƒfƒBƒŒƒNƒgƒŠ‚ÍdefaultˆÊ’u‚Å‚·B<br>
  /usr/local/www/data/index.html.var<br>
  /usr/local/www/cgi-bin/opengate/(opengatesrv.cgi, opengatefwd.cgi, opengateauth.cgi)<br>
- /usr/local/www/data/opengate/(Opengate.jar, Opengate.class, OpengateOlient.class)<br>
  /usr/local/www/data/opengate/(ja, en)/(topindex.html, index.html, index-ssl.html, accept.html, accept2.hmtl, deny.html, deny-ssl.html, retry.html)<br>
- /etc/opengate/(opengatesrv.conf, rc.firewall, rc.irewall6, ipfwctrl.pl): *.sample‚©‚çƒRƒs[B<br>
+ /etc/opengate/(opengatesrv.conf, rc.firewall, ipfwctrl.pl): *.sample‚©‚çƒRƒs[B<br>
  /var/log/opengate.log<br>
  ‚³‚ç‚ɁAƒƒbƒNƒtƒ@ƒCƒ‹‚Æ‚µ‚Ä/tmp/opengate.lock‚ðŽg—p‚µ‚Ü‚·‚ªAì¬‚Í•s—v‚Å‚·BÁ‚µ‚Ä‚à\‚¢‚Ü‚¹‚ñB
  </LI>
@@ -151,7 +150,6 @@ Opengate
 <LI>EndWebAndRetry‚̃y[ƒW‚ª•\Ž¦‚³‚ê‚éB</LI>
 <UL>
 <LI>Šù‚ÉŠJ•ú‚³‚ê‚Ä‚¢‚é’[––‚©‚ç‚Ì—v‹‚ð‹‘”Û‚µ‚Ä‚¢‚Ü‚·Bƒuƒ‰ƒEƒU‚ÌBack“™‚ðŽg‚Á‚čēx”FØ—v‹‚ð‚µ‚½‚Æ‚«‚È‚Ç‚É‹N‚«‚Ü‚·BÄŽŽs‚·‚ê‚΁A”FØƒy[ƒW‚Å‚Í‚È‚­–Ú“I‚Æ‚·‚éŠO•”ƒy[ƒW‚ª•\Ž¦‚³‚ê‚é‚Í‚¸‚Å‚·B</li>
-<LI>JavaApplet‚ª“®‚©‚È‚¢ê‡‚ɂ́Aƒuƒ‰ƒEƒU‚ðI—¹‚µ‚Ä‚à‘¦Žž•Â½‚ƂȂ炸A‚µ‚΂炭‚ÍŠJ•úó‘Ô‚É‚ ‚è‚Ü‚·B</li>
 </UL>
 
 <LI>Apache‚ªInternalƒGƒ‰[‚âFileNotFoundƒGƒ‰[‚È‚Ç‚ðo‚·B</LI>
@@ -167,11 +165,8 @@ Opengate
 <UL>
 <LI>‰©F‚¢ƒo[‚ª•\Ž¦‚³‚ê‚È‚¢B</LI>
 <UL>
-<LI>JavaApplet‚ª“®ì‚µ‚Ä‚¢‚Ü‚¹‚ñBƒuƒ‰ƒEƒU‚ÅJavaVM‚ª“®ì‚·‚é‚悤‚ɐݒ肵‚Ä‚­‚¾‚³‚¢B</LI>
-<LI>ClassNotFound‚̃ƒbƒZ[ƒW‚ªo‚é‚Æ‚«‚́AJava‚Ìclassƒtƒ@ƒCƒ‹‚Ü‚½‚Íjarƒtƒ@ƒCƒ‹‚̈ʒuŽw’è‚ðŠm”F‚­‚¾‚³‚¢B</LI>
+<LI>JavaScript‚ª“®ì‚µ‚Ä‚¢‚Ü‚¹‚ñBƒuƒ‰ƒEƒU‚ÅJavaScript‚ª“®ì‚·‚é‚悤‚ɐݒ肵‚Ä‚­‚¾‚³‚¢B</LI>
 <LI>‚±‚̏ꍇ‚àA‚µ‚΂炭‚̓lƒbƒgƒ[ƒN‚ª—˜—p‚Å‚«‚Ü‚·B•Â½‚͈ȉº‚ÌŽž‚É‹N‚«‚Ü‚·BuŽw’莞ŠÔ‚ªŒo‰ßvuI—¹ƒŠƒ“ƒN‚ðƒNƒŠƒbƒNvuIPƒAƒhƒŒƒX‚ɑ΂·‚éMACƒAƒhƒŒƒX‚ª•Ï‰»vuˆê’莞ŠÔƒpƒPƒbƒg‚ª’Ê‚ç‚È‚¢vB</LI>
-<LI>Java Applet‚ªAJava Runtime 1.1Œü‚¯‚ɃRƒ“ƒpƒCƒ‹‚µ‚Ä‚¢‚È‚¢‚ƁAMicrosoft VM‚Å“®‚«‚Ü‚¹‚ñB‘Ήž‚·‚é‚ɂ́Aujavac -target 1.1 Opengate.javav‚Æ‚µ‚ăRƒ“ƒpƒCƒ‹‰º‚³‚¢BŠÂ‹«‚É‚æ‚Á‚Ắu-source 1.2v‚Ü‚½‚́u-source 1.3v‚ª•K—v‚©‚à’m‚ê‚Ü‚¹‚ñB</LI>
-
 </UL>
 </UL>
 <P></P>
@@ -184,7 +179,7 @@ Opengate
 <UL>
 <LI>JavaScript‚ª—LŒø‚É‚È‚Á‚Ä‚¢‚È‚¢‚ƃ|ƒbƒvƒAƒbƒv‚µ‚Ü‚¹‚ñB</LI>
 <LI>ƒuƒ‰ƒEƒU‚Ń|ƒbƒvƒAƒbƒv‹ÖŽ~‚ɐݒ肳‚ê‚Ä‚¢‚é‚ƃ|ƒbƒvƒAƒbƒv‚µ‚Ü‚¹‚ñB</LI>
-<LI>‚±‚ê‚ç’[––‚ɑΉž‚·‚邽‚߂ɕʃEƒCƒ“ƒhƒE‚ðŠJ‚­‚½‚߂̃Šƒ“ƒN‚ð•t‚¯‚Ä‚¢‚Ü‚·B‚È‚¨AJavaApplet‚̃y[ƒW‚ð•ÛŽ‚Å‚«‚ê‚΁A•ÊƒEƒCƒ“ƒhƒE‚ªo‚È‚­‚Ä‚à—˜—p‚ÉŽxá‚Í‚ ‚è‚Ü‚¹‚ñB</LI>
+<LI>‚±‚ê‚ç’[––‚ɑΉž‚·‚邽‚߂ɕʃEƒCƒ“ƒhƒE‚ðŠJ‚­‚½‚߂̃Šƒ“ƒN‚ð•t‚¯‚Ä‚¢‚Ü‚·B‚È‚¨AJavaScript‚̃y[ƒW‚ð•ÛŽ‚Å‚«‚ê‚΁A•ÊƒEƒCƒ“ƒhƒE‚ªo‚È‚­‚Ä‚à—˜—p‚ÉŽxá‚Í‚ ‚è‚Ü‚¹‚ñB</LI>
 </UL>
 </UL>
 <P></P>
@@ -196,12 +191,12 @@ Opengate
 <LI>‹–‰Âƒy[ƒW‚ª•\Ž¦‚³‚ꂽ‚̂ɁA’ʐM‚ª’Ê‚ç‚È‚¢B</LI>
 <UL>
 <LI>ipfw listƒRƒ}ƒ“ƒh‚ŁA‹–‰Âƒ‹[ƒ‹‚ª’ljÁ‚³‚ê‚Ä‚¢‚邱‚Æ‚ðŠm”F‚­‚¾‚³‚¢Bƒ‹[ƒgŒ ŒÀ‚Å“®‚©‚È‚¢‚ÆipfwƒRƒ}ƒ“ƒh‚Í”­s‚ªo—ˆ‚Ü‚¹‚ñBopengatesrv.cgiƒtƒ@ƒCƒ‹‚ÉSƒrƒbƒg‚ª—§‚Á‚Ä‚¢‚邱‚Æ‚ðŠm”F‚­‚¾‚³‚¢B</LI>
-<LI>ƒuƒ‰ƒEƒU‚ðI—¹‚µ‚È‚¢‚Å‚­‚¾‚³‚¢BÅ¬‰»ó‘Ô‚Å‚à‚©‚Ü‚¢‚Ü‚¹‚ñBI—¹‚·‚é‚ÆJavaApplet‚©‚ç‚̘A—‚É‚æ‚èƒlƒbƒgƒ[ƒN‚ª•Â½‚³‚ê‚Ü‚·B</LI>
+<LI>ƒuƒ‰ƒEƒU‚ðI—¹‚µ‚È‚¢‚Å‚­‚¾‚³‚¢BÅ¬‰»ó‘Ô‚Å‚à‚©‚Ü‚¢‚Ü‚¹‚ñBI—¹‚·‚é‚ÆJavaScript‚©‚ç‚̘A—‚É‚æ‚èƒlƒbƒgƒ[ƒN‚ª•Â½‚³‚ê‚Ü‚·B</LI>
 </UL>
 <LI>‹–‰Âƒy[ƒW‚ª•\Ž¦‚³‚ê‚Ä‚µ‚΂炭‚͒ʐM‚ªo—ˆ‚邪A‰½•ª‚©Œo‚‚ƒʐM‚ª’Ê‚ç‚È‚­‚È‚éB</LI>
 <UL>
-<LI>JavaApplet‚ª“®‚¢‚Ä‚¢‚È‚¢ê‡‚Ìà–¾‚͏ã‚ðŽQÆ‚­‚¾‚³‚¢B</LI>
-<LI>JavaApplet‰Ò“®Žž‚ɂ́AˆÈ‰º‚Ì‚¢‚¸‚ê‚©‚ŕ½‚³‚ê‚Ü‚·BuJavaApplet‚ª’âŽ~‚·‚éiƒuƒ‰ƒEƒU’âŽ~AOS’âŽ~‚É”º‚¤’âŽ~‚ðŠÜ‚Þ)vu10•ª‚²‚Æ‚ÌHelloƒƒbƒZ[ƒWŒðŠ·‚ÉJavaApplet‚ªˆê’è‰ñ”•Ô“š‚µ‚È‚¢vuˆê’莞ŠÔƒpƒPƒbƒg‚ª’Ê‚ç‚È‚¢vB</LI>
+<LI>JavaScript‚ª“®‚¢‚Ä‚¢‚È‚¢ê‡‚Ìà–¾‚͏ã‚ðŽQÆ‚­‚¾‚³‚¢B</LI>
+<LI>JavaScript‰Ò“®Žž‚ɂ́AˆÈ‰º‚Ì‚¢‚¸‚ê‚©‚ŕ½‚³‚ê‚Ü‚·BuJavaScript‚ª’âŽ~‚·‚éiƒuƒ‰ƒEƒU’âŽ~AOS’âŽ~‚É”º‚¤’âŽ~‚ðŠÜ‚Þ)vuHelloƒƒbƒZ[ƒWŒðŠ·‚ÉJavaScript‚ª•Ô“š‚µ‚È‚¢vB</LI>
 </UL>
 
 </UL>
@@ -209,7 +204,7 @@ Opengate
 
 <!-- ******************** -->
 
-<LI>10•ª‚²‚Ƃɉ©F‚¢ƒo[‚Ì’†‚Ì•\Ž¦‚ª•Ï‚í‚éB</LI>
+<LI>”•ª‚²‚Ƃɉ©F‚¢ƒo[‚Ì’†‚Ì•\Ž¦‚ª•Ï‚í‚éB</LI>
 
 <UL>
 <LI>Å‰‚̐³íŠJŽn‚̃ƒbƒZ[ƒW‚Ì‚Ü‚Ü•Ï‚í‚ç‚È‚¢B</LI>
diff --git a/opengate/doc/ja/install.html b/opengate/doc/ja/install.html
index 2b793db..1df609f 100644
--- a/opengate/doc/ja/install.html
+++ b/opengate/doc/ja/install.html
@@ -43,6 +43,11 @@
 		<li class="list_num"><A href="#apache3">ƒo[ƒ`ƒƒƒ‹ƒzƒXƒg‚̐ݒè</A></li>
 		<li class="list_num"><A href="#apache4">‚»‚Ì‘¼‚̐ݒè‚Æ“®ìŠm”F</A></li>
 	</ul></li>
+	<li class="list_alpha"><A href="#sqlite0">SQLite3‚̃Cƒ“ƒXƒg[ƒ‹</A>
+	<ul>
+		<li class="list_num"><A href="#sqlite1">ƒCƒ“ƒXƒg[ƒ‹</A></li>
+		<li class="list_num"><A href="#sqlite2">“®ìŠm”F</A></li>
+	</ul></li>
 	<li class="list_alpha"><A href="#opengate0">Opengate ‚̃Cƒ“ƒXƒg[ƒ‹</A>
 	<ul>
 		<li class="list_num"><A href="#opengate1">OpengateƒpƒbƒP[ƒW</A></li>
@@ -51,6 +56,8 @@
 		<li class="list_num"><A href="#opengate4">ipfw‚̐ݒè</A></li>
 		<li class="list_num"><A href="#opengate5">syslog‚̐ݒè</A></li>
 		<li class="list_num"><A href="#opengate6">“®ìŠm”F</A></li>
+		<li class="list_num"><A href="#opengate7">ƒy[ƒW‚̏C³</A></li>
+		<li class="list_num"><A href="#opengate8">sqlite3‚̐ݒè</A></li>
 
 	</ul></li>
 	<li class="list_alpha"><A href="#mrtg0">MRTG‚̃Cƒ“ƒXƒg[ƒ‹(Optional)</A>
@@ -133,7 +140,7 @@ Opengate
 <!-- ************1************* -->
 <h4>B.1&nbsp;Šî–{ƒCƒ“ƒXƒg[ƒ‹<A class=anchor href="#freebsd1" name=freebsd1>õ</A></h4>
 
-<p>FreeBSD4.xˆÈ~‚Ì‚Ç‚ê‚©‚ðƒCƒ“ƒXƒg[ƒ‹‚·‚éBFreeBSD6.1ˆÈ~‚ª–]‚Ü‚µ‚¢BŒã‚ɃJ[ƒlƒ‹‚ðÄ\’z‚·‚é•K—v‚ª‚ ‚é‚̂ŁAƒCƒ“ƒXƒg[ƒ‹‚·‚éDistributions‚ð‘I‘ð‚·‚éÛ‚ɁADeveloper(Full sources,binaries and doc)‚à‚µ‚­‚ÍAll‚ð‘I‘ð‚µ‚È‚¯‚ê‚΂Ȃç‚È‚¢B</p>
+<p>FreeBSD6.1ˆÈ~‚Ì‚Ç‚ê‚©‚ðƒCƒ“ƒXƒg[ƒ‹‚·‚éBŒã‚ɃJ[ƒlƒ‹‚ðÄ\’z‚·‚é•K—v‚ª‚ ‚é‚̂ŁAƒCƒ“ƒXƒg[ƒ‹‚·‚éDistributions‚ð‘I‘ð‚·‚éÛ‚ɁADeveloper(Full sources,binaries and doc)‚à‚µ‚­‚ÍAll‚ð‘I‘ð‚µ‚È‚¯‚ê‚΂Ȃç‚È‚¢B</p>
 
 <p>FreeBSD‚ðƒCƒ“ƒXƒg[ƒ‹‚µ‚½Œã‚ɁAƒQ[ƒgƒEƒFƒC‚Æ‚µ‚Ä‚Ì‹@”\‚ð—LŒø‚É‚·‚邽‚߂ɁA/etc/rc.conf‚ÉŽŸ‚̐ݒè‚ð‹Lq‚·‚éB‚à‚µ‚­‚́AFreeBSD‚ðƒCƒ“ƒXƒg[ƒ‹‚·‚éÛ‚ɁAƒQ[ƒgƒEƒFƒC‚Æ‚µ‚Ä‚Ì‹@”\‚ð—LŒø‚É‚·‚é‚©”Û‚©‚ð–â‚í‚ê‚é‚̂ŁA‚±‚±‚ŃQ[ƒgƒEƒFƒC‚Ì‹@”\‚ð—LŒø‚É‚µ‚Ä‚à\‚í‚È‚¢B</p>
 
@@ -150,7 +157,7 @@ Opengate
 <h4>B.2&nbsp;NAT‚ƃtƒ@ƒCƒAƒEƒH[ƒ‹‚̒ljÁ<A class=anchor href="#freebsd2" name=freebsd2>õ</A></h4>
 
 <p>
-ƒtƒ@ƒCƒAƒEƒH[ƒ‹iipfw‚¨‚æ‚Ñip6fw)‚ð—˜—p‚·‚邽‚߂ɂ́AFreeBSD‚̃J[ƒlƒ‹‚ðÄ\’z‚·‚é•K—v‚ª‚ ‚éBFreeBSDƒCƒ“ƒXƒg[ƒ‹Žž‚ɃJ[ƒlƒ‹“™‚Ì‘S‚Ẵ\[ƒX‚ðƒCƒ“ƒXƒg[ƒ‹‚µ‚Ä‚¢‚È‚¯‚ê‚΂Ȃç‚È‚¢B</p>
+ƒtƒ@ƒCƒAƒEƒH[ƒ‹iipfw)‚ð—˜—p‚·‚邽‚߂ɂ́AFreeBSD‚̃J[ƒlƒ‹‚ðÄ\’z‚·‚é•K—v‚ª‚ ‚éBFreeBSDƒCƒ“ƒXƒg[ƒ‹Žž‚ɃJ[ƒlƒ‹“™‚Ì‘S‚Ẵ\[ƒX‚ðƒCƒ“ƒXƒg[ƒ‹‚µ‚Ä‚¢‚È‚¯‚ê‚΂Ȃç‚È‚¢B</p>
 
 <p>ˆÈ‰º‚̃fƒBƒŒƒNƒgƒŠ‚É‚¨‚¢‚āAOpengate—p‚̃J[ƒlƒ‹ƒIƒvƒVƒ‡ƒ“‚ðì¬‚·‚éB</p>
 
@@ -161,26 +168,7 @@ Opengate
 
 <p>ƒRƒs[‚µ‚½ƒJ[ƒlƒ‹ƒIƒvƒVƒ‡ƒ“‚ɁAŽŸ‚̃IƒvƒVƒ‡ƒ“‚ð’ljÁ‚·‚éB</p>
 
-<p> FreeBSD6.0ˆÈ‘O </p>
-
-<table><tr><td><pre>
-options IPDIVERT
-
-options IPFIREWALL
-options IPFIREWALL_FORWARD
-options IPFIREWALL_VERBOSE
-options IPFIREWALL_VERBOSE_LIMIT=100
-
-options IPV6FIREWALL
-options IPV6FIREWALL_VERBOSE
-options IPV6FIREWALL_VERBOSE_LIMIT=100
 
-options IPSEC
-options IPSEC_ESP
-options TCP_DROP_SYNFIN
-</pre></td></tr></table>
-
-<p> FreeBSD6.1ˆÈ~ </p>
 
 <table><tr><td><pre>
 options IPDIVERT
@@ -197,6 +185,16 @@ device crypto
 
 <p>‚±‚ê‚ç‚̃IƒvƒVƒ‡ƒ“‚ð’ljÁ‚µ‚½Œã‚ɁAƒJ[ƒlƒ‹‚̃Rƒ“ƒpƒCƒ‹‚ƃCƒ“ƒXƒg[ƒ‹‚ðs‚È‚¤B</p>
 
+<TABLE CELLPADDING=2 CELLSPACING=2>
+<TR><TD>
+<PRE>#cd /usr/src
+#make buildkernel KERNCONF=MYKERNEL
+#make installkernel KERNCONF=MYKERNEL
+</PRE>
+</TD></TR>
+</TABLE>
+
+<p>‚±‚ꂪŽ¸”s‚·‚é‚È‚çAŒÃ‚¢•ûŽ®‚ð—˜—p‚·‚éB
 <table><tr><td><pre># config MYKERNEL
 # cd ../compile/MYKERNEL
 # make depend
@@ -209,22 +207,7 @@ device crypto
 <p>
 Ä\’z‚µ‚½ƒJ[ƒlƒ‹‚É‚æ‚Á‚āAƒtƒ@ƒCƒAƒEƒH[ƒ‹‚ð—LŒø‚É‚·‚邽‚ß‚É/etc/rc.conf‚Ɉȉº‚̃IƒvƒVƒ‡ƒ“‚ð‹Lq‚·‚éB</p>
 
-<p> FreeBSD6.0ˆÈ‘O </p>
-
-<table><tr><td><pre>
-firewall_enable="YES"
-firewall_script="/etc/rc.firewall"
-firewall_type="open"
-
-ipv6_firewall_enable="YES"
-ipv6_firewall_script="/etc/rc.firewall6"
-ipv6_firewall_type="open"
-
-natd_enable="YES"
-natd_interface="fxp1"
-</pre></td></tr></table>
 
-<p> FreeBSD6.1ˆÈ~ </p>
 <table><tr><td><pre>
 firewall_enable="YES"
 firewall_script="/etc/rc.firewall"
@@ -734,20 +717,65 @@ accf_http_load="YES"
 
 <hr>
 
+
+<!-- Start:SQLite3‚̃Cƒ“ƒXƒg[ƒ‹ -->
+<h3>F&nbsp;SQLite3‚̃Cƒ“ƒXƒg[ƒ‹<A class=anchor href="#sqlite0" name=sqlite0>õ</A></h3>
+<ul>
+	<li class="list_num"><A href="#sqlite1">ƒCƒ“ƒXƒg[ƒ‹</A></li>
+	<li class="list_num"><A href="#sqlite2">“®ìŠm”F</A></li>
+</ul>
+
+<!-- ************ 1 ************** -->
+<h4>F.1&nbsp;ƒCƒ“ƒXƒg[ƒ‹<A class=anchor href="#sqlite1" name=sqlite1>õ</A></h4>
+
+
+<p>SQLite‚̃TƒCƒg‚©‚çƒ_ƒEƒ“ƒ[ƒh‚µ‚½ƒA[ƒJƒCƒu‚ð‰ð“€‚µAƒCƒ“ƒXƒg[ƒ‹‚·‚éB</p>
+
+<table><tr><td><pre>
+# tar xzvf sqlite-amalgamation-3.xx.xx.tar.gz
+# cd sqlite-3.xx.xx
+# ./configure
+# make
+# make install
+</pre></td></tr></table>
+
+<div align="right"><A href="#sqlite0">back</A>&nbsp;<A href="#top">top</A></div>
+
+<!-- ************ 2 ************** -->
+<h4>F.2&nbsp;“®ìŠm”F<A class=anchor href="#sqlite2" name=sqlite2>õ</A></h4>
+
+<p>
+ˆÈ‰º‚̃Rƒ}ƒ“ƒh‚ŃCƒ“ƒXƒg[ƒ‹‚ðŠm”F‚·‚éB
+
+<table><tr><td><pre>
+# sqlite3
+SQLite version 3.xx.xx
+Enter ".help" for instructions
+Enter SQL statements terminated with a ";"
+sqlite&gt; .quit
+#
+</pre></td></tr></table>
+
+<div align="right"><A href="#sqlite0">back</A>&nbsp;<A href="#top">top</A></div>
+
+<hr>
+
 <!-- Start:Opengate‚̃Cƒ“ƒXƒg[ƒ‹ -->
-<h3>F&nbsp;Opengate‚̃Cƒ“ƒXƒg[ƒ‹<A class=anchor href="#opengate0" name=opengate0>õ</A></h3>
+<h3>G&nbsp;Opengate‚̃Cƒ“ƒXƒg[ƒ‹<A class=anchor href="#opengate0" name=opengate0>õ</A></h3>
 
 	<ul>
 		<li class="list_num"><A href="#opengate1">OpengateƒpƒbƒP[ƒW</A></li>
 		<li class="list_num"><A href="#opengate2">ƒCƒ“ƒXƒg[ƒ‹</A></li>
 		<li class="list_num"><A href="#opengate3">Ý’èƒtƒ@ƒCƒ‹‚̐ݒè</A></li>
 		<li class="list_num"><A href="#opengate4">ipfw‚̐ݒè</A></li>
-		<li class="list_num"><A href="#opengate5">ip6fw‚̐ݒè</A></li>
-		<li class="list_num"><A href="#opengate6">syslog‚̐ݒè</A></li>
-		<li class="list_num"><A href="#opengate7">“®ìŠm”F</A></li>	</ul>
+		<li class="list_num"><A href="#opengate5">syslog‚̐ݒè</A></li>
+		<li class="list_num"><A href="#opengate6">“®ìŠm”F</A></li>	
+		<li class="list_num"><A href="#opengate7">ƒy[ƒW‚̏C³</A></li>
+		<li class="list_num"><A href="#opengate8">sqlite3‚̐ݒè</A></li>
+</ul>
 	
 <!-- ************1************* -->
-<h4>F.1&nbsp;OpengateƒpƒbƒP[ƒW<A class=anchor href="#opengate1" name=opengate1>õ</A></h4>
+<h4>G.1&nbsp;OpengateƒpƒbƒP[ƒW<A class=anchor href="#opengate1" name=opengate1>õ</A></h4>
 
 <p>Opengate‚̃pƒbƒP[ƒW‚ð“K“–‚ȃfƒBƒŒƒNƒgƒŠ‚É“WŠJ‚·‚éB</p>
 
@@ -761,7 +789,7 @@ accf_http_load="YES"
 <tr><td><pre>
 docFŠeŽí•¶‘
 confFÝ’èƒtƒ@ƒCƒ‹Aƒtƒ@ƒCƒAƒEƒH[ƒ‹ƒXƒNƒŠƒvƒg
-javahtmlFƒNƒ‰ƒCƒAƒ“ƒgJava AppletAHTMLƒtƒ@ƒCƒ‹
+javahtmlFƒNƒ‰ƒCƒAƒ“ƒgƒvƒƒOƒ‰ƒ€AHTMLƒtƒ@ƒCƒ‹
 opengatesrvFƒT[ƒoCGIƒvƒƒOƒ‰ƒ€
 tools: •t‰Áƒc[ƒ‹
 ezxml: XMLƒp[ƒT (copyright Aaron Voisine)
@@ -770,7 +798,7 @@ ezxml: XML
 </table>
 <div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
 
-<h4>F.2&nbsp;ƒRƒ“ƒpƒCƒ‹<A class=anchor href="#opengate2" name=opengate2>õ</A></h4>
+<h4>G.2&nbsp;ƒRƒ“ƒpƒCƒ‹<A class=anchor href="#opengate2" name=opengate2>õ</A></h4>
 
 <p>
 
@@ -797,7 +825,7 @@ CONFIGPATH = /etc/opengate
 <div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
 
 <!-- ************ 3 ************** -->
-<h4>F.3&nbsp;Ý’èƒtƒ@ƒCƒ‹‚̐ݒè<A class=anchor href="#opengate3" name=opengate3>õ</A></h4>
+<h4>G.3&nbsp;Ý’èƒtƒ@ƒCƒ‹‚̐ݒè<A class=anchor href="#opengate3" name=opengate3>õ</A></h4>
 
 <p>Ý’èƒtƒ@ƒCƒ‹/etc/opengate/opengatesrv.conf.sample‚ªì¬‚³‚ê‚Ä‚¢‚é‚̂ŁA‚±‚ê‚ð/etc/opengate/opengtesrv.conf‚ɃRƒs[‚µ‚ĕύX‚ð‰Á‚¦‚éB•K{•ÏX‰ÓŠ‚͈ȉº‚Ì’Ê‚è‚Å‚ ‚éB</p>
 
@@ -831,42 +859,14 @@ CONFIGPATH = /etc/opengate
 
 	
 <div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
-<hr>
 
 <!-- ************ 4 ************** -->
-<h4>F.4&nbsp;ipfw‚̐ݒè<A class=anchor href="#opengate4" name=opengate4>õ</A></h4>
+<h4>G.4&nbsp;ipfw‚̐ݒè<A class=anchor href="#opengate4" name=opengate4>õ</A></h4>
 
 <p>
 Opengate‚Ì“®ì‚Ì‚½‚ß‚É“KØ‚Ƀtƒ@ƒCƒAƒEƒH[ƒ‹‚̃‹[ƒ‹‚ð‹Lq‚µ‚È‚¯‚ê‚΂Ȃç‚È‚¢B</p>
 
-<p>(FreeBSD6.0ˆÈ‘O‚̏ꍇ)</p>
-<p>IPv4‚Íipfw‚ŁAIPv6‚Íip6fw‚Ő§Œä‚·‚éB
-ipfw‚Æip6fw‚̃tƒ@ƒCƒAƒEƒH[ƒ‹‚̃‹[ƒ‹Ý’è‚̃XƒNƒŠƒvƒg—á‚ðA"/etc/opengate/rc.firewall4.sample"‚Æ"/etc/opengate/rc.firewall6.sample"‚É—pˆÓ‚µ‚Ä‚¢‚éB</p>
-<p>‚±‚ê‚ç‚ð"/etc/opengate/rc.firewall4"‚Æ"/etc/opengate/rc.firewall6"‚ɃRƒs[‚µ‚āAIPƒAƒhƒŒƒX“™‚ðC³‚·‚éB</p>
-
-<table><tr><td><pre>
-# cd /etc/opengate
-# cp rc.firewall4.sample rc.firewall4
-# cp rc.firewall6.sample rc.firewall6
-# vi rc.firewall4
-# vi rc.firewall6
-</pre></td></tr></table>
-
-<p>/erc/rc.conf“à‚̃tƒ@ƒCƒAƒEƒH[ƒ‹Ý’è‚ðˆÈ‰º‚̂悤‚ɕύX‚·‚éB‚±‚̐ݒèŒã‚́Aƒtƒ@ƒCƒAƒEƒH[ƒ‹‚ªŒ´‘¥•Â½‚É‚È‚é‚Ì‚Å’ˆÓ‚·‚éB</p>
-
-<table><tr><td><pre>
-firewall_enable="YES"
-firewall_script="/etc/opengate/rc.firewall4"
-
-ipv6_firewall_enable="YES"
-ipv6_firewall_script="/etc/opengate/rc.firewall6"
-</pre></td></tr></table>
-
-<p>‚³‚ç‚ɁA"/etc/opengatesrv.conf"’†‚Ì&lt;Ip6fwPath&gt;/sbin/ipfw&lt;/Ip6fwPath&gt;‚ð&lt;Ip6fwPath&gt;/sbin/ip6fw&lt;/Ip6fwPath&gt;‚ɕύX‚·‚éB</p>
-
-<p>(FreeBSD6.1ˆÈ~‚̏ꍇ)</p>
-
-<p>IPv4/IPv6‚Ì—¼ŽÒ‚ðipfwƒVƒXƒeƒ€‚¾‚¯‚Ő§Œä‚Å‚«‚éB‚»‚̃tƒ@ƒCƒAƒEƒH[ƒ‹‚̃‹[ƒ‹Ý’è‚̃XƒNƒŠƒvƒg—á‚ðA
+<p>IPv4/IPv6‚Ì—¼ŽÒ‚ðipfwƒVƒXƒeƒ€‚Ő§Œä‚·‚éB‚»‚̃tƒ@ƒCƒAƒEƒH[ƒ‹‚̃‹[ƒ‹Ý’è‚̃XƒNƒŠƒvƒg—á‚ðA
 "/etc/opengate/rc.firewall.sample"‚É—pˆÓ‚µ‚Ä‚¢‚éB</p>
 <p>‚±‚ê‚ð"/etc/opengate/rc.firewall"‚ɃRƒs[‚µ‚āAIPƒAƒhƒŒƒX“™‚ðC³‚·‚éBIPv6‚ðŽg‚í‚È‚¢ê‡AIPv6ƒAƒhƒŒƒX‚É‚Ílocalhost(*net6="0", *ip6="::1")‚ðÝ’è‚·‚éB</p>
 
@@ -890,14 +890,11 @@ firewall_script="/etc/opengate/rc.firewall"
 Opengate‚́A”FØ‚ð’ʉ߂µ‚½’[––‚ɑ΂µ‚āA‹–‰Âƒ‹[ƒ‹(”ԍ†F10000-40000)‚ð’ljÁ^íœ‚·‚éB‚Ü‚½AÅ‰‚©‚ç—Dæ‡ˆÊ‚Ì’á‚¢ˆÊ’u(”ԍ†F60000)‚ɁAƒtƒHƒ[ƒhƒ‹[ƒ‹‚ªÝ’肳‚ê‚Ä‚¢‚éB‚æ‚Á‚āA‹–‰Â’[––‚̃pƒPƒbƒg‚̓Q[ƒgƒEƒFƒC‚ð’ʉ߂µA‚»‚êˆÈŠO‚Ì’[––‚ÌWebƒAƒNƒZƒX‚Å‚Í”FØƒy[ƒW‚ª•\Ž¦‚³‚ê‚éB
 </p>
 
-<p>Opengate adds/removes the allow rule (rule number:10000-40000) for the authenticated terminals.  And the forward rule is exists in less priority position(rule number:60000) in the initial setting.  Thus the packets for authenticated terminals pass the gateway, and the Web access from other terminals results the authentication page.
-</p>
-
 <div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
 
 
 <!-- ************ 5 ************** -->
-<h4>F.5&nbsp;syslog‚̐ݒè<A class=anchor href="#opengate5" name=opengate5>õ</A></h4>
+<h4>G.5&nbsp;syslog‚̐ݒè<A class=anchor href="#opengate5" name=opengate5>õ</A></h4>
 
 <p>SYSLOG‚É‚æ‚郍ƒO‹L˜^‚ð—LŒø‚É‚·‚邽‚߂ɁA/etc/syslog.conf‚Ɉȉº‚̐ݒè‚ðs‚¤B</p>
 
@@ -915,7 +912,7 @@ local1.*  /var/log/opengate.log
 <div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
 
 <!-- ************ 6 ************** -->
-<h4>F.6&nbsp;“®ìŠm”F<A class=anchor href="#opengate6" name=opengate6>õ</A></h4>
+<h4>G.6&nbsp;“®ìŠm”F<A class=anchor href="#opengate6" name=opengate6>õ</A></h4>
 
 <p>‰º—¬‘¤ƒlƒbƒgƒ[ƒN‚ÉPC‚ð‚‚Ȃ¢‚ŁAã—¬‘¤‚ÌWebƒTƒCƒg‚ðƒAƒNƒZƒX‚·‚éB“KØ‚É“®ì‚µ‚È‚¢ê‡A‚Ü‚¸‚́Adoc/progflow.html,doc/protocol.txt‚ðŒ©‚ÄA“®ì‚ÌŠÖ˜A‚ð—‰ð‚·‚é‚Æ‚Æ‚à‚ɁAƒƒOƒtƒ@ƒCƒ‹(Opengate, httpd, ƒVƒXƒeƒ€‚Ȃǁj‚ðŽQÆ‚µ‚Ä—~‚µ‚¢BÚ×‚ȃƒO‚ðo‚·‚ɂ́Aopengatesrv.conf“à‚Ì&lt;Debug&gt;‚ð2‚ɐݒ肷‚éB‚Ü‚½AŠÖ˜Aƒ\ƒtƒgƒEƒFƒA‚ª“Æ—§‚Å“®ì‚·‚é‚©‚ðŠm‚©‚ß‚Ä—~‚µ‚¢B‚Ü‚½AƒGƒ‰[ƒ`ƒFƒbƒNƒhƒLƒ…ƒƒ“ƒgerrcheck.htmlAŽ¿–â‰ñ“šqa.htmlAWebã‚Ìrecentqa.html‚àŽQl‚ɂȂ邾‚낤B</p>
 
@@ -923,16 +920,52 @@ local1.*  /var/log/opengate.log
 <div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
 
 <!-- ************ 7 ************** -->
-<h4>F.7&nbsp;ƒy[ƒW‚̏C³<A class=anchor href="#opengate7" name=opengate7>õ</A></h4>
+<h4>G.7&nbsp;ƒy[ƒW‚̏C³<A class=anchor href="#opengate7" name=opengate7>õ</A></h4>
 
 <p>•\Ž¦ƒy[ƒW‚Ì“à—e‚ð•ÏX‚·‚é‚Æ‚«‚ɂ́AHTMLƒhƒLƒ…ƒƒ“ƒgƒfƒBƒŒƒNƒgƒŠ’†‚ÌŠY“–HTMLƒtƒ@ƒCƒ‹‚ðC³‚·‚éB‚±‚ê‚ç‚̃tƒ@ƒCƒ‹‚ÍCGI‚ðŒo—R‚µ‚ăuƒ‰ƒEƒU‚É‘—‚ç‚ê‚éB‚È‚¨Ahttpkeep.html“à‚ÌURL‚É‚Í‘Š‘΃pƒX‚ÍŽg‚¦‚È‚¢Bƒtƒ‹ƒpƒX‚ÅŽw’è‚·‚邱‚Æ‚ª•K—v‚Å‚ ‚éB%%XXX%%‚̂悤‚È‹Lq‚͕ϐ”‚Å‚ ‚èACGI‚É‚¨‚¢‚Ä“KØ‚È’l‚É’u‚«Š·‚¦‚ç‚ê‚éB</p>
 
 <div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
 
+<!-- ************ 8 ************** -->
+<h4>G.8&nbsp;SQLite3‚̐ݒè<A class=anchor href="#opengate8" name=opengate8>õ</A></h4>
 
+<p>
+  Opengate‚̓ZƒbƒVƒ‡ƒ“î•ñ‚ð•ÛŽ‚·‚邽‚ß‚ÉSQLite3ƒf[ƒ^ƒx[ƒX‚ð—˜—p‚·‚éB
+ƒf[ƒ^ƒx[ƒXƒtƒ@ƒCƒ‹‚̈ʒu‚́Aopengatesrv.conf’†‚́A&lt;SqliteDb&gt;‚ÅŽw’è‚·‚éB
+default’l‚©‚çA‚æ‚è“KØ‚ȃfƒBƒŒƒNƒgƒŠ“à‚É•Ï‚¦‚邱‚Æ‚ª–]‚Ü‚µ‚¢B
+‚È‚¨A‚»‚̃fƒBƒŒƒNƒgƒŠ‚ɂ́A‰º‹L‚Ì—á‚̂悤‚ÉWWW‚©‚ç‚̏‘‚«ž‚Ý‹–‰Â‚ð—^‚¦‚é•K—v‚ª‚ ‚éB
+</p>
+<table><tr><td><pre>
+Example:
+-- opengatesrv.conf --
+&lt;SqliteDb&gt;/home/sqlitedb/opengate.db&lt;/SqliteDb&gt;
+-- shell commands --
+# mkdir /home/sqlitedb
+# chown www /home/sqlitedb
+</pre></td></tr></table>
+<p>
+ƒf[ƒ^ƒx[ƒXƒtƒ@ƒCƒ‹‚¨‚æ‚уe[ƒuƒ‹‚̍쐬‚ÍŽ©“®“I‚ɍs‚í‚ê‚éB
+</p>
+
+<p>
+Ú‘±‚Ì‚½‚тɃtƒ@ƒCƒ‹—e—Ê‚ª™X‚É‘‰Á‚·‚邽‚߁Acroni‚à‚µ‚­‚ÍŽèì‹Æj‚Ńtƒ@ƒCƒ‹ˆ³ki‚à‚µ‚­‚͍폜j‚ð’èŠú“I‚ɍs‚¤•K—v‚ª‚ ‚éBˆÈ‰º‚͕½‚©‚ç‚R“úˆÈãŒo‰ß‚µ‚½ƒŒƒR[ƒh‚ðíœ‚·‚éƒXƒNƒŠƒvƒg‚Ì—á‚Å‚ ‚éB
+</p>
+
+<table>
+<tr><td><pre>
+#!/bin/sh
+echo "delete from session where closeTime &lt; datetime('now','localtime','-3days');" | sqlite3 /tmp/opengate.db
+exit 0
+</pre></td></tr>
+</table>
+
+
+<div align="right"><A href="#opengate0">back</A>&nbsp;<A href="#top">top</A></div>
+
+<hr>
 
 <!-- Start:MRTG‚̃Cƒ“ƒXƒg[ƒ‹ -->
-<h3>G&nbsp;MRTG‚̃Cƒ“ƒXƒg[ƒ‹(Optional)<A class=anchor href="#mrtg0" name=mrtg0>õ</A></h3>
+<h3>H&nbsp;MRTG‚̃Cƒ“ƒXƒg[ƒ‹(Optional)<A class=anchor href="#mrtg0" name=mrtg0>õ</A></h3>
 
 <ul>
 	<li class="list_num"><A href="#mrtg1">ƒCƒ“ƒXƒg[ƒ‹iportsj</A></li>
@@ -945,7 +978,7 @@ local1.*  /var/log/opengate.log
 
 <!-- ************ 1 ************** -->
 
-<h4>G.1&nbsp;MRTG‚̃Cƒ“ƒXƒg[ƒ‹<A class=anchor href="#mrtg1" name=mrtg1>õ</A></h4>
+<h4>H.1&nbsp;MRTG‚̃Cƒ“ƒXƒg[ƒ‹<A class=anchor href="#mrtg1" name=mrtg1>õ</A></h4>
 
 <p>‚±‚̃Cƒ“ƒXƒg[ƒ‹‚Í”CˆÓ‚Å‚ ‚éBOpengate ‚Ì—˜—pó‹µ‚ðŠÄŽ‹‚·‚邽‚߂ɁAMRTG‚ð—p‚¢‚邱‚Æ‚ª‰Â”\‚Å‚ ‚éB•K—v‚É‚È‚Á‚Ä‚©‚çƒCƒ“ƒXƒg[ƒ‹‚·‚邱‚ƁB—˜—pó‹µ‚ÌŠÄŽ‹‚ðs‚È‚í‚È‚¢ê‡‚́AMRTG‚̃Cƒ“ƒXƒg[ƒ‹‚Í•s—v‚Å‚ ‚éB</p>
 
@@ -967,7 +1000,7 @@ Opengate
 <div align="right"><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></div>
 
 <!-- ************ 2 ************** -->
-<h4>G.2&nbsp;MRTG‚̐ݒè<A class=anchor href="#mrtg2" name=mrtg2>õ</A></h4>
+<h4>H.2&nbsp;MRTG‚̐ݒè<A class=anchor href="#mrtg2" name=mrtg2>õ</A></h4>
 
 <p>
 MRTG‚̃Cƒ“ƒXƒg[ƒ‹‚ªŠ®—¹‚·‚é‚ƁA/usr/local/etc/mrtg/ˆÈ‰º‚ɐݒèƒtƒ@ƒCƒ‹‚ª—pˆÓ‚³‚ê‚Ä‚¢‚éB“¯ƒfƒBƒŒƒNƒgƒŠ‚ɁAopengate.cfg‚Æ‚µ‚ĐV‚½‚ɐݒèƒtƒ@ƒCƒ‹‚ð—pˆÓ‚·‚éB</p>
@@ -1011,7 +1044,7 @@ LegendO[opengate]: Total Users
 <div align="right"><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></div>
 
 
-<h5>F.2.1&nbsp;OpengateƒT[ƒo‚ÅŠÄŽ‹‚·‚éê‡<A class=anchor href="#mrtg21" name=mrtg21>õ</A></h5>
+<h5>H.2.1&nbsp;OpengateƒT[ƒo‚ÅŠÄŽ‹‚·‚éê‡<A class=anchor href="#mrtg21" name=mrtg21>õ</A></h5>
 
 <p>ˆÈ‰º‚ÉOpengate‚𓱓ü‚µ‚½ƒQ[ƒgƒEƒFƒC‚É‚¨‚¢‚Ä—˜—pó‹µ‚ðŠÄŽ‹‚·‚éê‡‚̃VƒFƒ‹ƒXƒNƒŠƒvƒg‚ð‹L‚·B</p>
 
@@ -1072,7 +1105,7 @@ Opengate User Counter
 
 <div align="right"><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></div>
 
-<h5>F.2.2&nbsp;ŠO•”ƒT[ƒo‚ÅŠÄŽ‹‚·‚éê‡<A class=anchor href="#mrtg22" name=mrtg22>õ</A></h5>
+<h5>H.2.2&nbsp;ŠO•”ƒT[ƒo‚ÅŠÄŽ‹‚·‚éê‡<A class=anchor href="#mrtg22" name=mrtg22>õ</A></h5>
 
 <p>ˆÈ‰º‚ÉŠO•”ƒT[ƒo‚É‚¨‚¢‚Ä—˜—pó‹µ‚ðŠÄŽ‹‚·‚éê‡‚̃VƒFƒ‹ƒXƒNƒŠƒvƒg‚ðŽ¦‚·B</p>
 
@@ -1165,7 +1198,7 @@ Opengate User Counter
 <div align="right"><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></div>
 
 <!-- ************ 3 ************** -->
-<h4>F.3&nbsp;MRTG‚Ì‹N“®Šm”F<A class=anchor href="#mrtg3" name=mrtg3>õ</A></h4>
+<h4>H.3&nbsp;MRTG‚Ì‹N“®Šm”F<A class=anchor href="#mrtg3" name=mrtg3>õ</A></h4>
 
 <p>ˆÈã‚̐ݒ肪Š®—¹‚µ‚½Œã‚ɁAmrtg‚ðŽÀs‚·‚邱‚Æ‚ª‰Â”\‚©Šm”F‚·‚éB</p>
 
@@ -1194,7 +1227,7 @@ Opengate User Counter
 <div align="right"><A href="#mrtg0">back</A>&nbsp;<A href="#top">top</A></div>
 
 <!-- ************ 4 ************** -->
-<h4>F.4&nbsp;crontab‚Ö‚Ì“o˜^<A class=anchor href="#mrtg4" name=mrtg4>õ</A></h4>
+<h4>H.4&nbsp;crontab‚Ö‚Ì“o˜^<A class=anchor href="#mrtg4" name=mrtg4>õ</A></h4>
 
 <p>ˆÈã‚̐ݒ肪Š®—¹‚µ‚½‚Ì‚¿‚ɁAmrtg‚ðcrontab‚É‚æ‚Á‚Ä’èŠú“I‚ÉŽÀs‚·‚éB</p>
 
@@ -1211,7 +1244,7 @@ Opengate User Counter
 <hr>
 
 <!-- Start:rulechk‚̃Cƒ“ƒXƒg[ƒ‹ -->
-<h3>H.&nbsp;rulechk‚̃Cƒ“ƒXƒg[ƒ‹(Optional)<A class=anchor href="#rulechk" name=rulechk>õ</A></h3>
+<h3>I.&nbsp;rulechk‚̃Cƒ“ƒXƒg[ƒ‹(Optional)<A class=anchor href="#rulechk" name=rulechk>õ</A></h3>
 
 <p>‚±‚̃Cƒ“ƒXƒg[ƒ‹‚Í”CˆÓ‚Å‚ ‚éBOpengate‚̃vƒƒZƒX‚ªˆÙíI—¹‚µ‚½‚Æ‚«A‹É‚ß‚Ä‹H‚É‚Å‚Í‚ ‚邪Aƒtƒ@ƒCƒAƒEƒH[ƒ‹ƒ‹[ƒ‹‚ªÁ‚³‚ꂸ‚ÉŽc‚邱‚Æ‚ª‚ ‚éB
 ‚»‚̂悤‚ȏ󋵂ɑΉž‚·‚éƒXƒNƒŠƒvƒg‚ðAtools/rulechk‚É—pˆÓ‚µ‚½BOpengateVer.1.3.1ˆÈ~‚̃tƒH[ƒ}ƒbƒg‚ɂ̂ݑΉž‚·‚éB
diff --git a/opengate/doc/ja/qa.html b/opengate/doc/ja/qa.html
index 52ad227..bea659a 100644
--- a/opengate/doc/ja/qa.html
+++ b/opengate/doc/ja/qa.html
@@ -69,7 +69,7 @@ Opengate
 <LI>
 Java‚ª“®‚©‚È‚¢’[––‚à‚ ‚è‚Ü‚·‚ªB
 <BLOCKQUOTE>
-Java‚ª“®‚©‚È‚¢‚à‚µ‚­‚̓Cƒ“ƒXƒg[ƒ‹‚³‚ê‚Ä‚¢‚È‚¢’[––‚Å‚àA—˜—pŽÒ‚ª”FØƒy[ƒW‚É‚¨‚¢‚Ä—v‹‚µ‚½Ú‘±Œp‘±ŽžŠÔ‚¾‚¯ƒlƒbƒgƒ[ƒN‚ðŠJ•ú‚µ‚Ü‚·B‚½‚¾‚µAæ‚ÁŽæ‚è‚â•ú’u‚ɑΉž‚·‚邽‚߁Aˆê’莞ŠÔŠÔŠu‚ŁAARPƒRƒ}ƒ“ƒh‚ƃtƒ@ƒCƒAƒEƒH[ƒ‹’ʉ߃pƒPƒbƒg”‚Ń`ƒFƒbƒN‚µ‚Ü‚·B‚Ü‚½A‹–‰Âƒy[ƒW‚Ì—˜—p’†’f‚̃Šƒ“ƒN‚ðƒNƒŠƒbƒN‚·‚邱‚ƂŃlƒbƒgƒ[ƒN‚ð•Â½‚Å‚«‚Ü‚·B
+Java‚ª“®‚©‚È‚¢‚à‚µ‚­‚̓Cƒ“ƒXƒg[ƒ‹‚³‚ê‚Ä‚¢‚È‚¢’[––‚Å‚àA—˜—pŽÒ‚ª”FØƒy[ƒW‚É‚¨‚¢‚Ä—v‹‚µ‚½Ú‘±Œp‘±ŽžŠÔ‚¾‚¯ƒlƒbƒgƒ[ƒN‚ðŠJ•ú‚µ‚Ü‚·B‚½‚¾‚µAæ‚ÁŽæ‚è‚â•ú’u‚ɑΉž‚·‚邽‚߁Aˆê’莞ŠÔŠÔŠu‚ŁAARPƒRƒ}ƒ“ƒh‚ƃtƒ@ƒCƒAƒEƒH[ƒ‹’ʉ߃pƒPƒbƒg”‚Ń`ƒFƒbƒN‚µ‚Ü‚·B‚Ü‚½A‹–‰Âƒy[ƒW‚Ì—˜—p’†’f‚̃Šƒ“ƒN‚ðƒNƒŠƒbƒN‚·‚邱‚ƂŃlƒbƒgƒ[ƒN‚ð•Â½‚Å‚«‚Ü‚·B1.4”Å‚©‚çJava‚ð—p‚¢‚¸JavaScript‚ð—p‚¢‚é‚悤‚É‚µ‚Ü‚µ‚½B
 </BLOCKQUOTE></LI>
 
 
@@ -176,7 +176,7 @@ GPL
 ‰pŒêA“ú–{ŒêˆÈŠO‚Ì•\Ž¦‚É‚µ‚½‚¢‚Ì‚Å‚·‚ªB
 
 <BLOCKQUOTE>
-en,ja‚̃fƒBƒŒƒNƒgƒŠ‚ªA‰pŒê‚Æ“ú–{Œê‚Ì‹Lq‚Å‚·B‚±‚ê‚ðŽQl‚É‚µ‚Ä“¯‚¶ƒfƒBƒŒƒNƒgƒŠ\¬‚ÅHTMLƒtƒ@ƒCƒ‹‚ðì¬‚µ‚Ä‚­‚¾‚³‚¢B‚³‚ç‚ɁAÝ’èƒtƒ@ƒCƒ‹’†‚ÌŒ¾ŒêÝ’è‚Æindex.html.var‚ð’ljÁ•ÏX‚µ‚Ä‚­‚¾‚³‚¢B‚Ü‚½AJavaApplet‚Ì•\Ž¦‚ð•Ï‚¦‚邽‚߂Ƀ\[ƒX’†‚̃ƒbƒZ[ƒW‚ð’ljÁ•ÏX‚­‚¾‚³‚¢B
+en,ja‚̃fƒBƒŒƒNƒgƒŠ‚ªA‰pŒê‚Æ“ú–{Œê‚Ì‹Lq‚Å‚·B‚±‚ê‚ðŽQl‚É‚µ‚Ä“¯‚¶ƒfƒBƒŒƒNƒgƒŠ\¬‚ÅHTMLƒtƒ@ƒCƒ‹‚ðì¬‚µ‚Ä‚­‚¾‚³‚¢B‚³‚ç‚ɁAÝ’èƒtƒ@ƒCƒ‹’†‚ÌŒ¾ŒêÝ’è‚Æindex.html.var‚ð’ljÁ•ÏX‚µ‚Ä‚­‚¾‚³‚¢B
 </BLOCKQUOTE>
 
 <LI>
diff --git a/opengate/doc/ja/spec.html b/opengate/doc/ja/spec.html
index 77390a7..499a9b3 100644
--- a/opengate/doc/ja/spec.html
+++ b/opengate/doc/ja/spec.html
@@ -20,11 +20,11 @@ Opengate
 <P>
 
 <table border=1>
-<tr><td>•K—vðŒ</td><td>Webƒuƒ‰ƒEƒU‚ª‰Ò“®‚·‚邱‚ƁBAjax‚Ü‚½‚ÍJavaVM‚̉ғ®‚ª–]‚Ü‚µ‚¢B</td></tr>
+<tr><td>•K—vðŒ</td><td>Webƒuƒ‰ƒEƒU‚ª‰Ò“®‚·‚邱‚ƁBAjax‚̉ғ®‚ª–]‚Ü‚µ‚¢B</td></tr>
 <tr><td>ƒlƒbƒgƒ[ƒNŠJ•úðŒ</td><td>”CˆÓ‚ÌURL‚ÖƒAƒNƒZƒX‚·‚é‚Æ•Ô‚³‚ê‚é”FØƒy[ƒW‚Ì—˜—pŽÒID‚ƃpƒXƒ[ƒh‚ª”FØ‚ð’ʉß</td></tr>
 <tr>
 <td>ƒlƒbƒgƒ[ƒN•Â½ðŒ</td>
-<td>Ajax‚Ü‚½‚ÍJavaVM‚ª‰Ò“®‚µ‚Ä‚¨‚èA—˜—pŽÒ‚É‚æ‚é—˜—pŽžŠÔŽw’肪‚È‚¢ê‡<BR>
+<td>Ajax‚ª‰Ò“®‚µ‚Ä‚¨‚èA—˜—pŽÒ‚É‚æ‚é—˜—pŽžŠÔŽw’肪‚È‚¢ê‡<BR>
 @EWebƒuƒ‰ƒEƒU‚ðI—¹‚µ‚½<BR>
 @E’èŠú¶‘¶ƒ`ƒFƒbƒN‚ªŽ¸”s‚µ‚½<BR>
 ã‹LˆÈŠO‚̏ꍇ<BR>
diff --git a/opengate/doc/progflow.html b/opengate/doc/progflow.html
index 44a895a..b72faa4 100644
--- a/opengate/doc/progflow.html
+++ b/opengate/doc/progflow.html
@@ -105,9 +105,8 @@
 	</P>
 	<LI><P STYLE="MARGIN-BOTTOM: 0in">Depending on the watchmode, CGI
 	reads one of the accept reply pages
-	[accept-http.html/accept-java.html/accept-time.html], replaces
-	keywords, and sends it to the client. ([<A HREF="http://www.cc.saga-u.ac.jp/opengate/pict/accept-java.jpg">accept-java.html</A>]
-	or [<A HREF="http://www.cc.saga-u.ac.jp/opengate/pict/accept-http.jpg">accept-http.html</A>].)
+	[accept-http.html/accept-time.html], replaces
+	keywords, and sends it to the client. ([<A HREF="http://www.cc.saga-u.ac.jp/opengate/pict/accept-http.jpg">accept-http.html</A>].)
 		</P>
 	<UL>
 		<LI><P STYLE="MARGIN-BOTTOM: 0in">In case of accept-http: the
@@ -116,11 +115,6 @@
 		XMLHttpRequests to the opengate port. The periodic request keeps
 		alive a TCP connection with a watch process. 
 		</P>
-		<LI><P STYLE="MARGIN-BOTTOM: 0in">In case of accept-java: the
-		description to download the java applet
-		[appletcode='Opengate.class'...] is executed. The java applet keeps
-		alive a connection with a watch process. 
-		</P>
 		<LI><P STYLE="MARGIN-BOTTOM: 0in">In case of accept-time: the
 		link to terminate network access is displayed. 
 		</P></LI>
@@ -129,7 +123,7 @@
 	exits. 
 	</P>
 	<LI><P STYLE="MARGIN-BOTTOM: 0in">The watch process waits for the
-	java applet or http-keep script to connect. 
+ http-keep script to connect. 
 	</P>
 	<LI><P STYLE="MARGIN-BOTTOM: 0in">If a connection cannot be
 	established during a specific time period (duration: seconds), CGI
@@ -145,15 +139,13 @@
 	also gets the list of MAC and IP addresses from the ARP command
 	every “ActiveCheckInterval” seconds. If the correlation has
 	changed, the watch process removes the firewall rule and terminates.</P>
-	<LI><P STYLE="MARGIN-BOTTOM: 0in">If the java applet or http-keep
+	<LI><P STYLE="MARGIN-BOTTOM: 0in">If the http-keep
 	script is connected, the watch process watches the TCP connection
 	linked to the client. When the TCP connection is closed, the watch
 	process removes the firewall rule and terminates. Thus disabling
 	network access in “real time”.</P>
 	<LI><P STYLE="MARGIN-BOTTOM: 0in">To check for cable disconnects,
-	the watch process ? using the java applet connection - sends a
-	'hello' to the client every “ActiveCheck/Interval” seconds.
-	Using the http-keep script connection, the watch process reads 'GET
+	using the http-keep script connection, the watch process reads 'GET
 	/hello' and sends 'hello' after “ActiveCheck/Interval” seconds. 
 	</P>
 	<LI><P>When disconnecting from the network, the watch process
diff --git a/opengate/doc/protocol.txt b/opengate/doc/protocol.txt
index 5dc4afe..abcc719 100644
--- a/opengate/doc/protocol.txt
+++ b/opengate/doc/protocol.txt
@@ -49,7 +49,7 @@ SendBtn  |---------------------->|
          |<----------------------|<-------------| |            |        |
          | WebPage(content depends on watchmode)# |            |        |
          |                                        |            |        |
-       [watchmode=Time or before connecting Java/Http]
+       [watchmode=Time or before connecting Http]
          |                                        |            |        |
          |                                        |----------->|        |  ^
          |                                        |<-----------|        |  |
@@ -74,31 +74,6 @@ SendBtn  |---------------------->|
          |                                        | del rule   |        |
          |                                        #            :        :
          |                                                               
-       [watchmode=Java]                          
-         | (Applet)                               |            |        |
-         |--->|        <userID>                   |            |        |
-         :    |---------------------------------->|            |        |
-              |<----------------------------------|            |        |
-              |     "accept"                      |            |        |
-              |                                   |            |        |
-              |              "hello"              |            |        |  ^
-              |<--------------------------------- |            |        |  |
-              |---------------------------------->|            |        |  |
-              |    "hello"                        |            |        |  |
-              |                                   |   (ndp)    |        |  | (Check Loop
-              |                IPv6 address check |---->|      |        |  |  in java mode)   
-              |                                   |<----|      |        |  |
-              |               Add new IPv6 address|-------------------->|  |
-              |                                   | add rule   |        |  |
-              |           Del expired IPv6 address|-------------------->|  |
-              |                                   | del rule   |        |  v
-              |      (If no reply, close firewall)|            |        |
-              |     (If close TCP, close firewall)|            |        |
-   ---------->|---------------------------------->|----------->|        |
-   Kill Web   |  close                            | del rule   |        |
-              |                                   |-------------------->|
-              |                                   | del rule   |        |
-              #                                   #            :        :
 
        [watchmode=Http]                          
          |     "GET /httpkeep-<userid>"           |            |        |
diff --git a/opengate/ezxml/changelog.txt b/opengate/ezxml/changelog.txt
index 83690ed..f05f918 100644
--- a/opengate/ezxml/changelog.txt
+++ b/opengate/ezxml/changelog.txt
@@ -1,3 +1,9 @@
+ezXML 0.8.6
+- fixed a bug in ezxml_add_child() that can occur when adding tags out of order
+- for consistency, ezxml_set_attr() now returns the tag given
+- added ezxml_move() and supporting functions ezxml_cut() and ezxml_insert()
+- fixed a bug where parsing an empty file could cause a segfault
+
 ezXML 0.8.5
 - fixed ezxml_toxml() to not output siblings of tag being converted
 - fixed a segfault when ezxml_set_attr() was used on a new root tag
diff --git a/opengate/ezxml/ezxml.c b/opengate/ezxml/ezxml.c
index 25e1733..82b11fb 100644
--- a/opengate/ezxml/ezxml.c
+++ b/opengate/ezxml/ezxml.c
@@ -1,6 +1,6 @@
 /* ezxml.c
  *
- * Copyright 2004, 2005 Aaron Voisine <aaron@voisine.org>
+ * Copyright 2004-2006 Aaron Voisine <aaron@voisine.org>
  *
  * Permission is hereby granted, free of charge, to any person obtaining
  * a copy of this software and associated documentation files (the
@@ -474,7 +474,7 @@ ezxml_t ezxml_parse_str(char *s, size_t len)
     int l, i, j;
 
     root->m = s;
-    if (! len) return ezxml_err(root, s, "root tag missing");
+    if (! len) return ezxml_err(root, NULL, "root tag missing");
     root->u = ezxml_str2utf8(&s, &len); // convert utf-16 to utf-8
     root->e = (root->s = s) + len; // record start and end of work area
     
@@ -557,7 +557,7 @@ ezxml_t ezxml_parse_str(char *s, size_t len)
             if (ezxml_close_tag(root, d, s)) return &root->xml;
             if (isspace(*s = q)) s += strspn(s, EZXML_WS);
         }
-        else if (! strncmp(s, "!--", 3)) { // comment
+        else if (! strncmp(s, "!--", 3)) { // xml comment
             if (! (s = strstr(s + 3, "--")) || (*(s += 2) != '>' && *s) ||
                 (! *s && e != '>')) return ezxml_err(root, d, "unclosed <!--");
         }
@@ -740,8 +740,8 @@ char *ezxml_toxml_r(ezxml_t xml, char **s, size_t *len, size_t *max,
                           : ezxml_ampencode(txt + off, -1, s, len, max, 0);
 }
 
-// converts an ezxml structure back to xml, returning it as a string that must
-// be freed
+// Converts an ezxml structure back to xml. Returns a string of xml data that
+// must be freed.
 char *ezxml_toxml(ezxml_t xml)
 {
     ezxml_t p = (xml) ? xml->parent : NULL, o = (xml) ? xml->ordered : NULL;
@@ -845,51 +845,62 @@ ezxml_t ezxml_new(const char *name)
     return &root->xml;
 }
 
-// Adds a child tag. off is the offset of the child tag relative to the start
-// of the parent tag's character content. returns the child tag
-ezxml_t ezxml_add_child(ezxml_t xml, const char *name, size_t off)
+// inserts an existing tag into an ezxml structure
+ezxml_t ezxml_insert(ezxml_t xml, ezxml_t dest, size_t off)
 {
-    ezxml_t cur, head, child;
+    ezxml_t cur, prev, head;
 
-    if (! xml) return NULL;
-    child = (ezxml_t)memset(malloc(sizeof(struct ezxml)), '\0',
-                            sizeof(struct ezxml));
-    child->name = (char *)name;
-    child->attr = EZXML_NIL;
-    child->off = off;
-    child->parent = xml;
-    child->txt = "";
+    xml->next = xml->sibling = xml->ordered = NULL;
+    xml->off = off;
+    xml->parent = dest;
 
-    if ((head = xml->child)) { // already have sub tags
+    if ((head = dest->child)) { // already have sub tags
         if (head->off <= off) { // not first subtag
             for (cur = head; cur->ordered && cur->ordered->off <= off;
                  cur = cur->ordered);
-            child->ordered = cur->ordered;
-            cur->ordered = child;
+            xml->ordered = cur->ordered;
+            cur->ordered = xml;
         }
         else { // first subtag
-            child->ordered = head;
-            xml->child = child;
+            xml->ordered = head;
+            dest->child = xml;
         }
 
-        for (cur = head; cur->sibling && strcmp(cur->name, name);
-             cur = cur->sibling); // find tag type
-        if (! strcmp(cur->name, name) && cur->off <= off) { //not first of type
+        for (cur = head, prev = NULL; cur && strcmp(cur->name, xml->name);
+             prev = cur, cur = cur->sibling); // find tag type
+        if (cur && cur->off <= off) { // not first of type
             while (cur->next && cur->next->off <= off) cur = cur->next;
-            child->next = cur->next;
-            cur->next = child;
+            xml->next = cur->next;
+            cur->next = xml;
         }
         else { // first tag of this type
-            if (cur->off > off) child->next = cur; // not only tag of this type
-            for (cur = head; cur->sibling && cur->sibling->off <= off;
-                 cur = cur->sibling);
-            child->sibling = cur->sibling;
-            cur->sibling = child;
+            if (prev && cur) prev->sibling = cur->sibling; // remove old first
+            xml->next = cur; // old first tag is now next
+            for (cur = head, prev = NULL; cur && cur->off <= off;
+                 prev = cur, cur = cur->sibling); // new sibling insert point
+            xml->sibling = cur;
+            if (prev) prev->sibling = xml;
         }
     }
-    else xml->child = child; // only sub tag
-    
-    return child;
+    else dest->child = xml; // only sub tag
+
+    return xml;
+}
+
+// Adds a child tag. off is the offset of the child tag relative to the start
+// of the parent tag's character content. Returns the child tag.
+ezxml_t ezxml_add_child(ezxml_t xml, const char *name, size_t off)
+{
+    ezxml_t child;
+
+    if (! xml) return NULL;
+    child = (ezxml_t)memset(malloc(sizeof(struct ezxml)), '\0',
+                            sizeof(struct ezxml));
+    child->name = (char *)name;
+    child->attr = EZXML_NIL;
+    child->txt = "";
+
+    return ezxml_insert(child, xml, off);
 }
 
 // sets the character content for the given tag and returns the tag
@@ -903,15 +914,15 @@ ezxml_t ezxml_set_txt(ezxml_t xml, const char *txt)
 }
 
 // Sets the given tag attribute or adds a new attribute if not found. A value
-// of NULL will remove the specified attribute.
-void ezxml_set_attr(ezxml_t xml, const char *name, const char *value)
+// of NULL will remove the specified attribute. Returns the tag given.
+ezxml_t ezxml_set_attr(ezxml_t xml, const char *name, const char *value)
 {
     int l = 0, c;
 
-    if (! xml) return;
+    if (! xml) return NULL;
     while (xml->attr[l] && strcmp(xml->attr[l], name)) l += 2;
     if (! xml->attr[l]) { // not found, add as new attribute
-        if (! value) return; // nothing to do
+        if (! value) return xml; // nothing to do
         if (xml->attr == EZXML_NIL) { // first attribute
             xml->attr = malloc(4 * sizeof(char *));
             xml->attr[1] = strdup(""); // empty list of malloced names/vals
@@ -941,6 +952,7 @@ void ezxml_set_attr(ezxml_t xml, const char *name, const char *value)
                 (c / 2) - (l / 2)); // fix list of which name/vals are malloced
     }
     xml->flags &= ~EZXML_DUP; // clear strdup() flag
+    return xml;
 }
 
 // sets a flag for the given tag and returns the tag
@@ -950,12 +962,12 @@ ezxml_t ezxml_set_flag(ezxml_t xml, short flag)
     return xml;
 }
 
-// removes a tag along with all its subtags
-void ezxml_remove(ezxml_t xml)
+// removes a tag along with its subtags without freeing its memory
+ezxml_t ezxml_cut(ezxml_t xml)
 {
     ezxml_t cur;
 
-    if (! xml) return; // nothing to do
+    if (! xml) return NULL; // nothing to do
     if (xml->next) xml->next->sibling = xml->sibling; // patch sibling list
 
     if (xml->parent) { // not root tag
@@ -980,8 +992,8 @@ void ezxml_remove(ezxml_t xml)
             if (cur->next) cur->next = cur->next->next; // patch next list
         }        
     }
-    xml->ordered = NULL; // prevent ezxml_free() from clobbering ordered list
-    ezxml_free(xml);
+    xml->ordered = xml->sibling = xml->next = NULL;
+    return xml;
 }
 
 #ifdef EZXML_TEST // test harness
diff --git a/opengate/ezxml/ezxml.h b/opengate/ezxml/ezxml.h
index 2209687..3e02078 100644
--- a/opengate/ezxml/ezxml.h
+++ b/opengate/ezxml/ezxml.h
@@ -1,6 +1,6 @@
 /* ezxml.h
  *
- * Copyright 2004, 2005 Aaron Voisine <aaron@voisine.org>
+ * Copyright 2004-2006 Aaron Voisine <aaron@voisine.org>
  *
  * Permission is hereby granted, free of charge, to any person obtaining
  * a copy of this software and associated documentation files (the
@@ -137,8 +137,8 @@ ezxml_t ezxml_set_txt(ezxml_t xml, const char *txt);
     ezxml_set_flag(ezxml_set_txt(xml, strdup(txt)), EZXML_TXTM)
 
 // Sets the given tag attribute or adds a new attribute if not found. A value
-// of NULL will remove the specified attribute.
-void ezxml_set_attr(ezxml_t xml, const char *name, const char *value);
+// of NULL will remove the specified attribute. Returns the tag given.
+ezxml_t ezxml_set_attr(ezxml_t xml, const char *name, const char *value);
 
 // Wrapper for ezxml_set_attr() that strdup()s name/value. Value cannot be NULL
 #define ezxml_set_attr_d(xml, name, value) \
@@ -147,8 +147,18 @@ void ezxml_set_attr(ezxml_t xml, const char *name, const char *value);
 // sets a flag for the given tag and returns the tag
 ezxml_t ezxml_set_flag(ezxml_t xml, short flag);
 
+// removes a tag along with its subtags without freeing its memory
+ezxml_t ezxml_cut(ezxml_t xml);
+
+// inserts an existing tag into an ezxml structure
+ezxml_t ezxml_insert(ezxml_t xml, ezxml_t dest, size_t off);
+
+// Moves an existing tag to become a subtag of dest at the given offset from
+// the start of dest's character content. Returns the moved tag.
+#define ezxml_move(xml, dest, off) ezxml_insert(ezxml_cut(xml), dest, off)
+
 // removes a tag along with all its subtags
-void ezxml_remove(ezxml_t xml);
+#define ezxml_remove(xml) ezxml_free(ezxml_cut(xml))
 
 #ifdef __cplusplus
 }
diff --git a/opengate/ezxml/ezxml.html b/opengate/ezxml/ezxml.html
index c2e4855..6c17852 100644
--- a/opengate/ezxml/ezxml.html
+++ b/opengate/ezxml/ezxml.html
@@ -4,7 +4,7 @@
   <head><title>ezXML</title></head>
   <body>
     <h1>ezXML - XML Parsing C Library</h1>
-    <h3>version 0.8.5</h3>
+    <h3>version 0.8.6</h3>
     <p>
       ezXML is a C library for parsing XML documents inspired by
       <a href="http://www.php.net/SimpleXML">simpleXML</a> for
@@ -12,8 +12,8 @@
       configuration files or REST web service responses. It's also fast and
       lightweight (less than 20k compiled). The latest version is available
       here:
-      <a href="http://prdownloads.sf.net/ezxml/ezxml-0.8.5.tar.gz?download"
-	 >ezxml-0.8.5.tar.gz</a>
+      <a href="http://prdownloads.sf.net/ezxml/ezxml-0.8.6.tar.gz?download"
+	 >ezxml-0.8.6.tar.gz</a>
     </p>
 
     <b>Example Usage</b>
@@ -27,12 +27,12 @@
       &nbsp;&nbsp;&nbsp;&nbsp;&lt;driver&gt;<br />
       &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;name&gt;Kimi
       Raikkonen&lt;/name&gt;<br />
-      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;points&gt;45&lt;/points&gt;<br />
+      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;points&gt;112&lt;/points&gt;<br />
       &nbsp;&nbsp;&nbsp;&nbsp;&lt;/driver&gt;<br />
       &nbsp;&nbsp;&nbsp;&nbsp;&lt;driver&gt;<br />
-      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;name&gt;David
-      Coultard&lt;/name&gt;<br />
-      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;points&gt;24&lt;/points&gt;<br />
+      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;name&gt;Juan Pablo
+      Montoya&lt;/name&gt;<br />
+      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;points&gt;60&lt;/points&gt;<br />
       &nbsp;&nbsp;&nbsp;&nbsp;&lt;/driver&gt;<br />
       &nbsp;&nbsp;&lt;/team&gt;<br />
       &lt;/formula1&gt;
diff --git a/opengate/ezxml/ezxml.txt b/opengate/ezxml/ezxml.txt
index 9071cee..1dcd5ad 100644
--- a/opengate/ezxml/ezxml.txt
+++ b/opengate/ezxml/ezxml.txt
@@ -5,7 +5,7 @@ ezXML is a C library for parsing XML documents inspired by simpleXML for PHP.
 As the name implies, it's easy to use. It's ideal for parsing XML configuration
 files or REST web service responses. It's also fast and lightweight (less than
 20k compiled). The latest verions is available here:
-http://prdownloads.sf.net/ezxml/ezxml-0.8.5.tar.gz?download
+http://prdownloads.sf.net/ezxml/ezxml-0.8.6.tar.gz?download
 
 Example Usage
 
@@ -16,11 +16,11 @@ Given the following example XML document:
   <team name="McLaren">
     <driver>
       <name>Kimi Raikkonen</name>
-      <points>45</points>
+      <points>112</points>
     </driver>
     <driver>
-      <name>David Coultard</name>
-      <points>24</points>
+      <name>Juan Pablo Montoya</name>
+      <points>60</points>
     </driver>
   </team>
 </formula1>
diff --git a/opengate/ezxml/license.txt b/opengate/ezxml/license.txt
index be9c48f..80e4e88 100644
--- a/opengate/ezxml/license.txt
+++ b/opengate/ezxml/license.txt
@@ -1,4 +1,4 @@
-Copyright 2004, 2005 Aaron Voisine <aaron@voisine.org>
+Copyright 2004-2006 Aaron Voisine <aaron@voisine.org>
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/opengate/javahtml/Opengate.class b/opengate/javahtml/Opengate.class
deleted file mode 100644
index 83df863..0000000
Binary files a/opengate/javahtml/Opengate.class and /dev/null differ
diff --git a/opengate/javahtml/Opengate.jar b/opengate/javahtml/Opengate.jar
deleted file mode 100644
index 64b7a6d..0000000
Binary files a/opengate/javahtml/Opengate.jar and /dev/null differ
diff --git a/opengate/javahtml/Opengate.java b/opengate/javahtml/Opengate.java
deleted file mode 100644
index 13154a2..0000000
--- a/opengate/javahtml/Opengate.java
+++ /dev/null
@@ -1,227 +0,0 @@
-/**************************************************/
-/* opengate client                                */
-/**************************************************
-opengate client
- java applet downloaded to client machine 
-
-Copyright (C) 1999-2002 Opengate Project Team
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-USA.
-
-Email: watanaby@is.saga-u.ac.jp
-
-Written by Yoshiaki WATANABE, Saga University
-Modified by Shin-ichi TADAKI, Saga University
-**************************************************/
-import java.awt.*;
-import java.applet.*;
-import java.net.*;
-import java.io.*;
- 
-/** Wrapper to make Applet **/
-public class Opengate extends Applet{
-
-  String hostname;
-  int port;
-  String userid;
-  String sessionId;
-  String language;
-  int intlang=0;/* if language is japanese, set 1*/
-  OpengateClient client;
-  Label headlabel;
-  Label userlabel;
-  Label msglabel;
-
-   /* Applet initialize */
-  public void init(){
-
-     /* Get Applet Parameters */
-    port=Integer.parseInt(getParameter("port"));
-    userid=getParameter("user");
-    sessionId=getParameter("sessionid");
-    hostname =getCodeBase().getHost();
-    language = getParameter("lang");
-    if(language.equals("ja")) intlang=1;
-    if(language.equals("en")) intlang=2;
-
-     /* Panel Layout */
-    setLayout(new FlowLayout(FlowLayout.CENTER));
-    setBackground(Color.yellow);
- 
-      /* Make Label */
-    if(intlang ==1){
-      add(headlabel=new Label("ƒlƒbƒgƒ[ƒN—˜—p‹–‰Â"));
-      add(userlabel=new Label("ƒ†[ƒU–¼="+userid));
-      add(msglabel=new Label("Java Applet‚ª‹N“®‚µ‚Ü‚µ‚½ @@@    @@@@@ "));
-    } else {
-      add(headlabel=new Label("Authenticated for network use"));
-      add(userlabel=new Label("User name="+userid));
-      add(msglabel=new Label("Java Applet is running                       "));
-    }
-
-     /* Connect to Server */
-    client=new OpengateClient(hostname, port, userid, sessionId, intlang, this);
-    client.start();
-  }
-  public void msgout(String msg){
-    /*    byte[] code = msg.getBytes("EUCJIS");
-    String msgj=new String(code,"EUCJIS");
-    */
-	/* padding space char to required length */
-	for(int i=msg.length();i<40;i++) msg+=" ";
-    msglabel.setText(msg);
-    repaint();
-  }
-  public void stop(){
-    try{
-      client.join();
-    }catch(InterruptedException e){
-      msgout("Error at Client Join            ");
-    }
-  }
-}
-
-/**  Class for Client to communicate with host **/
-class OpengateClient extends Thread{
-  int port;                  /* opengate port */
-  String hostname;           /* java download host name */
-  Socket socket;             /* Socket for server */
-  String userid;
-  String sessionId;
-  PrintStream outStream;     /* output stream to server */
-  BufferedReader inStream;   /* input stream from server */
-  String currentReply;       /* reserve last reply from server */
-  boolean onLine;            /* Client is connected to server or not */
-  Opengate main;             /* main class */
-  int intlang;
-
-  /* Instance Creater */
-  public OpengateClient(String hostname, int port, 
-			String userid, String sessionId, int intlang, Opengate main){
-    this.hostname=hostname;
-    this.port=port;
-    this.userid=userid;
-    this.sessionId=sessionId;
-    this.main=main;
-    this.intlang=intlang;
-    onLine=false;
-  }
-
-  /* connect to server */
-  boolean connect(){
-    try{
-      if(intlang==1){
-	main.msgout("ƒzƒXƒg"+hostname+":"+Integer.toString(port)+"‚ɐڑ±’†‚Å‚·");
-      } else {
-	main.msgout("Connecting to host "+hostname+":"+Integer.toString(port));
-      }
-      socket=new Socket(hostname, port);
-      outStream=new PrintStream(socket.getOutputStream());
-      inStream=new BufferedReader(
-                   new InputStreamReader(
-                       socket.getInputStream()));
-    }catch(UnknownHostException e){
-      if(intlang==1)
-	main.msgout("SocketConnect’†‚ÉUnknownHost—áŠO‚ª”­¶‚µ‚Ü‚µ‚½");
-      else 
-	main.msgout("UnknownHost exception in SocketConnect");
-      return false;
-    }catch(IOException e){
-      if(intlang==1)
-	main.msgout("SocketConnect’†‚ÉI/O—áŠO‚ª”­¶‚µ‚Ü‚µ‚½");
-      else
-	main.msgout("I/O exception in SocketConnect");
-      return false;
-    }
-    onLine=true;
-    return true;
-  }
-
-  /* disconnect from server */
-  void disconnect(){
-    if(onLine){
-      putLine("quit");
-    }
-    if(socket!=null){
-      try{
-        socket.close();
-      }catch(IOException e){
-	if(intlang==1)
-	  main.msgout("SocketClose’†‚ÉI/O—áŠO‚ª”­¶‚µ‚Ü‚µ‚½");
-	else
-	  main.msgout("I/O exception in SocketClose");
-      }
-    }
-  }
-
-  /* put out one line to server */
-  void putLine(String string){
-    outStream.print(string+"\r\n");
-  }
-
-  /* get one line from server */
-  String getLine(){
-    try{
-      currentReply=inStream.readLine();
-    }catch(IOException e){
-      if(intlang==1)
-	main.msgout("SocketRead’†‚ÉI/O—áŠO‚ª”­¶‚µ‚Ü‚µ‚½");
-      else
-	main.msgout("I/O exception in SocketRead");
-      return "";
-    }
-    return currentReply;
-  }
-
-  /* called back from client.start */
-  public void run(){
-    int count=0;
-    java.text.SimpleDateFormat formatter 
-              =new java.text.SimpleDateFormat("H:mm") ;
-    if(connect()==false){
-      disconnect();
-      return;
-    }
-    putLine(userid+"-"+sessionId);
-    if(getLine().indexOf("accept")==-1){
-      if(intlang==1)
-	main.msgout("ƒT[ƒo‚©‚çAccept‚ª‘—‚ç‚ê‚Ä—ˆ‚Ü‚¹‚ñ");
-      else 
-	main.msgout("Not receive Accept from the server");
-      disconnect();
-      return;
-    }
-    if(intlang==1)
-      main.msgout("³í‚ÉŠJŽn‚µ‚Ü‚µ‚½");
-    else
-      main.msgout("Start Normally");
-
-    while(getLine().indexOf("hello")!=-1){
-      putLine("hello");
-      if(intlang==1){
-	main.msgout("Ú‘±Šm”F="+formatter.format(new java.util.Date()));
-      } else {
-	main.msgout("Confirm connection="+formatter.format(new java.util.Date()));  
-      }
-    }
-    if(intlang==1)
-      main.msgout("ƒlƒbƒgƒ[ƒN‚͕½‚³‚ê‚Ü‚µ‚½");
-    else 
-      main.msgout("Connection closed");
-    return;
-  }                                          
-}
-
diff --git a/opengate/javahtml/OpengateClient.class b/opengate/javahtml/OpengateClient.class
deleted file mode 100644
index 0ab932d..0000000
Binary files a/opengate/javahtml/OpengateClient.class and /dev/null differ
diff --git a/opengate/javahtml/en/accept-http.html b/opengate/javahtml/en/accept-http.html
index 2a9dae2..8b3c63c 100644
--- a/opengate/javahtml/en/accept-http.html
+++ b/opengate/javahtml/en/accept-http.html
@@ -7,71 +7,53 @@
 </head>
 <body>
 
-<p>You can use the network. 
-
-<p>When you'd like finish using the network, close your WEB browser. You will
-be disconnected from the network automatically.</p>
+<p align=center>You can use the network. 
 
 <script language="JavaScript">
 <!--
 // usually the page is jumped to httpkeep.html
 location.replace(%%HTTPKEEPURL%%);
-
-// if not jumped, process following 
-if(!navigator.javaEnabled()){
-    document.write("<p><b>Java is disabled. Change it.</b></p>");
-}
 //-->
 </script>
 <noscript>
-<p><b>JavaScript is disabled. Change it.</b></p>
+<p align=center><b>JavaScript is disabled.</b>  
+Please enable Javascript and reload the browser.</p>
 </noscript>
 
+<p align=center>If you use the network without enabling JavaScript, 
+the network will be closed after <b>%%DURATION%% minutes</b>.</p>
 
 <p>
 <TABLE cellSpacing=0 cellPadding=10 
 align=center bgColor=lightyellow border=1>
 <TR><TD>
-<b>
-<P align=center>
-If you use this window for browsing or close this page, 
-the network is closed.<p>
-
-<P align=center>
-Click below button to create a new window for browsing.</p>
-
-<p align=center><a href="%%STARTURL%%" target=_blank>START BROWSING</a></p>
-
-<P align=center>
-Or, minimize this page and load other network programs.</p>
-</b>
+<p align=center><a href="%%STARTURL%%" target=_blank>
+<b>NEXT &gt;</b></a></p>
 </TD></TR>
 </TABLE>
-</p>
 
-<hr />
-<div align="center">
-   <applet code="Opengate.class" archive="Opengate.jar"
-    codebase="%%OPENGATEDIR%%" width="600" height="30" >
-    <param name=port value="%%OPENGATEPORT%%">
-    <param name=user value="%%USERID%%">
-    <param name=sessionid value="%%SESSIONID%%">
-    <param name=lang value="%%LANGUAGE%%">
-   </applet>
-</div>
+<p>
+<TABLE borderColor=red cellSpacing=0 cellPadding=10 
+align=center bgColor=lightyellow border=3>
+<TR><TD>
 
-<hr />
+<p align=center>
+<font color=red>WARNING</font>
+</p>
 
-<p>If yellow bar is not displayed between above two lines, 
-please click <a href="%%TERMINATEURL%%"><b>TERMINATE</b></a> 
-and close your browser. If authentication page is not displayed, 
-access to other web page.</p>
+<p align=center>
+The network is kept open for %%DURATION%% minutes. </p>
+<p align=center>
+This will keep your session open for the indicated time period. 
+If you leave without closing your session, others could use it illegally!  
+To avoid trouble with hijacking, click the TERMINATE link on the accept page 
+when you want to stop using the network. 
+</p>
 
-<SCRIPT LANGUAGE="JavaScript">
-<!--
-  window.open("%%STARTURL%%","window1");
-//-->
-</SCRIPT>
+<p align=center><a href="%%TERMINATEURL%%">TERMINATE</a></p>
+</TD></TR>
+</TABLE>
+</p>
 
 </BODY>
 </HTML>
diff --git a/opengate/javahtml/en/accept-java.html b/opengate/javahtml/en/accept-java.html
deleted file mode 100644
index 9619db9..0000000
--- a/opengate/javahtml/en/accept-java.html
+++ /dev/null
@@ -1,83 +0,0 @@
-<html>
-<head>
-<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
-<title>Opengatemain</title>
-</head>
-<body>
-
-<p>You can use the network. 
-
-<p>When you'd like to finish using the network, close your WEB browser. 
-You will be disconnected from the network automatically.</p>
-
-<script language="JavaScript">
-<!--
-if(!navigator.javaEnabled()){
-    document.write("<p><b>Java is disabled. Change it.</b></p>");
-}
-//-->
-</script>
-<noscript>
-<p><b>JavaScript is disabled. Change it.</b></p>
-</noscript>
-
-
-<p>
-<TABLE cellSpacing=0 cellPadding=10 
-align=center bgColor=lightyellow border=1>
-<TR><TD>
-<b>
-<P align=center>
-f you use this window for browsing or close this page, 
-network access will be denied.<p>
-
-<P align=center>
-Click below button to create a new window for browsing.</p>
-
-<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE="     START BROWSING     "></div>
-</FORM>
-
-<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>START BROWSING</a></p>
-</noscript>
-
-<P align=center>
-Or, minimize this page and load other network programs.</p>
-</b>
-</TD></TR>
-</TABLE>
-</p>
-
-<hr />
-<div align="center">
-   <applet code="Opengate.class" archive="Opengate.jar"
-    codebase="%%OPENGATEDIR%%" width="600" height="30" >
-    <param name=port value="%%OPENGATEPORT%%">
-    <param name=user value="%%USERID%%">
-    <param name=sessionid value="%%SESSIONID%%">
-    <param name=lang value="%%LANGUAGE%%">
-   </applet>
-</div>
-
-<hr />
-
-<p>If yellow bar is not displayed between above two lines, Java is not running. 
-In this case, please click <a href="%%TERMINATEURL%%"><b>TERMINATE</b></a>, 
- and close your browser. 
-Or you can run Java, if you download JavaPlugIn from 
-<a href=http://java.com/ja/index.jsp><b>java.com</b></a>, and enable it.
-If authentication page is not displayed, access to other web page.</p>
-
-
-<script language="JavaScript">
-<!--
-  window.open("%%STARTURL%%","window1");
-//-->
-</script>
-
-</body>
-</html>
-
diff --git a/opengate/javahtml/en/accept-time.html b/opengate/javahtml/en/accept-time.html
index e914ef9..2b0a309 100644
--- a/opengate/javahtml/en/accept-time.html
+++ b/opengate/javahtml/en/accept-time.html
@@ -11,10 +11,19 @@
 <b>%%DURATION%% minutes</b>.</p>
 
 <noscript>
-<p align=center><b>JavaScript is disabled in your browser. Please enable it.</b></p>
+<p align=center><b>JavaScript is disabled. Change it.</b></p>
 </noscript>
 
 <p>
+<TABLE cellSpacing=0 cellPadding=10 
+align=center bgColor=lightyellow border=1>
+<TR><TD>
+<p align=center><a href="%%STARTURL%%" target=_blank>NEXT &gt;</a></p>
+</TD></TR>
+</TABLE>
+</p>
+
+<p>
 <TABLE borderColor=red cellSpacing=0 cellPadding=10 
 align=center bgColor=lightyellow border=3>
 <TR><TD>
@@ -32,48 +41,11 @@ To avoid trouble with hijacking, click the TERMINATE link on the accept page
 when you want to stop using the network. 
 </p>
 
-
-<FORM onclick='location.replace("%%TERMINATEURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE="     TERMINATE     "></div>
-</FORM>
-
-<noscript>
 <p align=center><a href="%%TERMINATEURL%%">TERMINATE</a></p>
-</noscript>
-
-<p align=center>
-If possible, use the system without entering the duration value.</p>
-
 </TD></TR>
 </TABLE>
 </p>
 
-<p>
-<TABLE cellSpacing=0 cellPadding=10 
-align=center bgColor=lightyellow border=1>
-<TR><TD >
-
-<P align=center>
-Click below button to create a new window for browsing.</p>
-
-<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE="     START BROWSING     "></div>
-</FORM>
-
-<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>START BROWSING</a></p>
-</noscript>
-
-<P align=center>
-Or, minimize this page and load other network programs.</p>
-
-</TD></TR>
-</TABLE>
-</p>
-
-<p align=center>This page can be closed, though premature terminate is disabled.  If authentication page is not displayed, access to other web page.</p>
-
-
 <script language="JavaScript">
 <!--
   window.open("%%STARTURL%%","window1");
diff --git a/opengate/javahtml/en/accept2.html b/opengate/javahtml/en/accept2.html
index 3884828..f2044df 100644
--- a/opengate/javahtml/en/accept2.html
+++ b/opengate/javahtml/en/accept2.html
@@ -9,7 +9,7 @@
 You are authenticated. You can use the network.
 <P>
 <P>
-Your session is valid until you quit your browser.
+Your authentication is valid until you quit your browser.
 Do not forget to close your WEB brower when you're finished using the network.
 </P>
 
diff --git a/opengate/javahtml/en/deny-ssl.html b/opengate/javahtml/en/deny-ssl.html
deleted file mode 100644
index 1e8bc9a..0000000
--- a/opengate/javahtml/en/deny-ssl.html
+++ /dev/null
@@ -1,14 +0,0 @@
-<HTML>
-<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
-<HEAD>
-<TITLE>Opengatedeny</TITLE>
-</HEAD>
-<BODY>
-<P>
-Network authentication failed. Please retry again.
-</P>
-<A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en"><h3>BACK</h3></A>
-</BODY>
-</HTML>
diff --git a/opengate/javahtml/en/deny.html b/opengate/javahtml/en/deny.html
index 60f669f..cb06cbd 100644
--- a/opengate/javahtml/en/deny.html
+++ b/opengate/javahtml/en/deny.html
@@ -9,6 +9,6 @@
 <P>
 Network authentication failed. Please retry again.
 </P>
-<A HREF="http://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en"><h3>BACK</h3></A>
+<A HREF="%%PROTOCOL%%://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%"><h3>BACK</h3></A>
 </BODY>
 </HTML>
diff --git a/opengate/javahtml/en/httpkeep.html b/opengate/javahtml/en/httpkeep.html
index eb69a90..1243138 100644
--- a/opengate/javahtml/en/httpkeep.html
+++ b/opengate/javahtml/en/httpkeep.html
@@ -11,7 +11,7 @@
 
 </head>
 
-<body onunload="endHttpkeep();alert('[The End of Network Use]\n\nThe network is closed when the page with a yellow bar is closed.\nDo not close the page during the network use.')">
+<body onunload="endHttpkeep();">
 
 
 <p>You can use the network.</p>
@@ -35,11 +35,11 @@ the network will be closed.<p>
 Click below button to create a new window for browsing.</p>
 
 <FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE="     START BROWSING     "></div>
+<div align=center><INPUT TYPE="button" VALUE="     NEXT >    "></div>
 </FORM>
 
 <noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>START BROWSING</a></p>
+<p align=center><a href="%%STARTURL%%" target=_blank>NEXT&gt;</a></p>
 </noscript>
 
 <P align=center>
@@ -65,25 +65,13 @@ Or, minimize this page and load other network programs.</p>
 <hr />
 
 
-<p>If yellow bar is not displayed between above two lines 
-or other malfunction is occured, 
-click <a href="%%TERMINATEURL%%"><b>TERMINATE</b></a>, 
- and close your browser.
-If authentication page is not displayed, access to other web page.</p>
+<p>If [Error!] is shown between above two lines or other malfunction is occured, please access from Home or other site.  If not normal, please terminate the browser and retry. If you enter a value in duration field of authentication page, the network can be used for the duration.</p>
 
 <script type="text/JavaScript">
 //<!--
   window.open("%%STARTURL%%","window1");
 
-  applet  =' <applet code="Opengate.class" archive="Opengate.jar" ';
-  applet +='  codebase="http://%%OPENGATESERVERNAME%%%%OPENGATEDIR%%" width="600" height="30" > ';
-  applet +='  <param name=port value="%%OPENGATEPORT%%"> ';
-  applet +='  <param name=user value="%%USERID%%"> ';
-  applet +='  <param name=sessionid value="%%SESSIONID%%"> ';
-  applet +='  <param name=lang value="%%LANGUAGE%%"> ';
-  applet +=' </applet> ';
-
-  initHttpkeep("%%HTTPHELLOURL%%",applet, "%%SESSIONID%%");
+  initHttpkeep("%%HTTPHELLOURL%%","%%SESSIONID%%");
 //-->
 </script>
 
diff --git a/opengate/javahtml/en/index-ssl.html b/opengate/javahtml/en/index-ssl.html
index 4313799..589c980 100644
--- a/opengate/javahtml/en/index-ssl.html
+++ b/opengate/javahtml/en/index-ssl.html
@@ -31,8 +31,9 @@ SEND.
 
 <P>
 <FORM METHOD="POST" ACTION="https://%%CGIURL%%">
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
 <INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
 
 <TABLE BORDER=0>
 <TR NOWRAP>
@@ -61,7 +62,8 @@ at the end of your network use.
 
 </center>
 
-<p><font size=+1>If you have some questions, please contact the network administrator.
+<p><font size=+1>If you have some questions, 
+please contact the network administrator.
 
 <div align=right>Saga University</div>
 
diff --git a/opengate/javahtml/en/index.html b/opengate/javahtml/en/index.html
index 59bb660..27712f3 100644
--- a/opengate/javahtml/en/index.html
+++ b/opengate/javahtml/en/index.html
@@ -16,7 +16,8 @@
 [<a href="http://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja">Japanese version</a>]
 <hr>
 <div align=center>
-<P><font size=+1>You are requested to be authenticated before before network access is granted.
+<P><font size=+1>You are requested to be authenticated
+before before network access is granted.
 </font></P>
 
 <P><font size=+1>You will be authenticated with your user ID and
@@ -28,12 +29,13 @@ not know your user ID and/or password, please consult CNC.
 Please enter your user ID and password in the box below, then press SEND.
 Please use SSL Authentication as far as possible to prevent wiretapping. 
 </P>
-<P><A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en">SSL Authentication</A></P>
+<P><A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%">SSL Authentication</A></P>
 
 <P>
 <FORM METHOD="POST" ACTION="http://%%CGIURL%%">
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
 <INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
 
 <TABLE BORDER=0>
 <TR NOWRAP>
@@ -51,17 +53,18 @@ cannot be used continuously(unrecommended).</b><br>
 Required Usage Duration: 
 <INPUT TYPE="TEXT" SIZE="4" NAME="duration" VALUE="Auto">
 minutes(range: 1-%%DURATIONMAX%% minutes).  
-This will keep your session open for the indicated time period. 
-If you leave without closing your session, others could use it illegally!  
-To avoid trouble with hijacking, click the TERMINATE link on the accept page 
-when you want to stop using the network. 
+The network is kept in open state during this time as your session. 
+After you go away, others may do an illegal use of your session.  
+To avoid trouble in hijacking, click the TERMINATE link on the accept page 
+at the end of your network use. 
 <hr>
 </form>
 </p>
 
 </center>
 
-<p><font size=+1>If you have questions, please contact the network administrator.
+<p><font size=+1>If you have some questions, 
+please contact network administrator.
 
 <div align=right>Saga University</div>
 
diff --git a/opengate/javahtml/en/retry.html b/opengate/javahtml/en/retry.html
index e1a176a..e6e430a 100644
--- a/opengate/javahtml/en/retry.html
+++ b/opengate/javahtml/en/retry.html
@@ -11,20 +11,20 @@ The system cannot acquire client information.
 This page is displayed when the access key is not fresh.
 Please use as follows.
 <UL>
-<LI>Do not try to access this site by entering its URL manually.</LI>
-<LI>Do not try to access this site using bookmarks/favorites.</LI>
-<LI>Do not change the string in the URL</LI>
+<LI>Do not access by pointing this site manually.</LI>
+<LI>Do not access by the saved URL of this site.</LI>
+<LI>Do not change the string in URL</LI>
 </UL>
 </P>
-<P>Please try to access any external site. 
-The authentication page will then be displayed automatically.</P>
+<P>Please access to any external site. 
+Then the authentication page is displayed automatically.</P>
 <P>
 <A HREF=%%EXTERNALURL%%><H3>Retry from external site</H3></A>
 </P>
 <HR>
 <SMALL>
-<P>You can use one of the following links. 
-   In this case, the system will only control either IPv4 or IPv6.</P>
+<P>If you do not need IPv4/IPv6 dual stack support, enter from following pages. In this case, the system only controls one of IPv4 or IPv6.
+</P>
 <P>
 <a href="https://%%AUTHCGIURL%%?0-0-0&en">Network Authentication</a> 
 <a href="http://%%AUTHCGIURL%%?0-0-0&en">Network Authentication(Unuse SSL)</a>
diff --git a/opengate/javahtml/en/skip-auth.html b/opengate/javahtml/en/skip-auth.html
new file mode 100644
index 0000000..5314605
--- /dev/null
+++ b/opengate/javahtml/en/skip-auth.html
@@ -0,0 +1,42 @@
+<html>
+<head>
+<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
+<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<meta http-equiv="Pragma" content="no-cache">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=%%PROTOCOL%%://%%CGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%&redirectedurl=%%REDIRECTEDURL%%">
+
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+<BODY onload="document.form1.submit();">
+
+<P align=CENTER>
+The network is closed. You will automatically re-check continuation. <BR>
+If you cannot move automatically, click the following.
+</P>
+
+<TABLE align=CENTER>
+<TR><TD>
+<FORM NAME="form1" METHOD="POST" ACTION="%%PROTOCOL%%://%%CGIURL%%">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
+<INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
+
+<INPUT TYPE="SUBMIT" VALUE=" NEXT > ">
+</FORM>
+</TD></TR>
+</TABLE>
+
+
+</BODY>
+</HTML>
+
+
+
+
+
+
+
+
+
+
diff --git a/opengate/javahtml/en/topindex.html b/opengate/javahtml/en/topindex.html
index 5d357e9..398896e 100644
--- a/opengate/javahtml/en/topindex.html
+++ b/opengate/javahtml/en/topindex.html
@@ -3,13 +3,14 @@
 
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
 <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
-<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en&redirectedurl=%%REDIRECTEDURL%%">
 <TITLE>OpengateStart</TITLE>
 </HEAD>
 <BODY>
-You will be redirected to the Opengate <i>Network Authentication</i> page momentarily.
+You will automatically enter to the page for <i>Network Authentication</i>
+by Opengate.
 <P>
-If you are not redirected within a few seconds, please use one of the following links:
+If you cannot move to the page automatically, click the following.
 <P>
 <a href="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en">Network Authentication</a><br>
 <a href="http://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=en">Network Authentication(Unuse SSL)</a>
diff --git a/opengate/javahtml/httpkeep.js b/opengate/javahtml/httpkeep.js
index dc06566..57e75bb 100644
--- a/opengate/javahtml/httpkeep.js
+++ b/opengate/javahtml/httpkeep.js
@@ -26,13 +26,12 @@ function sendHello(){
       rand=Math.random();
       nextKey=hex_md5(String(rand));
     }catch(e){
-      document.getElementById("watchdog").innerHTML = appletDescription;
+      document.getElementById("watchdog").innerHTML = "Error!:1";
     }
   }
 
-  // java communication
   else{
-    document.getElementById("watchdog").innerHTML = appletDescription;
+    document.getElementById("watchdog").innerHTML = "Error!:2";
   }
 }
 
@@ -47,11 +46,11 @@ function displayResponse()
         document.getElementById("dispmsg").innerHTML = hh+':'+mm;
         if(httpObj.responseText=="hello") sendHello();
       }else{
-        document.getElementById("dispmsg").innerHTML = "Error!";
+        document.getElementById("dispmsg").innerHTML = "Error!:3";
       }
     }
   }catch(e){
-    document.getElementById("watchdog").innerHTML = "Error!";
+    document.getElementById("watchdog").innerHTML = "Error!:4";
   }
 }
 
@@ -61,11 +60,10 @@ function endHttpkeep(){
   }
 }
 
-function initHttpkeep(urlArg, appletArg, sid)
+function initHttpkeep(urlArg, sid)
 {
   // save arguments
   httpkeepUrl=urlArg;
-  appletDescription=appletArg;
   nowKey=hex_md5(sid);
   sessionId=sid;
   rand=Math.random();
diff --git a/opengate/javahtml/ja/accept-http.html b/opengate/javahtml/ja/accept-http.html
index 9308ab4..83815dc 100644
--- a/opengate/javahtml/ja/accept-http.html
+++ b/opengate/javahtml/ja/accept-http.html
@@ -7,70 +7,53 @@
 </head>
 <body>
 <p>
-<p>$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#(B</p>
-<p>$BMxMQ$,=*$C$?$iI,$:(BWeb$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#(B
-</p>
+<p align=center>$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#(B</p>
 
 <script language="JavaScript">
 <!--
 // usually the page is jumped to httpkeep.html
 location.replace(%%HTTPKEEPURL%%);
-
-// if not jumped, process following 
-if(!navigator.javaEnabled()){
-    document.write("<p><b>Java$B$,L58z$K@_Dj$5$l$F$$$^$9!#@_Dj$rJQ99$7$F2<$5$$!#(B</b></p>");
-}
 //-->
 </script>
 <noscript>
-<p><b>JavaScript$B$,L58z$K@_Dj$5$l$F$$$^$9!#@_Dj$rJQ99$7$F2<$5$$!#(B</b></p>
+<p align=center><b>JavaScript$B$,L58z$K@_Dj$5$l$F$$$^$9!#@_Dj$rJQ99$7$F$+$i!"%V%i%&%6$r:F5/F0$7$F$/$@$5$$!#(B</b></p>
 </noscript>
 
+<p align=center>$B$3$N$^$^$G$bMxMQ$G$-$^$9$,!"%M%C%H%o!<%/$O(B<b>%%DURATION%%$BJ,(B</b>
+$B7P2a8e$KJD:?$H$J$j$^$9!#(B</p>
+
 <p>
 <TABLE cellSpacing=0 cellPadding=10 
 align=center bgColor=lightyellow border=1>
-<TR><TD >
-<b>
-<P align=center>
-$B$3$N%Z!<%8$r0\F0$7$?$jJD$8$?$j$9$k$H!"%M%C%H%o!<%/$,JD:?$5$l$^$9!#(B<p>
-</p>
-
-<P align=center>
-Web$B$NMxMQ$K$O2<$N%j%s%/$r2!$7$FI=<($5$l$kJL%&%$%s%I%&$r;H$C$F$/$@$5$$!#(B</p>
+<TR><TD>
+<p align=center><a href="%%STARTURL%%" target=_blank>
+<b>$B<!$X(B &gt;</b></a></p>
+</TD></TR>
+</TABLE>
 
-<p align=center><a href="%%STARTURL%%" target=_blank>$BMxMQ3+;O(B</a></p>
+<p>
+<TABLE borderColor=red cellSpacing=0 cellPadding=10 
+align=center bgColor=lightyellow border=3>
+<TR><TD>
 
+<p align=center>
+<font color=red>$B7Y9p(B</font>
+</p>
+<p align=center>
+$B%M%C%H%o!<%/$O!"(B<b>%%DURATION%%$BJ,(B</b>$B$,7P2a$9$k$^$G!"(B
+$B$"$J$?$N;q3J$G3+J|$7$F$7$^$9!#(B
+</p>
 <P align=center>
-$B$^$?$O!"$3$N%Z!<%8$r:G>.2=$7$F$*$$$F!"JL%W%m%0%i%`$G%M%C%H%o!<%/$rMxMQ$7$F$/$@$5$$!#(B
+$B$"$J$?$,5n$C$?8e$G!"B>?M$,IT@5MxMQ$9$k$H!"(B
+$B$=$l$KH<$&%H%i%V%k$K4,$-9~$^$l$^$9!#(B<br>
+$BIT@5MxMQ$rKI$0$?$a!"Aa4|$NMxMQ=*N;;~$K$O!"(B
+$B2<$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#(B
 </p>
-</b>
+
+<p align=center><a href="%%TERMINATEURL%%">$BMxMQ=*N;(B</a></p>
 </TD></TR>
 </TABLE>
 </p>
 
-<hr />
-<div align="center">
-   <applet code="Opengate.class" archive="Opengate.jar"
-    codebase="%%OPENGATEDIR%%" width="600" height="30" >
-    <param name=port value="%%OPENGATEPORT%%">
-    <param name=user value="%%USERID%%">
-    <param name=sessionid value="%%SESSIONID%%">
-    <param name=lang value="%%LANGUAGE%%">
-   </applet>
-</div>
-<hr />
-
-<p>$B>e$N(B2$BK\$N@~$N4V$K2+?'$N%P!<$,I=<($5$l$J$$>l9g!"(B
-<a href="%%TERMINATEURL%%"><b>$BMxMQCfCG(B</b></a>$B$r%/%j%C%/$7$F$+$i(B
-$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#G'>Z%Z!<%8$,I=<($5$l$J$$>l9g$O!"(B
-$BDL>o$H$OJL$N%Z!<%8$r%"%/%;%9$7$F$_$F$/$@$5$$!#(B
-</p>
-
-<script language="JavaScript">
-<!--
-  window.open("%%STARTURL%%","window1");
-//-->
-</script>
-
 </body>
 </html>
diff --git a/opengate/javahtml/ja/accept-java.html b/opengate/javahtml/ja/accept-java.html
deleted file mode 100644
index b42059d..0000000
--- a/opengate/javahtml/ja/accept-java.html
+++ /dev/null
@@ -1,86 +0,0 @@
-<html>
-<head>
-<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
-<title>Opengatemain</title>
-</head>
-<body>
-
-<p>$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#(B</p>
-<p>$BMxMQ$,=*$C$?$iI,$:(BWeb$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#(B
-</p>
-
-<script language="JavaScript">
-<!--
-if(!navigator.javaEnabled()){
-    document.write("<p><b>Java$B$,L58z$K@_Dj$5$l$F$$$^$9!#JQ99$7$F2<$5$$!#(B</b></p>");
-}
-//-->
-</script>
-<noscript>
-<p><b>JavaScript$B$,L58z$K@_Dj$5$l$F$$$^$9!#JQ99$7$F2<$5$$!#(B</b></p>
-</noscript>
-
-<p>
-<TABLE cellSpacing=0 cellPadding=10 
-align=center bgColor=lightyellow border=1>
-<TR><TD >
-<b>
-
-<P align=center>
-$B$3$N%Z!<%8$r0\F0$7$?$jJD$8$?$j$9$k$H!"%M%C%H%o!<%/$,JD:?$5$l$^$9!#(B<p>
-
-<P align=center>
-Web$B$NMxMQ$K$O2<$N%\%?%s$r2!$7$FI=<($5$l$kJL%&%$%s%I%&$r;H$C$F$/$@$5$$!#(B</p>
-
-<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE="     $BMx(B $BMQ(B $B3+(B $B;O(B     "></div>
-</FORM>
-
-<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>$BMxMQ3+;O(B</a></p>
-</noscript>
-
-<P align=center>
-$B$^$?$O!"$3$N%Z!<%8$r:G>.2=$7$F$*$$$F!"JL%W%m%0%i%`$G%M%C%H%o!<%/$rMxMQ$7$F$/$@$5$$!#(B
-</p>
-</b>
-</TD></TR>
-</TABLE>
-</p>
-
-
-<hr />
-<div align="center">
-   <applet code="Opengate.class" archive="Opengate.jar"
-    codebase="%%OPENGATEDIR%%" width="600" height="30" >
-    <param name=port value="%%OPENGATEPORT%%">
-    <param name=user value="%%USERID%%">
-    <param name=sessionid value="%%SESSIONID%%">
-    <param name=lang value="%%LANGUAGE%%">
-   </applet>
-</div>
-<hr />
-
-<p>$B>e$N(B2$BK\$N@~$N4V$K2+?'$N%P!<$,I=<($5$l$J$$>l9g!"(BJava$B$,F0$$$F$$$^$;$s!#(B
-<a href="%%TERMINATEURL%%"><b>$BMxMQCfCG(B</b></a>$B$r%/%j%C%/$7$F(B
-$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#(B
-$B$^$?$O!"(B<a href=http://java.com/ja/index.jsp><b>java.com</b></a>
-$B$+$i(BJavaPlugIn$B$r%@%&%s%m!<%I$7$F!"@_Dj$rM-8z$K$9$l$P!"(B
-Java$B$rF0$+$9$3$H$,$G$-$^$9!#(B
-$BG'>Z%Z!<%8$,I=<($5$l$J$$>l9g$O!"(B
-$BDL>o$H$OJL$N%Z!<%8$r%"%/%;%9$7$F$_$F$/$@$5$$!#(B
-</p>
-<script language="JavaScript">
-<!--
-  window.open("%%STARTURL%%","window1");
-//-->
-</script>
-
-</body>
-</html>
-
-
-
-
diff --git a/opengate/javahtml/ja/accept-time.html b/opengate/javahtml/ja/accept-time.html
index 4a35907..5c452ac 100644
--- a/opengate/javahtml/ja/accept-time.html
+++ b/opengate/javahtml/ja/accept-time.html
@@ -9,12 +9,17 @@
 <body>
 
 
-<p align=center>$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#%M%C%H%o!<%/$O(B<b>%%DURATION%%$BJ,(B</b>$B7P2a8e$KJD:?$H$J$j$^$9!#(B</p>
+<p align=center>$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#(B
+$B%M%C%H%o!<%/$O(B<b>%%DURATION%%$BJ,(B</b>$B7P2a8e$KJD:?$H$J$j$^$9!#(B</p>
 
-
-<noscript>
-<p align=center><b>JavaScript$B$,L58z$G$9!#@_Dj$rJQ$($F$/$@$5$$!#(B</b></p>
-</noscript>
+<p>
+<TABLE cellSpacing=0 cellPadding=10 
+align=center bgColor=lightyellow border=1>
+<TR><TD>
+<p align=center><a href="%%STARTURL%%" target=_blank>$B<!$X(B &gt;</a></p>
+</TD></TR>
+</TABLE>
+</p>
 
 <p>
 <TABLE borderColor=red cellSpacing=0 cellPadding=10 
@@ -25,63 +30,26 @@ align=center bgColor=lightyellow border=3>
 <font color=red>$B7Y9p(B</font>
 </p>
 <p align=center>
-$B%M%C%H%o!<%/$O!"(B%%DURATION%%$BJ,$,7P2a$9$k$^$G!"$"$J$?$N;q3J$G3+J|$7$F$7$^$9!#(B
+$B%M%C%H%o!<%/$O!"(B<b>%%DURATION%%$BJ,(B</b>$B$,7P2a$9$k$^$G!"(B
+$B$"$J$?$N;q3J$G3+J|$7$F$7$^$9!#(B
 </p>
 <P align=center>
-$B$"$J$?$,5n$C$?8e$G!"B>?M$,IT@5MxMQ$9$k$H!"$=$l$KH<$&%H%i%V%k$K4,$-9~$^$l$^$9!#(B<br>
-$BIT@5MxMQ$rKI$0$?$a!"Aa4|$NMxMQ=*N;;~$K$O!"2<$N%\%?%s$r%/%j%C%/$7$F$/$@$5$$!#(B
+$B$"$J$?$,5n$C$?8e$G!"B>?M$,IT@5MxMQ$9$k$H!"(B
+$B$=$l$KH<$&%H%i%V%k$K4,$-9~$^$l$^$9!#(B<br>
+$BIT@5MxMQ$rKI$0$?$a!"Aa4|$NMxMQ=*N;;~$K$O!"(B
+$B2<$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#(B
 </p>
 
-
-<FORM onclick='location.replace("%%TERMINATEURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE="     $BMx(B $BMQ(B $B=*(B $BN;(B     "></div>
-</FORM>
-
-<noscript>
 <p align=center><a href="%%TERMINATEURL%%">$BMxMQ=*N;(B</a></p>
-</noscript>
-
-<p align=center>
-$BMxMQ;~4V;XDj$O?d>)$5$l$^$;$s!#2DG=$J8B$jMxMQ;~4V$rF~NO$7$J$$$G$/$@$5$$!#(B</p>
-
-</TD></TR>
-</TABLE>
-</p>
-
-
-<p>
-<TABLE cellSpacing=0 cellPadding=10 
-align=center bgColor=lightyellow border=1>
-<TR><TD >
-
-<P align=center>
-Web$B$NMxMQ$K$O2<$N%\%?%s$r2!$7$FI=<($5$l$kJL%&%$%s%I%&$r;H$C$F$/$@$5$$!#(B</p>
-
-<FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE="     $BMx(B $BMQ(B $B3+(B $B;O(B     "></div>
-</FORM>
-
-<noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>$BMxMQ3+;O(B</a></p>
-</noscript>
-
-<P align=center>
-$B$^$?$O!"$3$N%Z!<%8$r:G>.2=$7$F$*$$$F!"JL%W%m%0%i%`$G%M%C%H%o!<%/$rMxMQ$7$F$/$@$5$$!#(B
-</p>
-
 </TD></TR>
 </TABLE>
 </p>
 
-
-<p align=center>$B$3$N%Z!<%8$OJD$8$F$b9=$$$^$;$s$,!"Aa4|$NMxMQ=*N;$,$G$-$J$/$J$j$^$9!#$J$*!"G'>Z%Z!<%8$,I=<($5$l$J$$>l9g$O!"DL>o$H$OJL$N%Z!<%8$r%"%/%;%9$7$F$_$F$/$@$5$$!#(B</p>
-
 <script language="JavaScript">
 <!--
   window.open("%%STARTURL%%","window1");
 //-->
 </script>
 
-
 </body>
 </html>
diff --git a/opengate/javahtml/ja/deny-ssl.html b/opengate/javahtml/ja/deny-ssl.html
deleted file mode 100644
index 0aac6a2..0000000
--- a/opengate/javahtml/ja/deny-ssl.html
+++ /dev/null
@@ -1,14 +0,0 @@
-<HTML>
-<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
-<HEAD>
-<TITLE>Opengatedeny</TITLE>
-</HEAD>
-<BODY>
-<P>
-$B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#(B
-</P>
-<A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja"><H3>$BLa$k(B</H3></A>
-</BODY>
-</HTML>
diff --git a/opengate/javahtml/ja/deny.html b/opengate/javahtml/ja/deny.html
index c82833a..c21f9a0 100644
--- a/opengate/javahtml/ja/deny.html
+++ b/opengate/javahtml/ja/deny.html
@@ -9,6 +9,6 @@
 <P>
 $B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#(B
 </P>
-<A HREF="http://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja"><H3>$BLa$k(B</H3></A>
+<A HREF="%%PROTOCOL%%://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%"><H3>$BLa$k(B</H3></A>
 </BODY>
 </HTML>
diff --git a/opengate/javahtml/ja/httpkeep.html b/opengate/javahtml/ja/httpkeep.html
index e87ec4d..cf5ebce 100644
--- a/opengate/javahtml/ja/httpkeep.html
+++ b/opengate/javahtml/ja/httpkeep.html
@@ -11,7 +11,7 @@
 
 </head>
 
-<body onunload="endHttpkeep();alert('[$B%M%C%H%o!<%/MxMQ=*N;(B]\n\n$B2+?'%P!<I=<($N%Z!<%8$rJD$8$k$H%M%C%H%o!<%/$,JD:?$7$^$9!#(B\n$BMxMQ7QB3Cf$O2+?'%P!<I=<($N%Z!<%8$rJD$8$J$$$G$/$@$5$$!#(B');">
+<body onunload="endHttpkeep();">
 
 
 <p>$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#(B<br>
@@ -35,12 +35,12 @@ Web$B$NMxMQ$K$O2<$N%\%?%s$r2!$7$FI=<($5$l$kJL%&%$%s%I%&$r;H$C$F$/$@$5$$!#(B
 
 
 <FORM onclick='window.open("%%STARTURL%%")'>
-<div align=center><INPUT TYPE="button" VALUE="     $BMx(B $BMQ(B $B3+(B $B;O(B     "></div>
+  <div align=center><INPUT TYPE="button" VALUE="     $B<!(B $B$X(B >     "></div>
 </FORM>
 
 </p>
 <noscript>
-<p align=center><a href="%%STARTURL%%" target=_blank>$BMxMQ3+;O(B</a></p>
+<p align=center><a href="%%STARTURL%%" target=_blank>$B<!$X(B&gt;</a></p>
 </noscript>
 
 <P align=center>
@@ -65,29 +65,17 @@ Web$B$NMxMQ$K$O2<$N%\%?%s$r2!$7$FI=<($5$l$kJL%&%$%s%I%&$r;H$C$F$/$@$5$$!#(B
 </p>
 <hr />
 
-<p>$B>e$N(B2$BK\$N@~$N4V$K2+?'$N%P!<$,I=<($5$l$J$+$C$?$j%M%C%H%o!<%/$,JD:?$5$l$k(B
-$B$J$IF0:n$,$*$+$7$$>l9g$O!"(B<a href="%%TERMINATEURL%%"><b>$BMxMQCfCG(B
-</b></a>$B$r%/%j%C%/$7$F$+$i%V%i%&%6$r=*N;$7$F$/$@$5$$!#(B
-$B$^$?G'>Z%Z!<%8$,I=<($5$l$J$$>l9g$O!"(B
-$BDL>o$H$OJL$N%Z!<%8$r%"%/%;%9$7$F$_$F$/$@$5$$!#(B
+<p>$B>e$N(B2$BK\$N@~$N4V$K(B[Error!]$B$,I=<($5$l$k$H$-$d$=$NB>$NIT6q9g$,$"$k;~$O!"%[!<%`$d$=$NB>$N%5%$%H$+$i%"%/%;%9$7$J$*$7$F$/$@$5$$!#$=$l$G$b2~A1$7$J$$>l9g$O%V%i%&%6$r=*N;$7$F$+$i:F;n9T$7$F$/$@$5$$!#$^$?G'>Z2hLL$NMxMQ;~4V%U%#!<%k%I$KCM$r$$$l$k$H!"$=$N;~4V$@$1;HMQ$9$k$3$H$,$G$-$^$9!#(B
 </p>
 
+
 <script type="text/JavaScript">
 //<!--
   window.open("%%STARTURL%%","window1");
 
-  applet  =' <applet code="Opengate.class" archive="Opengate.jar" ';
-  applet +='  codebase="http://%%OPENGATESERVERNAME%%%%OPENGATEDIR%%" width="600" height="30" > ';
-  applet +='  <param name=port value="%%OPENGATEPORT%%"> ';
-  applet +='  <param name=user value="%%USERID%%"> ';
-  applet +='  <param name=sessionid value="%%SESSIONID%%"> ';
-  applet +='  <param name=lang value="%%LANGUAGE%%"> ';
-  applet +=' </applet> ';
-
-  initHttpkeep("%%HTTPHELLOURL%%",applet,"%%SESSIONID%%");
+  initHttpkeep("%%HTTPHELLOURL%%","%%SESSIONID%%");
 //-->
 </script>
 
-
 </body>
 </html>
diff --git a/opengate/javahtml/ja/index-ssl.html b/opengate/javahtml/ja/index-ssl.html
index 6394fc1..d725996 100644
--- a/opengate/javahtml/ja/index-ssl.html
+++ b/opengate/javahtml/ja/index-ssl.html
@@ -26,8 +26,9 @@
 
 <p>
 <form method="POST" action="https://%%CGIURL%%">
-<input type="HIDDEN" name="language" value="ja">
+<input type="HIDDEN" name="language" value="%%LANGUAGE%%">
 <input type="HIDDEN" name="remote_addr" value="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
 
 <table border=0>
 <tr nowrap>
diff --git a/opengate/javahtml/ja/index.html b/opengate/javahtml/ja/index.html
index 28670fe..5ef205d 100644
--- a/opengate/javahtml/ja/index.html
+++ b/opengate/javahtml/ja/index.html
@@ -26,12 +26,14 @@
 $B%Q%9%o!<%I$NEpD0$rKI$0$?$a$K!"$G$-$k$@$1(BSSL$BBP1~G'>Z$rMxMQ$7$F2<$5$$!#(B
 </P>
 
-<P><A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja">SSL$BBP1~G'>Z(B</A></P>
+<P><A HREF="https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%">
+SSL$BBP1~G'>Z(B</A></P>
 
 <P>
 <FORM METHOD="POST" ACTION="http://%%CGIURL%%">
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="ja">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
 <INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
 
 <TABLE BORDER=0>
 <TR NOWRAP>
diff --git a/opengate/javahtml/ja/retry.html b/opengate/javahtml/ja/retry.html
index da27781..42cb7b1 100644
--- a/opengate/javahtml/ja/retry.html
+++ b/opengate/javahtml/ja/retry.html
@@ -23,7 +23,7 @@
 <HR>
 <SMALL>
 <P>
-IPv4/IPv6$B%G%e%"%k%9%?%C%/$N%5%]!<%H$,ITMW$N>l9g$K$O0J2<$rMxMQ2<$5$$!#(BIPv4$B$H(BIPv6$B$N$I$A$i$+0lJ}$N$_$r@)8f$7$^$9!#(B
+$B0J2<$N%j%s%/$b;HMQ$G$-$^$9$,!"(BIPv4$B$H(BIPv6$B$N$I$A$i$+0lJ}$N$_$r@)8f$7$^$9!#(B
 </P>
 <P>
 <a href="https://%%AUTHCGIURL%%?0-0-0&ja">$B%M%C%H%o!<%/MxMQ<TG'>Z(B</a> <a href="http://%%AUTHCGIURL%%?0-0-0&ja">$B%M%C%H%o!<%/MxMQ<TG'>Z!J(BSSL$BHsBP1~!K(B</a>
diff --git a/opengate/javahtml/ja/skip-auth.html b/opengate/javahtml/ja/skip-auth.html
new file mode 100644
index 0000000..65199bb
--- /dev/null
+++ b/opengate/javahtml/ja/skip-auth.html
@@ -0,0 +1,40 @@
+<html>
+<head>
+<link rel="shortcut icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
+<link rel="icon" href="%%OPENGATEDIR%%/favicon.ico" type="image/x-icon">
+<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
+<meta http-equiv="Pragma" content="no-cache">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=%%PROTOCOL%%://%%CGIURL%%?addr=%%ADDR4%%&lang=%%LANGUAGE%%&redirectedurl=%%REDIRECTEDURL%%">
+
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+<BODY onload="document.form1.submit();">
+
+<P align=CENTER>
+$B%M%C%H%o!<%/$,JD:?$7$^$7$?!#:F3+J|$r3NG'$7$^$9!#(B<BR>
+$B<+F00\F0$G$-$J$$J}$O2<$N%\%?%s$r%/%j%C%/$7$F2<$5$$!#(B
+</P>
+
+<TABLE align=CENTER>
+<TR><TD>
+<FORM NAME="form1" METHOD="POST" ACTION="%%PROTOCOL%%://%%CGIURL%%">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="%%LANGUAGE%%">
+<INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
+<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%">
+<INPUT TYPE="SUBMIT" VALUE="  $B<!$X(B >  ">
+</FORM>
+</TD></TR>
+</TABLE>
+
+</BODY>
+</HTML>
+
+
+
+
+
+
+
+
+
+
diff --git a/opengate/javahtml/ja/topindex.html b/opengate/javahtml/ja/topindex.html
index 1e9ecef..0250359 100644
--- a/opengate/javahtml/ja/topindex.html
+++ b/opengate/javahtml/ja/topindex.html
@@ -2,7 +2,7 @@
 <HEAD>
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
 <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
-<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?addr=%%ADDR4%%&lang=ja&redirectedurl=%%REDIRECTEDURL%%">
 
 <TITLE>OpengateStart</TITLE>
 </HEAD>
diff --git a/opengate/opengatesrv/Makefile b/opengate/opengatesrv/Makefile
index 41c6b32..3d627a3 100644
--- a/opengate/opengatesrv/Makefile
+++ b/opengate/opengatesrv/Makefile
@@ -13,14 +13,19 @@ DOCUMENTROOT = ${WWWTOP}${DOCDIR}
 INSTALLDOCPATH = ${WWWTOP}${DOCDIR}${OPENGATEDIR}
 INSTALLCGIPATH = ${WWWTOP}${CGIDIR}${OPENGATEDIR}
 
-CFLAGS= -g -O4 -Wall
+CFLAGS= -g -O4 -Wall -I/usr/local/include
 
 .if exists(/usr/local/include/ldap.h)
-LIBS = -lssl -lcrypto -lradius -lpam -lezxml -L../ezxml -lldap -llber -L/usr/local/lib
-.else
-LIBS = -lssl -lcrypto -lradius -lpam -lezxml -L../ezxml
+LIBLDAP = -lldap -llber
 .endif
 
+.if exists(/usr/local/include/sqlite3.h)
+LIBSQLITE = -lsqlite3
+.endif
+
+LIBS = -lssl -lcrypto -lradius -lpam -lezxml ${LIBLDAP} ${LIBSQLITE} -L../ezxml -L/usr/local/lib
+
+
 OBJS = utilities.o comm-auth.o comm-cgi.o watch-client.o comm-ipfw.o comm-ip6fw.c comm-arp.o comm-ndp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o auth-ftps.o auth-ldap.o htmltemplate.o addr-convert.o get-mac.o ctrl-firewall.o ctrl-alarms.o
 MAINPROGO = main.o
 HDRS = opengatesrv.h
@@ -88,7 +93,7 @@ install-cgi:	${MAINPROG} ${AUTHPROG} ${FWDPROG}
 		#
 
 install-html:
-		## Copy HTML documents and java ##
+		## Copy HTML documents and etc ##
 .if !exists(${INSTALLDOCPATH})
 		mkdir ${INSTALLDOCPATH}
 .endif
@@ -117,8 +122,6 @@ install-conf:
 .endif
 		cp  ../conf/opengatesrv.conf.sample ${CONFIGPATH}
 		cp  ../conf/rc.firewall.sample ${CONFIGPATH}
-		cp  ../conf/rc.firewall4.sample ${CONFIGPATH}
-		cp  ../conf/rc.firewall6.sample ${CONFIGPATH}
 		cp ../conf/ipfwctrl.pl.sample  ${CONFIGPATH}
 		sed 's|<DocumentRoot>.*</DocumentRoot>|<DocumentRoot>${DOCUMENTROOT}</DocumentRoot>|' ../conf/opengatesrv.conf.sample | sed 's|<CgiDir>.*</CgiDir>|<CgiDir>${CGIDIR}</CgiDir>|' | sed 's|<OpengateDir>.*</OpengateDir>|<OpengateDir>${OPENGATEDIR}</OpengateDir>|' | sed 's|<LockFile>.*</LockFile>|<LockFile>${LOCKFILE}</LockFile>|'  > ${CONFIGPATH}/opengatesrv.conf.sample
 		#
@@ -145,7 +148,9 @@ comm-arp.o:	${HDRS}
 comm-ndp.o:	${HDRS}
 
 comm-userdb.o:	${HDRS}
-
+.if !exists(/usr/local/include/sqlite3.h)
+		${CC} ${CFLAGS} -DSQLITE3_NOT_INSTALLED -c $<
+.endif
 ctrl-firewall.o:	${HDRS}
 
 ctrl-alarms.o:	${HDRS}
@@ -159,9 +164,7 @@ auth-pop3s.o:	${HDRS}
 auth-ftps.o:	${HDRS}
 
 auth-ldap.o:	${HDRS}
-.if exists(/usr/local/include/ldap.h)
-		${CC} ${CFLAGS}  -I/usr/local/include -c $<
-.else
+.if !exists(/usr/local/include/ldap.h)
 		${CC} ${CFLAGS} -DLDAP_NOT_INSTALLED -c $<
 .endif
 
diff --git a/opengate/opengatesrv/comm-auth.c b/opengate/opengatesrv/comm-auth.c
index 6b21023..75ac36e 100644
--- a/opengate/opengatesrv/comm-auth.c
+++ b/opengate/opengatesrv/comm-auth.c
@@ -53,8 +53,8 @@ int authenticateUser(char *userid, char *passwd)
   int timeout;
 
   /* if no userid or no passwd, then deny */
-  if(userid[0]=='\0')return DENY;
-  if(passwd[0]=='\0')return DENY;
+  //if(userid[0]=='\0')return DENY;
+  //if(passwd[0]=='\0')return DENY;
 
   /* authserver get timeout value */
   timeout=atoi(GetConfValue("AuthServer/Timeout"));
diff --git a/opengate/opengatesrv/comm-cgi.c b/opengate/opengatesrv/comm-cgi.c
index b1018d1..9b14c9b 100644
--- a/opengate/opengatesrv/comm-cgi.c
+++ b/opengate/opengatesrv/comm-cgi.c
@@ -33,12 +33,9 @@ Modified by Katsuhiko Eguchi
 #define hex2num(x)  ((x)>='A' ? ((x) & 0XDF) - 'A' +10 : ((x) - '0'))
 
 int isHttpWatchEnableClient(void);
-int isJavaWatchEnableClient(void);
 void split(char content[], char *name[], char *value[], char *next[]);
 void decode(char *string);
 
-char language[WORDMAXLN]; /* message language in java applet */
-
 /*******************************/
 /* get the client addr         */
 /*******************************/
@@ -50,61 +47,88 @@ void getClientAddr(char *clientAddr)
 /********************************************/
 /* get Post data from the client  */
 /********************************************/
-int getPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered)
+int getPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered, char *language, char *redirectedUrl)
 {
-  int contentLen;
-  char content[BUFFMAXLN];
+  int contentLen=0;
+  int queryStrLen=0;
+  char content[BUFFMAXLN]="";
+  char queryStr[BUFFMAXLN]="";
   char *name[1];
   char *value[1];
   char *next[1];
   char *ptr;
-  char durationStr[WORDMAXLN];
-  char langList[BUFFMAXLN];
-  char encodeAddr4[ADDRMAXLN];
-  char accessAddr[ADDRMAXLN];
+  char durationStr[WORDMAXLN]="";
+  char langList[BUFFMAXLN]="";
+  char encodeAddr4[ADDRMAXLN]="";
+  char accessAddr[ADDRMAXLN]="";
 
   /* get content sent from web input */
-  if(getenv("CONTENT_LENGTH")==NULL){
-    err_msg("ERR at %s#%d: CONTENT_LENGTH is not defined",__FILE__,__LINE__);
-    return FALSE;
-  }
-
-  contentLen=atoi(getenv("CONTENT_LENGTH"));
-  if(contentLen==0){
-    err_msg("ERR at %s#%d: CONTENT_LENGTH is zero",__FILE__,__LINE__);
-    return FALSE;
+  if(getenv("CONTENT_LENGTH")!=NULL
+     &&(contentLen=atoi(getenv("CONTENT_LENGTH")))!=0){
+    
+    contentLen++; /* for terminate ch */
+    if(contentLen > BUFFMAXLN) contentLen=BUFFMAXLN;
+    if(fgets(content, contentLen, stdin) == NULL){
+      content[0]='\0';
+    }
+    
+    /* get items from string */
+    userid[0]='\0';
+    password[0]='\0';
+    encodeAddr4[0]='\0';
+    language[0]='\0';
+    durationStr[0]='\0';
+    redirectedUrl[0]='\0';
+    
+    ptr=content;
+    
+    while(ptr!=NULL){
+      split(ptr, name, value, next);
+      
+      if(strstr(name[0], "userid")!=NULL){
+	strncpy(userid, value[0], USERMAXLN);
+      }else if(strstr(name[0], "password")!=NULL){
+	strncpy(password, value[0], PASSMAXLN);
+      }else if(strstr(name[0],"remote_addr")!=NULL){
+	strncpy(encodeAddr4,value[0],ADDRMAXLN);
+      }else if(strstr(name[0], "language")!=NULL){
+	strncpy(language, value[0], WORDMAXLN);
+      }else if(strstr(name[0], "duration")!=NULL){
+	strncpy(durationStr, value[0], WORDMAXLN);
+      }else if(strstr(name[0], "redirected_url")!=NULL){
+	strncpy(redirectedUrl, value[0], BUFFMAXLN);
+      }
+      ptr=next[0];
+    }
   }
 
-  contentLen++; /* for terminate ch */
-  if(contentLen > BUFFMAXLN) contentLen=BUFFMAXLN;
-  if(fgets(content, contentLen, stdin) == NULL){
-    content[0]='\0';
+  /* get paremeters from query string (not post but in url) */
+  if(getenv("QUERY_STRING")!=NULL
+     &&(queryStrLen=strlen(getenv("QUERY_STRING")))!=0){
+
+    /* get html access parameter string */
+    strncpy(queryStr, getenv("QUERY_STRING"), BUFFMAXLN);
+
+    /* split language and address in content
+       [addr=0-0-0&lang=ja&redirectedurl=xxxx] */
+    ptr=queryStr;
+    while(ptr!=NULL){
+      split(ptr, name, value, next);
+      if(strstr(name[0], "addr")!=NULL){
+	strncpy(encodeAddr4,value[0],ADDRMAXLN);
+      }else if(strstr(name[0], "lang")!=NULL){
+	strncpy(language, value[0], WORDMAXLN);
+      }else if(strstr(name[0], "redirectedurl")!=NULL){
+	strncpy(redirectedUrl, value[0], BUFFMAXLN);
+      }
+      ptr=next[0];
+    }
   }
 
-  /* get items from string */
-  userid[0]='\0';
-  password[0]='\0';
-  encodeAddr4[0]='\0';
-  language[0]='\0';
-  durationStr[0]='\0';
-
-  ptr=content;
-
-  while(ptr!=NULL){
-    split(ptr, name, value, next);
-
-    if(strstr(name[0], "userid")!=NULL){
-      strncpy(userid, value[0], USERMAXLN);
-    }else if(strstr(name[0], "password")!=NULL){
-      strncpy(password, value[0], PASSMAXLN);
-    }else if(strstr(name[0],"remote_addr")!=NULL){
-      strncpy(encodeAddr4,value[0],ADDRMAXLN);
-    }else if(strstr(name[0], "language")!=NULL){
-      strncpy(language, value[0], WORDMAXLN);
-    }else if(strstr(name[0], "duration")!=NULL){
-      strncpy(durationStr, value[0], WORDMAXLN);
-    }
-    ptr=next[0];
+  /* no content and no query string */
+  if(contentLen==0 && queryStrLen==0){
+    err_msg("ERR at %s#%d: no parameter is aquired",__FILE__,__LINE__);
+    return FALSE;
   }
 
   /* decode the HTTP encoding */
@@ -113,6 +137,7 @@ int getPostData(char *userid, char *password, char *clientAddr4, int *durationPt
   decode(encodeAddr4);
   decode(language);
   decode(durationStr);
+  decode(redirectedUrl);
 
  /* if not available language, use first lang */
   strncpy(langList, GetConfValue("HtmlLangs"), BUFFMAXLN);  /* list of available languages */
@@ -153,19 +178,90 @@ int getPostData(char *userid, char *password, char *clientAddr4, int *durationPt
      && strncmp(accessAddr, clientAddr4, ADDRMAXLN)!=0){  /* and not same */
     strncpy(clientAddr4, accessAddr, ADDRMAXLN);
   }
+
+  /* if no userid, set useid="?" */
+  if(isNull(userid)){
+    userid[0]='?';
+    userid[1]='\0';
+  }
+
   return TRUE;
 }
 
 
+/********************************************/
+/* get data related to cookie from client  */
+/********************************************/
+int getCookieData(char *userid, char *clientAddr4, int *duration, int *durationEntered, char *language)
+{
+  char cookie[SIDMAXLN]=""; /* md5 session key from cookie */
+  char useridInCookie[USERMAXLN]=""; /* userid from cookie */
+  char macAddr[ADDRMAXLN]=""; /* mac address from arp */
+  char macAddrInDb[ADDRMAXLN]=""; /* mac address in DB */
+
+  /* get cookie values */
+  if(!GetAuthCookie(cookie,useridInCookie)) return FALSE; 
+
+  /* get related info from DB */ 
+  if(!GetSessionInfoFromDb(cookie, userid, clientAddr4, macAddrInDb, 
+			   duration, durationEntered, language)) return FALSE;
+    
+  /* if userid is changed, cookie auth is failed */
+  if(strcmp(useridInCookie, userid)!=0) return FALSE;
+
+  /* if mac addr is changed, cookie auth is failed */
+  GetMacAddrFromArp(clientAddr4, macAddr);
+  if(strcmp(macAddr, macAddrInDb)!=0) return FALSE;
+
+  return TRUE;
+}
+
+/*********************************************/
+/* get HTTP-Cookie for OpengateAuth          */
+/*********************************************/
+int getAuthCookie(char *cookie, char *userid){
+  char content[BUFFMAXLN];
+  char *name[1];
+  char *value[1];
+  char *next[1];
+  char *ptr;
+
+  /* reset buffer */
+  cookie[0]='\0';
+  userid[0]='\0';
+
+ /* if exist cookie, copy it to work area */
+  if(isNull(getenv("HTTP_COOKIE"))) return FALSE;
+  strncpy(content, getenv("HTTP_COOKIE"), BUFFMAXLN);
+  ptr=content;
+
+
+  /* get valuses of cookie */
+  while(ptr!=NULL){
+    split(ptr, name, value, next);
+
+    if(strstr(name[0], "OpengateAuth")!=NULL){
+      strncpy(cookie, value[0], SIDMAXLN);
+    }else if(strstr(name[0], "Userid")!=NULL){
+      strncpy(userid, value[0], USERMAXLN);
+    }
+    ptr=next[0];
+  }
+  
+  if(isNull(cookie)) return FALSE;
+  else return TRUE;
+}
+
 /*********************************************/
 /* deny message to the client            */
 /*********************************************/
-void putClientDeny(char *clientAddr4)
+void putClientDeny(char *clientAddr4, char *language)
 {
-  char denydoc[BUFFMAXLN];
-  char authCgiUrl[BUFFMAXLN];
-  char encodeAddr[ADDRMAXLN];
-  char opengateDir[BUFFMAXLN];
+  char denydoc[BUFFMAXLN]="";
+  char authCgiUrl[BUFFMAXLN]="";
+  char encodeAddr[ADDRMAXLN]="";
+  char opengateDir[BUFFMAXLN]="";
+  char protocol[WORDMAXLN]="";
 
   /* keyword pairs */
   /*  the left key is replaced by the right value */
@@ -174,6 +270,8 @@ void putClientDeny(char *clientAddr4)
       {"%%OPENGATEDIR%%", opengateDir},
       {"%%AUTHCGIURL%%", authCgiUrl},
       {"%%ADDR4%%", encodeAddr},
+      {"%%LANGUAGE%%", language},
+      {"%%PROTOCOL%%", protocol},
       {"",""}  /* DON'T REMOVE THIS LINE */
     };
  
@@ -192,17 +290,19 @@ void putClientDeny(char *clientAddr4)
     encodeAddr[0]='\0';
   }
 
-  /* make path to the denydoc for ssl or non-ssl */
+  /* protocol is ssl or non-ssl */
   if(strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0){
-    snprintf(denydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
-	    GetConfValue("OpengateDir"),language,GetConfValue("DenyDocSsl"));
+    strncpy(protocol, "https",WORDMAXLN);
   }else{
-    snprintf(denydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
-	    GetConfValue("OpengateDir"),language,GetConfValue("DenyDoc"));
+    strncpy(protocol, "http",WORDMAXLN);
   }
 
+  /* document path to deny doc */
+  snprintf(denydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+	    GetConfValue("OpengateDir"),language,GetConfValue("DenyDoc"));
+
   /* replace keyword and send out the file */
-  printf("Content-type: text/html\r\n\r\n\r\n");
+  printf("Content-type: text/html\r\n\r\n");
   HtmlTemplate(denydoc, keys);
 
   return;
@@ -210,7 +310,7 @@ void putClientDeny(char *clientAddr4)
 /*********************************************/
 /* deny message to the client            */
 /*********************************************/
-void putClientRetry(char *lang)
+void putClientRetry(char *language)
 {
   char retrydoc[BUFFMAXLN];
   char externalUrl[BUFFMAXLN];
@@ -224,6 +324,7 @@ void putClientRetry(char *lang)
       {"%%OPENGATEDIR%%", opengateDir},
       {"%%EXTERNALURL%%", externalUrl},
       {"%%AUTHCGIURL%%", authCgiUrl},
+      {"%%LANGUAGE%%", language},
       {"",""}  /* DON'T REMOVE THIS LINE */
     };
 
@@ -242,7 +343,7 @@ void putClientRetry(char *lang)
 
   /* make read in path to the retry document */
   snprintf(retrydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
-	  opengateDir,lang,GetConfValue("RetryDoc"));
+	  opengateDir,language,GetConfValue("RetryDoc"));
 
   /* replace keyword and send out the file */
   printf("Content-type: text/html\r\n\r\n\r\n");
@@ -256,7 +357,7 @@ void putClientRetry(char *lang)
 /*********************************************/
 void putClientMsg(char *message)
 {
-  printf("Content-type: text/html\r\n\r\n\r\n");
+  printf("Content-type: text/html\r\n\r\n");
   printf("<HTML><HEAD><TITLE>OpengateMsg</TITLE></HEAD> \r\n");
   printf("<BODY>         \r\n");
   printf("%s\r\n",     message);
@@ -264,25 +365,26 @@ void putClientMsg(char *message)
 
 }
 
+
 /*********************************************/
-/* put accept message and java to the client */
+/* put accept message and javascript to the client */
 /*********************************************/
-void putClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered)
+void putClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered, char *language, char *cookie, int cookieAuth, char *redirectedUrl)
 {
+
   FILE *fp;
   char buff[BUFFMAXLN];
-  char acceptdoc[BUFFMAXLN];
-  char acceptdoc2url[BUFFMAXLN];
-  char terminateurl[BUFFMAXLN];
+  char acceptDocPath[BUFFMAXLN];
+  char acceptDoc2Url[BUFFMAXLN];
+  char terminateUrl[BUFFMAXLN];
   char httpkeepUrl[BUFFMAXLN];
   char portStr[WORDMAXLN];
   char durationStr[WORDMAXLN];
-  char *acceptDoc;
-
-  char *startPageUrl=GetConfValue("StartPage/Url");
-  int startPageType=atoi(GetConfValue("StartPage/Type"));
+  char *pAcceptDoc;
   char *opengateDir=GetConfValue("OpengateDir");
   char *opengateServerName=GetConfValue("OpengateServerName");
+  char *startPageUrl="";
+  int startPageType=atoi(GetConfValue("StartPage/Type"));
 
   /* select proper accept doc */
   switch(toupper(*GetConfValue("WatchMode"))){
@@ -291,45 +393,32 @@ void putClientAccept(char *userid, char *sessionId, int port, int pid, char *cli
   case 'H':
   default:
     if(isHttpWatchEnableClient()){
-      acceptDoc=GetConfValue("AcceptDocHttp");
-    }else if(isJavaWatchEnableClient()){
-      acceptDoc=GetConfValue("AcceptDocJava");
+      pAcceptDoc=GetConfValue("AcceptDocHttp");
     }else{
-      acceptDoc=GetConfValue("AcceptDocTime");
-    }
-    break;
-
-    /* JAVA watch mode */
-  case 'J':
-    if(isJavaWatchEnableClient()){
-      acceptDoc=GetConfValue("AcceptDocJava");
-    }else if(isHttpWatchEnableClient()){
-      acceptDoc=GetConfValue("AcceptDocHttp");
-    }else{
-      acceptDoc=GetConfValue("AcceptDocTime");
+      pAcceptDoc=GetConfValue("AcceptDocTime");
     }
     break;
 
     /* TIMEOUT watch mode */
   case 'T':
-    acceptDoc=GetConfValue("AcceptDocTime");
+    pAcceptDoc=GetConfValue("AcceptDocTime");
     break;
   }
 
   /* if positive value is set in duration, TIME watch mode is selected */
-  if(durationEntered) acceptDoc=GetConfValue("AcceptDocTime");
+  if(durationEntered) pAcceptDoc=GetConfValue("AcceptDocTime");
 
   /* create path to acceptdoc */
-  snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
-	 GetConfValue("OpengateDir"),language,acceptDoc);
+  snprintf(acceptDocPath, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+	 GetConfValue("OpengateDir"),language,pAcceptDoc);
 
 
-  snprintf(acceptdoc2url, BUFFMAXLN, 
+  snprintf(acceptDoc2Url, BUFFMAXLN, 
 	  "http://%s%s/%s/%s",GetConfValue("OpengateServerName"),
 	  GetConfValue("OpengateDir"),language,GetConfValue("AcceptDoc2"));
 
   /* create terminate url [http://<servaddr>:<port>/terminate-<pid>] */
-  snprintf(terminateurl, BUFFMAXLN, "http://%s:%d/terminate-%d", 
+  snprintf(terminateUrl, BUFFMAXLN, "http://%s:%d/terminate-%d", 
 	  GetConfValue("OpengateServerName"), port, getpid());
 
   /* create httpkeep page url
@@ -345,19 +434,29 @@ void putClientAccept(char *userid, char *sessionId, int port, int pid, char *cli
   snprintf(durationStr, WORDMAXLN, "%d", duration/60);
 
   /* open acceptdoc */
-  if((fp=fopen(acceptdoc, "r"))==NULL){
-    err_msg("ERR at %s#%d: cannot open %s",__FILE__,__LINE__,acceptdoc);
+  if((fp=fopen(acceptDocPath, "r"))==NULL){
+    err_msg("ERR at %s#%d: cannot open %s",__FILE__,__LINE__,acceptDocPath);
     PutClientMsg("Cannot find html document");
     return;
   }
 
+  /* create start page url to put information */
+  if(cookieAuth==1) startPageUrl=redirectedUrl;
+  else if(startPageType==0) startPageUrl=acceptDoc2Url;
+  else if(startPageType==1) startPageUrl=GetConfValue("StartPage/Url");
+  else if(startPageType==2) startPageUrl=redirectedUrl;
+  else startPageUrl=acceptDoc2Url;
+
+  /* write out html headers */
+  printf("Content-type: text/html\r\n");
+  printf("Set-Cookie: OpengateAuth=%s&Userid=%s;\r\n\r\n", cookie, userid);
+
   /* read html document from file and send to web */
-  printf("Content-type: text/html\r\n\r\n\r\n");
   while(fgets(buff, BUFFMAXLN, fp)!=NULL){
 
     /* length check */
     if(strlen(buff)>=BUFFMAXLN-1){
-      err_msg("ERR at %s#%d: too long line in %s",__FILE__,__LINE__,acceptdoc);
+      err_msg("ERR at %s#%d: too long line in %s",__FILE__,__LINE__,acceptDocPath);
     }
 
     /* replace mark */
@@ -368,20 +467,14 @@ void putClientAccept(char *userid, char *sessionId, int port, int pid, char *cli
     htmlReplace(buff, "%%USERID%%", userid);
     htmlReplace(buff, "%%SESSIONID%%", sessionId);
     htmlReplace(buff, "%%LANGUAGE%%", language);
-    
-    htmlReplace(buff, "%%TERMINATEURL%%", terminateurl);
+    htmlReplace(buff, "%%TERMINATEURL%%", terminateUrl);
     htmlReplace(buff, "%%HTTPKEEPURL%%", httpkeepUrl);
-    
-    /* replace information url mark */
-    if( startPageType==1 ){
-      htmlReplace(buff, "%%STARTURL%%", startPageUrl);
-    }else{
-      htmlReplace(buff, "%%STARTURL%%", acceptdoc2url);
-    }
-    
+    htmlReplace(buff, "%%STARTURL%%", startPageUrl);
+
     /* write out */
     printf("%s",buff);
   }
+
   /* write end */
   fputs("\r\n\r\n",stdout);
   fclose(fp);
@@ -404,18 +497,6 @@ int isHttpWatchEnableClient(void)
   return TRUE;
 }
 
-/********************************************/
-/* is the client enable to load Java Applet */
-/********************************************/
-int isJavaWatchEnableClient(void)
-{
-  /* some user agent does not support Java Applet */
-  if(RegExMatch(getenv("HTTP_USER_AGENT"),
-		 GetConfValue("JavaWatch/SkipAgentPattern"))) return FALSE;
-
-  return TRUE;
-}
-
 /************************************/
 /* split value for indicated name   */
 /* in content  "name=value&..."     */
@@ -502,27 +583,27 @@ void GetClientAddr(char *clientAddr)
 }
 
 
-int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered)
+int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered, char *language, char *redirectedUrl)
 {
   int ret;
 
   if(debug>1) err_msg("DEBUG:=>getPostData( )");
-  ret=getPostData(userid,password,clientAddr4,durationPtr,durationEntered);
-  if(debug>1) err_msg("DEBUG:%d<=getPostData(%s,passwd,%s,%d,%d)",ret,userid,clientAddr4,*durationPtr,durationEntered);
+  ret=getPostData(userid,password,clientAddr4,durationPtr,durationEntered,language,redirectedUrl);
+  if(debug>1) err_msg("DEBUG:%d<=getPostData(%s,%s,%d,%d,%s)",ret,userid,clientAddr4,*durationPtr,durationEntered,language,redirectedUrl);
   return ret;
 }
 
-void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered)
+void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered, char *language, char *cookie, int cookieAuth, char *redirectedUrl)
 {
-  if(debug>1) err_msg("DEBUG:=>putClientAccept(%s,%s,%d,%d,%s,%s,%d,%d,%d)",userid,sessionId,port,pid,clientAddr4,clientAddr6,ipStatus, duration, durationEntered);
-  putClientAccept(userid,sessionId,port,pid,clientAddr4,clientAddr6,ipStatus,duration, durationEntered);
+  if(debug>1) err_msg("DEBUG:=>putClientAccept(%s,%s,%d,%d,%s,%s,%d,%d,%d,%s,%s,%d,%s)",userid,sessionId,port,pid,clientAddr4,clientAddr6,ipStatus, duration, durationEntered, language, cookie, cookieAuth, redirectedUrl);
+  putClientAccept(userid,sessionId,port,pid,clientAddr4,clientAddr6,ipStatus,duration, durationEntered, language, cookie, cookieAuth,redirectedUrl);
   if(debug>1) err_msg("DEBUG:<=putClientAccept( )");
 }
 
-void PutClientDeny(char *clientAddr4)
+void PutClientDeny(char *clientAddr4, char *language)
 {
-  if(debug>1) err_msg("DEBUG:=>putClientDeny(&s)",clientAddr4);
-  putClientDeny(clientAddr4);
+  if(debug>1) err_msg("DEBUG:=>putClientDeny(%s,%s)",clientAddr4,language);
+  putClientDeny(clientAddr4,language);
   if(debug>1) err_msg("DEBUG:<=putClientDeny( )");
 }
 
@@ -548,3 +629,22 @@ int CheckReferer(void)
   if(debug>1) err_msg("DEBUG:(%d)<=checkReferer( )",ret);
   return ret;
 }
+
+int GetAuthCookie(char *cookie, char *userid){
+  int ret;
+
+  if(debug>1) err_msg("DEBUG:=>getAuthCookie( )");
+  ret=getAuthCookie(cookie, userid);
+  if(debug>1) err_msg("DEBUG:%d<=getAuthCookie(%s,%s)",
+		      ret,cookie,userid);
+  return ret;
+}
+
+int GetCookieData(char *userid, char *clientAddr4, int *duration, int *durationEntered, char *language){
+  int ret;
+
+  if(debug>1) err_msg("DEBUG:=>getCookieData( )");
+  ret=getCookieData(userid,clientAddr4,duration,durationEntered,language);
+  if(debug>1) err_msg("DEBUG:%d<=getCookieData(%s,passwd,%s,%d,%d,%s)",ret,userid,clientAddr4,*duration,*durationEntered,language);
+  return ret;
+}
diff --git a/opengate/opengatesrv/comm-ip6fw.c b/opengate/opengatesrv/comm-ip6fw.c
index bdc0015..82ae7e7 100644
--- a/opengate/opengatesrv/comm-ip6fw.c
+++ b/opengate/opengatesrv/comm-ip6fw.c
@@ -1,6 +1,6 @@
 /**************************************************
 opengate server
- module for Controling ip6fw 
+ module for Controling ipfw for IPv6 address 
 
 Copyright (C) 2005 Opengate Project Team
 Written by Katsuhiko Eguchi, 2005 
@@ -24,7 +24,7 @@ Email: watanaby@is.saga-u.ac.jp
 
 #include "opengatesrv.h"
 
-char ruleNumber6[WORDMAXLN];  /* ip6fw rule number in string form */
+char ruleNumber6[WORDMAXLN];  /* ipfw rule number in string form */
 
 int getRuleNumber6(char *clientAddr6);
 int GetRuleNumber6(char *clientAddr6);
@@ -42,7 +42,7 @@ int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userP
 
   Sigfunc *defaultSigFunc;
 
-  /* exclusive exec of ip6fw to avoid overlapped rule number */
+  /* exclusive exec of ipfw to avoid overlapped rule number */
 
   /**** prepare ****/
   /* open lockfile */
@@ -75,13 +75,14 @@ int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userP
   }
 
   /**** write rules ****/
-  if(atoi(GetConfValue("Ip6fwScript/Enable"))){
+  if(atoi(GetConfValue("IpfwScript/Enable"))){
     /********** use perl script to control firewall ************/
 
-    if(Systeml(1, GetConfValue("Ip6fwScript/Path"),GetConfValue("Ip6fwPath"),
+    if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"),
 	       ruleNumber6,clientAddr6,
-	       userid,macAddr6,userProperty,(char *)0) != 0){
-      err_msg("ERR at %s#%d: exec ip6fw script error",__FILE__,__LINE__);
+	       userid,macAddr6,userProperty,
+	       GetConfValue("IpfwTagNumber"),(char *)0) != 0){
+      err_msg("ERR at %s#%d: exec ipfw script error",__FILE__,__LINE__);
       ret=1; /* abmormal */
     }
 
@@ -91,10 +92,11 @@ int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userP
 
   }else{
     /********** direct control of firewall **********************/
-    /********** add outgoing ip6fw rule for the client *************/
-    if(Systeml(1, GetConfValue("Ip6fwPath"),"-q","add",ruleNumber6,"allow","all",
-	       "from",clientAddr6,"to","any",(char *)0) != 0){
-	      err_msg("ERR at %s#%d: exec ip6fw add error",__FILE__,__LINE__);
+    /********** add outgoing ipfw rule for the client *************/
+    if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6,
+	       "count","tag",GetConfValue("IpfwTagNumber"),
+	       "ip","from",clientAddr6,"to","any",(char *)0) != 0){
+	      err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
 	      ret=1;
     }
     
@@ -102,10 +104,11 @@ int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userP
     Unlock(fd);
     Close(fd);    /* because reserved number is used */
 
-    /********** add incoming ip6fw rule for the client *************/
-    if(Systeml(1, GetConfValue("Ip6fwPath"),"-q","add",ruleNumber6,"allow","all",
-	       "from","any","to",clientAddr6,(char *)0) != 0){
-	      err_msg("ERR at %s#%d: exec ip6fw add error",__FILE__,__LINE__);
+    /********** add incoming ipfw rule for the client *************/
+    if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6,
+	       "count","tag",GetConfValue("IpfwTagNumber"),
+	       "ip","from","any","to",clientAddr6,(char *)0) != 0){
+	      err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
 	      ret=1; /* abnormal */
     }
   }
@@ -122,7 +125,7 @@ void closeClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAdd
   int hour, min, sec;
   time_t timeOut;
   
-  /********** del ip6fw rule for the client *************/
+  /********** del ipfw rule for the client *************/
   DelIp6fwRule(pClientAddr->ruleNumber);
   
   timeOut = time(NULL);
@@ -138,29 +141,23 @@ void closeClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAdd
 
 
 /***********************************************/
-/* delete ip6fw rule                            */
+/* delete ipfw rule                            */
 /***********************************************/
 void delIp6fwRule(char *ruleNumber)
 {
   int ruleCount;
-  int i;
 
   /* get rule count */
   ruleCount = CountRuleNumber6(ruleNumber);
 
   /* delete rule */
-  /* [ip6fw del num] deletes one rule registered in the rule number */
-  for(i=0;i<ruleCount;i++){
-    if(Systeml(1, GetConfValue("Ip6fwPath"),"delete",ruleNumber,(char *)0) != 0){
-      /* ip6fw deletes one rule but ipfw deletes all rules for the number */
-      /* thus this error occurs at ipfw del. it is normal. */
-      /* err_msg("ERR at %s#%d: exec ip6fw del error",__FILE__,__LINE__);*/
-    }
+  if(Systeml(1, GetConfValue("IpfwPath"),"delete",ruleNumber,(char *)0) != 0){
+    err_msg("ERR at %s#%d: exec ipfw del error",__FILE__,__LINE__);
   }
 }
   
 /**************************************/
-/* get unused ip6fw rule number        */
+/* get unused ipfw rule number        */
 /* error if addr is already in rules */ 
 /* return value ret>0: acquired rule number that can be used */
 /*              ret=-1: no rule number available */
@@ -180,8 +177,8 @@ int getRuleNumber6(char *clientAddr6)
   int fileStatus;
   enum status {NORMAL, ABNORMAL, FOUND, NOTFOUND, DUPLICATED};
 
-  if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"list",(char *)0)) == NULL){ 
-      err_msg("ERR at %s#%d: exec ip6fw list error",__FILE__,__LINE__);
+  if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",(char *)0)) == NULL){ 
+      err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);
   }
   
   /* search unused rule number in the list read from pipe */
@@ -193,9 +190,9 @@ int getRuleNumber6(char *clientAddr6)
   fileStatus=NORMAL;
 
   /* get rule range from config */
-  ip6fwmin=atoi(GetConfValue("Ip6fwRule/Min"));
-  ip6fwmax=atoi(GetConfValue("Ip6fwRule/Max"));
-  ip6fwinterval=atoi(GetConfValue("Ip6fwRule/Interval"));
+  ip6fwmin=atoi(GetConfValue("IpfwRule/Min"));
+  ip6fwmax=atoi(GetConfValue("IpfwRule/Max"));
+  ip6fwinterval=atoi(GetConfValue("IpfwRule/Interval"));
 
   /* each port is checked whether it can be used for new rule or not */
   for(num=ip6fwmin;num<=ip6fwmax;num+=ip6fwinterval){
@@ -208,7 +205,7 @@ int getRuleNumber6(char *clientAddr6)
 	break;
       }
       if( sscanf(buf, "%d", &readinNum) !=1 ){
-	err_msg("ERR at %s#%d: abnormal ip6fw response[ %s ]",
+	err_msg("ERR at %s#%d: abnormal ipfw response[ %s ]",
 		__FILE__,__LINE__,buf);
 	fileStatus=ABNORMAL; /* abnormal responsem exit internal loop */
 	break;
@@ -259,11 +256,11 @@ int getRuleNumber6(char *clientAddr6)
   Pclose(fpipe);
 
   if(fileStatus==ABNORMAL){
-    err_msg("ERR at %s#%d: abnormal ip6fw response ",__FILE__,__LINE__);
+    err_msg("ERR at %s#%d: abnormal ipfw response ",__FILE__,__LINE__);
     return -2;
   }
   if(portStatus==NOTFOUND){
-    err_msg("ERR at %s#%d: cannot get unused ip6fw number",__FILE__,__LINE__);
+    err_msg("ERR at %s#%d: cannot get unused ipfw number",__FILE__,__LINE__);
     return -1;
   }
   if(portStatus==DUPLICATED){
@@ -276,7 +273,7 @@ int getRuleNumber6(char *clientAddr6)
 }
 
 /*******************************/
-/* get packet count from ip6fw  */
+/* get packet count from ipfw  */
 /*******************************/
 int getPacketCount6(char *ruleNumber)
 {
@@ -286,8 +283,8 @@ int getPacketCount6(char *ruleNumber)
   int packets,packetsSum;
 
   /* exec proc */
-  if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){ 
-    err_msg("ERR at %s#%d: exec ip6fw -a list error",__FILE__,__LINE__);
+  if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){ 
+    err_msg("ERR at %s#%d: exec ipfw -a list error",__FILE__,__LINE__);
     return 0; /* abnormal */
   }
   
@@ -315,8 +312,8 @@ int countRuleNumber6(char *ruleNumber)
   int ruleCount;
 
   /* exec proc */
-  if((fpipe=Popenl(1, "r", GetConfValue("Ip6fwPath"),"list",ruleNumber,(char *)0)) == NULL){ 
-    err_msg("ERR at %s#%d: exec ip6fw list error",__FILE__,__LINE__);
+  if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",ruleNumber,(char *)0)) == NULL){ 
+    err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);
   }
   
   /* count line read from pipe */
diff --git a/opengate/opengatesrv/comm-ipfw.c b/opengate/opengatesrv/comm-ipfw.c
index 261bdbf..b8c1484 100644
--- a/opengate/opengatesrv/comm-ipfw.c
+++ b/opengate/opengatesrv/comm-ipfw.c
@@ -82,7 +82,8 @@ int openClientGate4(char *clientAddr4, char *userid, char *macAddr4, char *userP
 
     if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"),
 	       ruleNumber4,clientAddr4,
-	       userid,macAddr4,userProperty,(char *)0) != 0){
+	       userid,macAddr4,userProperty,
+	       GetConfValue("IpfwTagNumber"),(char *)0) != 0){
       err_msg("ERR at %s#%d: exec script error",__FILE__,__LINE__);
       ret=1;  /* abnormal */
     }
@@ -94,8 +95,9 @@ int openClientGate4(char *clientAddr4, char *userid, char *macAddr4, char *userP
   }else{
     /********** direct control of firewall **********************/
     /********** add outgoing ipfw rule for the client *************/
-    if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,"allow","ip",
-	       "from",clientAddr4,"to","any",(char *)0) != 0){
+    if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,
+	       "count","tag",GetConfValue("IpfwTagNumber"),
+	       "ip","from",clientAddr4,"to","any",(char *)0) != 0){
       err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
       ret=1;  /* abnormal */
     }
@@ -104,8 +106,9 @@ int openClientGate4(char *clientAddr4, char *userid, char *macAddr4, char *userP
     Unlock(fd);
     Close(fd);    /* because reserved number is used */
     
-    if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,"allow","ip",
-	       "from","any","to",clientAddr4,(char *)0) != 0){
+    if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber4,
+	       "count","tag",GetConfValue("IpfwTagNumber"),
+	       "ip","from","any","to",clientAddr4,(char *)0) != 0){
       err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
       ret=1; /* abnormal */
     }
diff --git a/opengate/opengatesrv/comm-userdb.c b/opengate/opengatesrv/comm-userdb.c
index 7d0f34c..c962b58 100644
--- a/opengate/opengatesrv/comm-userdb.c
+++ b/opengate/opengatesrv/comm-userdb.c
@@ -1,13 +1,197 @@
 /*************************************************
   opengate server
-   module for Controling user DB 
+   module for Controlling user DB 
 
-   *** Edit this file to set user property ***
 **************************************************/
 #include "opengatesrv.h"
+#include <sqlite3.h>
+
+
+/**************************************************************/
+/* write session info to session control database at start    */ 
+/**************************************************************/
+int putSessionBeginToDb(char* cookie, char* userid, 
+			char* clientAddr4, char* clientAddr6, 
+			char* macAddr4, 
+			char* ruleNumber4, char* ruleNumber6,
+			int duration, int durationEntered,
+			int cookieAuth, char *language){
+
+  int rc;
+  sqlite3 *db;
+  char *pErrMsg;
+  /* SQL CREATE COMMAND */
+  char *createCmd="CREATE TABLE session (cookie TEXT PRIMARY KEY,\
+ userid TEXT, pid INTEGER, openTime TEXT, closeTime TEXT,\
+ clientAddr4 TEXT, clientAddr6 TEXT, macAddr TEXT,\
+ ruleNumber4 INTEGER, ruleNumber6 INTEGER,duration INTEGER,\
+ durationEntered INTEGER, cookieAuth INTEGER, language TEXT, watchMode TEXT)";
+
+  /* SQL INSERT COMMAND, where %x is replaced in snprintf */
+  char *insertFormat="INSERT INTO session\
+ (cookie, userid, pid, openTime, closeTime,\
+ clientAddr4, clientAddr6, macAddr, ruleNumber4, ruleNumber6,\
+ duration, durationEntered, cookieAuth, language, watchMode)\
+ values ('%s','%s',%d,\
+ datetime(%d,'unixepoch','localtime'),\
+ '-','%s','%s','%s', '%s', '%s', %d, %d, %d, '%s', '-')";
+  char *insertCmd;
+  int resultFlag=TRUE;
+  
+  /* Open sqlite */
+  if(sqlite3_open(GetConfValue("SqliteDb"),&db)!=SQLITE_OK){
+    err_msg("ERR at %s#%d: sqlite3_open",__FILE__,__LINE__);
+    sqlite3_close(db);
+    return FALSE;
+  }
+  
+  /* Prepare insert command */
+  insertCmd=sqlite3_mprintf(insertFormat,cookie,userid, 
+			    getpid(),time(NULL),clientAddr4,clientAddr6, 
+			    macAddr4,ruleNumber4,ruleNumber6,
+			    duration,durationEntered,cookieAuth,language);
+
+  /* Execute insert to sqlite */
+  if((rc=sqlite3_exec(db, insertCmd, NULL, NULL, &pErrMsg))!=SQLITE_OK){
+	
+    /* If the error is 'no such table' It might be initial state */
+    if(rc==SQLITE_ERROR && strstr(pErrMsg, "no such table:")!=NULL){
+
+      /* retry from create */
+      if(sqlite3_exec(db, createCmd, NULL, NULL, &pErrMsg)!=SQLITE_OK){
+	resultFlag=FALSE;
+	err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg);
+      }
+      if(sqlite3_exec(db, insertCmd, NULL, NULL, &pErrMsg)!=SQLITE_OK){
+	resultFlag=FALSE;
+	err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg);
+      }
+    }
+
+    /* If the error is 'table session has no column named xxx' */
+    /* It might be adding column in varsion up */
+    else if(rc==SQLITE_ERROR && strstr(pErrMsg, "has no column named")!=NULL){
+      err_msg("ERR at %s#%d: DB format is changed in version up, remove '%s' and retry",__FILE__,__LINE__,GetConfValue("SqliteDb"));
+      resultFlag=FALSE;
+    }
+
+    /* Other errors */
+    else{
+      resultFlag=FALSE;
+      err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg);
+    }
+  }
+
+  /*Memory free for sqlite3 string */
+  sqlite3_free(insertCmd);
+
+  /* Sqlite close */
+  sqlite3_close(db);
+
+  return resultFlag;
+}
+
+/**************************************************************/
+/* write session info to session control database at stop     */ 
+/**************************************************************/
+int putSessionEndToDb(char* cookie, char* watchMode){
+
+  sqlite3 *db;
+  char *pErrMsg;
+
+  /* SQL UPDATE COMMAND, where %x is replaced in mprintf */
+  char *updateFormat="UPDATE session SET closeTime=\
+ datetime(%d,'unixepoch','localtime'), watchMode='%s' WHERE cookie='%s'";
+  char *updateCmd;
+  int resultFlag=TRUE;
+
+  /* open sqlite */
+  if(sqlite3_open(GetConfValue("SqliteDb"),&db)!=SQLITE_OK){
+    err_msg("ERR at %s#%d: sqlite3_open",__FILE__,__LINE__);
+    sqlite3_close(db);
+    return FALSE;
+  }
+  
+  /* prepare command */
+  updateCmd=sqlite3_mprintf(updateFormat, time(NULL), watchMode, cookie);
+
+  /* execute replace to sqlite */
+  if(sqlite3_exec(db, updateCmd, NULL, NULL, &pErrMsg)!=SQLITE_OK){
+    resultFlag=FALSE;
+    err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg);
+  }
+
+  /*memory free for sqlite3 string */
+  sqlite3_free(updateCmd);
+  
+  /* sqlite close */
+  sqlite3_close(db);
+
+  return resultFlag;
+}
+
+/*************************************************/
+/* read userid and others from session database  */ 
+/*************************************************/
+int getSessionInfoFromDb(char* cookie, char* userid, 
+			  char* clientAddr4, char *macAddr, 
+			 int *duration, int *durationEntered, char *language){
+
+  sqlite3 *db;
+  sqlite3_stmt *stmt;
+ 
+  /* SQL UPDATE COMMAND, where %x is replaced in snprintf */
+  char *selectFormat="SELECT userid, clientAddr4, macAddr,\
+ duration, durationEntered,language FROM session WHERE cookie='%s'";
+  char *selectCmd;
+  int resultFlag=TRUE;
+
+  /* open sqlite */
+  if(sqlite3_open(GetConfValue("SqliteDb"),&db)!=SQLITE_OK){
+    err_msg("ERR at %s#%d: sqlite3_open",__FILE__,__LINE__);
+    sqlite3_close(db);
+    return FALSE;
+  }
+
+  /* prepare command string */
+  selectCmd=sqlite3_mprintf(selectFormat, cookie);
+  
+  /* compile to internal statement */
+  if(sqlite3_prepare(db, selectCmd, BUFFMAXLN, &stmt, NULL)!=SQLITE_OK){
+    resultFlag=FALSE;
+    err_msg("ERR at %s#%d: sqlite3_prepare:%s",__FILE__,__LINE__,
+	    sqlite3_errmsg(db));
+
+    /* finalize */
+    sqlite3_free(selectCmd);
+    sqlite3_finalize(stmt);
+    sqlite3_close(db);
+    return FALSE;
+  }
+
+  /* get first match item */
+  if(sqlite3_step(stmt)==SQLITE_ROW){
+    strncpy(userid, (char*)sqlite3_column_text(stmt, 0), USERMAXLN);
+    strncpy(clientAddr4, (char*)sqlite3_column_text(stmt, 1), USERMAXLN);
+    strncpy(macAddr, (char*)sqlite3_column_text(stmt, 2), USERMAXLN);
+    *duration=(int)sqlite3_column_int(stmt, 3);
+    *durationEntered=(int)sqlite3_column_int(stmt, 4);
+    strncpy(language, (char*)sqlite3_column_text(stmt, 5), WORDMAXLN);
+    resultFlag=TRUE;
+  }else{
+    resultFlag=FALSE;
+  }
+  
+  /* finalize */
+  sqlite3_free(selectCmd);
+  sqlite3_finalize(stmt);
+  sqlite3_close(db);
+  
+  return resultFlag;
+}
 
 /********************************************************/
-/* get user property from user db                       */
+/* get user property from property db (NOT implemented) */
 /********************************************************/
 int getUserProperty(char userid[USERMAXLN], char userProperty[BUFFMAXLN])
 {
@@ -25,18 +209,57 @@ int getUserProperty(char userid[USERMAXLN], char userProperty[BUFFMAXLN])
   /*****************************************************/
 
   /* REPLACE THE FOLLOWING WITH YOUR DATABASE ACCESS ROUTINE */
+  userProperty[0]='\0';    /* The User has No Property */
+  return ACCEPT;           /* The User is Accepted     */
+}
 
 
+/* debug write routine */
+int PutSessionBeginToDb(char* cookie, char* userid, 
+			char* clientAddr4, char* clientAddr6, 
+			char* macAddr4, 
+			char* ruleNumber4, char* ruleNumber6,
+			int duration, int durationEntered, 
+			int cookieAuth, char *language){
+  int ret;
 
-  userProperty[0]='\0';    /* The User has No Property */
-  return ACCEPT;           /* The User is Accepted     */
+  if(debug>1) err_msg("DEBUG:=>putSessionBeginToDb(%s,%s,%s,%s,%s,%s,%s,%d,%d,%d,%s)",
+		      cookie,userid,clientAddr4,clientAddr6,
+		      macAddr4,ruleNumber4,ruleNumber6,
+		      duration,durationEntered,cookieAuth,language);
+  ret=putSessionBeginToDb(cookie,userid,clientAddr4,clientAddr6,
+		      macAddr4,ruleNumber4,ruleNumber6,
+			  duration,durationEntered,cookieAuth,language);
+  if(debug>1) err_msg("DEBUG:(%d)<=putSessionBeginToDb()",ret);
 
+  return ret;
+}
+
+int PutSessionEndToDb(char* cookie, char* watchMode){
+  int ret;
 
+  if(debug>1) err_msg("DEBUG:=>putSessionEndToDb(%s,%s)",cookie, watchMode);
+  ret=putSessionEndToDb(cookie,watchMode);
+  if(debug>1) err_msg("DEBUG:(%d)<=putSessionEndToDb()",ret);
 
+  return ret;
+}
+
+int GetSessionInfoFromDb(char* cookie, char* userid, char* clientAddr4, 
+			 char *macAddr, int *duration, int *durationEntered,
+			 char *language){
+  int ret;
+
+  if(debug>1) err_msg("DEBUG:=>getInfoFromDb(%s)",cookie);
+  ret=getSessionInfoFromDb(cookie,userid,clientAddr4, macAddr,
+			   duration,durationEntered,language);
+  if(debug>1) err_msg("DEBUG:(%d)<=getInfoFromDb(%s,%s,%s,%s,%d,%d,%s)",
+		      ret,cookie,userid,clientAddr4, macAddr, 
+		      *duration,*durationEntered,language);
+  return ret;
 }
 
 
-/* debug write routine */
 int GetUserProperty(char *userid, char *userProperty)
 {
   int ret;
@@ -47,3 +270,4 @@ int GetUserProperty(char *userid, char *userProperty)
 
   return ret;
 }
+
diff --git a/opengate/opengatesrv/get-param.c b/opengate/opengatesrv/get-param.c
index cbc85dd..3949a91 100644
--- a/opengate/opengatesrv/get-param.c
+++ b/opengate/opengatesrv/get-param.c
@@ -28,7 +28,7 @@ Programmed by Yoshiaki WATANABE
 #include "opengatesrv.h"
 #include "../ezxml/ezxml.h"
 
-#define CONFIG_VERSION "1.4.23"
+#define CONFIG_VERSION "1.5.0"
 #define SEPARATOR "/"
 
 int debug=0;
diff --git a/opengate/opengatesrv/main.c b/opengate/opengatesrv/main.c
index 1a9d0fc..5617592 100644
--- a/opengate/opengatesrv/main.c
+++ b/opengate/opengatesrv/main.c
@@ -26,7 +26,7 @@ Email: watanaby@is.saga-u.ac.jp
 
 extern char ruleNumber4[WORDMAXLN];  /* ipfw rule number in string form  */
 extern char ruleNumber6[WORDMAXLN];  /* ip6fw rule number in string form */
-extern char language[WORDMAXLN];
+char language[WORDMAXLN];
 
 char clientAddr4[ADDRMAXLN]="";  /* client addr (nnn.nnn.nnn.nnn) */
 char clientAddr6[ADDRMAXLN]="";  /* client addr (nnnn:nnnn:xxxx::xxxx) 128bit */
@@ -42,10 +42,14 @@ char userProperty[BUFFMAXLN];
 time_t timeIn, timeOut;
 int ipStatus;              /* flag for IPV4ONLY,IPV6ONLY or IPV46DUAL */
 int connectionMode;   /* client connect mode */
+char *mode[3]={"NONE","HTTP","TIME"};
+
 /* variable to measuring processing time (in msec) */
 struct timeval timeBeginCgi, timeBeginWait, timeConnect, timeDisconnect;
 
-char sessionId[BUFFMAXLN];    /* session ID */
+char sessionId[SIDMAXLN]="";    /* session ID */
+char cookie[SIDMAXLN]="";    /* cookie */
+char redirectedUrl[BUFFMAXLN]="";  /* redirected URL (requested URL before fwd) */
 
 void PutCloseMsg(time_t timeOut, time_t timeIn);
 void SetProcessTitle(char *useridshort, char *clientAddr4, char * ruleNumber4, char *clientAddr6, char * ruleNumber6, int ipStatus);
@@ -57,15 +61,16 @@ void closeExit(int signo);
 /***************************************************/
 int  main(int argc, char **argv)
 {
-  char password[PASSMAXLN];
+  char password[PASSMAXLN]="";
   int port;
   int dummyfd[2];
   int pid;
   int parentpid;
-  int duration;     /* requested usage duration */
-  int durationEntered; /* the duration value is entered or not */
+  int duration=0;     /* requested usage duration */
+  int durationEntered=0; /* the duration value is entered or not */
   int authResult=DENY;
   int authNum=1; /* present authserver number to check user */
+  int cookieAuth=FALSE; /* Auth with HTTP-Cookie is enabled */
 
   /* drop root privilege */
   seteuid(getuid());
@@ -86,18 +91,23 @@ int  main(int argc, char **argv)
   /* get default language at the top of lang list */
   sscanf(GetConfValue("HtmlLangs"), "%s", language);
 
- /* check referer */
+  /* check referer */
   if(CheckReferer()==FALSE){
     PutClientRetry(language);
     return 0;
   }
 
-  /* get POST data */
-  if(GetPostData(userid, password, clientAddr4, &duration, &durationEntered)==FALSE){
+  /* get POST data from HTTP request */
+  if(GetPostData(userid, password, clientAddr4, 
+		 &duration, &durationEntered, language, redirectedUrl)==FALSE){
     PutClientRetry(language);
     return 0;
   }
 
+  /* Try to authentication with cookie data */
+  cookieAuth=GetCookieData(userid, clientAddr4,
+			   &duration,&durationEntered,language);
+
   /* split user@server to user and server */
   SplitId(userid, useridshort, extraId);
 
@@ -116,25 +126,27 @@ int  main(int argc, char **argv)
   /* get MAC address from arp and ndp */
   GetMacAddr(clientAddr4, macAddr4, clientAddr6, macAddr6,ipStatus);
 
-
   /* check user by authenticate servers */
-  while(SelectNextAuthServer()){
-
-    /* authenticate the user with authentication servers */
-    authResult=AuthenticateUser(useridshort, password);
-
-    /* if pass, exit the loop */
-    if(authResult==ACCEPT) break;
-
-    /* else continue the loop */
-    err_msg("DENY:(auth%d) user %s from %s at %s", 
-	    authNum, userid, clientAddr4, macAddr4);
-    authNum++;
+  if(cookieAuth) authResult=ACCEPT;
+  else{
+    while(SelectNextAuthServer()){
+
+      /* authenticate the user with authentication servers */
+      authResult=AuthenticateUser(useridshort, password);
+
+      /* if success, exit loop */
+      if(authResult==ACCEPT) break;
+	 
+      /* else put out error message */
+      err_msg("DENY:(auth%d) user %s from %s at %s", 
+	      authNum, userid, clientAddr4, macAddr4);
+      authNum++;
+    }
   }
 
   /* if not authenticate, send deny to the client and exit */
   if(authResult!=ACCEPT){
-    PutClientDeny(clientAddr4);
+    PutClientDeny(clientAddr4, language);
     return 0;
   }
 
@@ -149,8 +161,9 @@ int  main(int argc, char **argv)
     return 0;
   }
 
-  /* create session ID */
+  /* create sessionID(for hello check) and HTTP-Cookie(for auth) */
   CreateSessionId(sessionId);
+  CreateCookie(cookie);
 
   /* set terminate signal handler */
   if(Signal(SIGTERM, closeExit)==SIG_ERR){
@@ -164,7 +177,7 @@ int  main(int argc, char **argv)
   timeIn=time(NULL);
 
   /* set (ruleNumber,userid,clientAddr) in process title */
-  SetProcessTitle(useridshort,clientAddr4,ruleNumber4,clientAddr6,ruleNumber6,ipStatus);
+  SetProcessTitle(userid,clientAddr4,ruleNumber4,clientAddr6,ruleNumber6,ipStatus);
   
   /* get temporary port for server-listen */
   port=GetListenPort();
@@ -185,12 +198,15 @@ int  main(int argc, char **argv)
 
   if(pid!=0){
     /** parent process **/
-    /* send accept page with java */
-    PutClientAccept(userid, sessionId, port, pid, clientAddr4, clientAddr6, ipStatus, duration, durationEntered);
+    /* send accept page with javascript */
+    PutClientAccept(userid, sessionId, port, pid, clientAddr4, clientAddr6, 
+    		    ipStatus, duration, durationEntered, language,
+		    cookie, cookieAuth, redirectedUrl);
 
     /* detach from Web server */
     return 0;
   }
+
   /** child process **/
 
   /* detach from Web server */
@@ -200,28 +216,32 @@ int  main(int argc, char **argv)
 
   Pipe(dummyfd);      /* connect dummy pipe for stdin and out */
 
+  /* write the opening information to database */
+  /* this should be in child process as to save watch-process PID */
+  PutSessionBeginToDb(cookie, userid, clientAddr4, clientAddr6, 
+			macAddr4, ruleNumber4, ruleNumber6,
+		      duration, durationEntered, cookieAuth, language);
+
   /* get time at the client wait start (in msec) */
   gettimeofday(&timeBeginWait, NULL) ;
 
   /* wait connection from the client */
   /* if no connection, close gate when duration is passed */
   /* or ipaddr for the macAddr4 is changed */
-  connectionMode=WaitClientConnect(userid, userProperty, sessionId, clientAddr4, clientAddr6, duration, macAddr4, macAddr6, ipStatus, pClientAddr, language, port, parentpid);
+  connectionMode=WaitClientConnect(userid, userProperty, sessionId, 
+				   clientAddr4, clientAddr6, duration, 
+				   macAddr4, macAddr6, ipStatus, 
+				   pClientAddr, language, port, parentpid, 
+				   cookieAuth,redirectedUrl);
 
   /* get time at the client connection (in msec) */
   gettimeofday(&timeConnect, NULL) ;
 
-  if(connectionMode==JAVACONNECT){
-
-    /* wait until the java applet quit */
-    /* close gate when no reply to temporal hello or end of TCP connection */
-    /* macAddr6 is used for NDP to search addition ipaddr */
-    WaitJavaClose(pClientAddr, userid, userProperty, macAddr4, macAddr6, ipStatus);
-  }
-  else if(connectionMode==HTTPCONNECT){
+  if(connectionMode==HTTPCONNECT){
 
     /* wait until the http keep alive is closed */
-    WaitHttpClose(pClientAddr, userid, userProperty, macAddr4, macAddr6, ipStatus, sessionId, port);
+    WaitHttpClose(pClientAddr, userid, userProperty, macAddr4, macAddr6, 
+		  ipStatus, sessionId, port);
   }
 
   /* close firewall and exit */
@@ -256,6 +276,9 @@ void closeExit(int signo)
   /* save the connect mode */
   logConnectMode();
 
+  /* write closing information to database */
+  PutSessionEndToDb(cookie, mode[connectionMode]);
+
   /* signal is disabled */
   Signal(SIGTERM, SIG_DFL);
 
@@ -309,12 +332,11 @@ void setProcessTitle(char *useridshort, char *clientAddr4, char * ruleNumber4, c
 /*****************************************/
 void logConnectMode()
 {
-  char *mode[4]={"NONE","JAVA","HTTP","TIME"};
   long time1sec,time2sec,time3sec;
   long time1usec,time2usec,time3usec;
 
   /* set value on failure */
-  if(connectionMode<0 || connectionMode>3) connectionMode=NOCONNECT;
+  if(connectionMode<0 || connectionMode>2) connectionMode=NOCONNECT;
   if(connectionMode==NOCONNECT){
     gettimeofday(&timeBeginWait, NULL) ;
     gettimeofday(&timeConnect, NULL) ;
diff --git a/opengate/opengatesrv/opengateauth.c b/opengate/opengatesrv/opengateauth.c
index 1518402..9f0d091 100644
--- a/opengate/opengatesrv/opengateauth.c
+++ b/opengate/opengatesrv/opengateauth.c
@@ -29,18 +29,27 @@ Email: watanaby@is.saga-u.ac.jp
 
 int  main(int argc, char **argv)
 {
-
+  
   char htmlFile[BUFFMAXLN]="";   /* html file */
   char lang[WORDMAXLN]="";       /* language */
   char clientAddr[ADDRMAXLN]=""; /* client ip address */
   char paramString[BUFFMAXLN]="";   /* parameters in html access */
-  char* pLang;  /* pointer to language string */ 
-  char* pAddr4; /* pointer to addr4 string */
+  char* pLang="";  /* pointer to language string */ 
+  char* pAddr4=""; /* pointer to addr4 string */
+  char* pUrl="";   /* potinter to redirected URL string */
   char authCgiUrl[BUFFMAXLN];  /* url of opengateauth.cgi */
   char mainCgiUrl[BUFFMAXLN];  /* url of opengatesrv.cgi */
   char durationMax[WORDMAXLN]; /* usage duration maximum */
   char opengateServerName[BUFFMAXLN];  /* opengate server domain name */
   char opengateDir[BUFFMAXLN];   /* opengate doc directory in httpd doc */
+  char userid[USERMAXLN]; /* userid value */
+  char cookie[SIDMAXLN]; /* HTTP-Cookie value */
+  char protocol[WORDMAXLN]; /* http or https */
+  char redirectedUrl[BUFFMAXLN]; /* redirected(requested before fwd) URL */
+  char *name[1];
+  char *value[1];
+  char *next[1];
+  char *ptr;
 
   /* keyword pairs */
   /*  the left key is replaced by the right value */
@@ -52,6 +61,9 @@ int  main(int argc, char **argv)
       {"%%CGIURL%%", mainCgiUrl},
       {"%%ADDR4%%", clientAddr},
       {"%%DURATIONMAX%%",durationMax},
+      {"%%PROTOCOL%%",protocol},
+      {"%%REDIRECTEDURL%%",redirectedUrl},
+      {"%%LANGUAGE%%",lang},
       {"",""}  /* DON'T REMOVE THIS LINE */
     };
 
@@ -88,21 +100,26 @@ int  main(int argc, char **argv)
 
   /* get paremeters, */
   if(!isNull(getenv("QUERY_STRING"))){
-    /* get html access parameter string (xx.cgi?addr4&lang) */
+
+    /* get html access parameter string (attached at the end of url) */
     strncpy(paramString, getenv("QUERY_STRING"), BUFFMAXLN);
   }
 
-  /* split language and address in paramString[addr=0-0-0&lang=ja] */
-  pAddr4=paramString;
-  if((pLang=strnstr(paramString, "&", BUFFMAXLN))!=NULL){
-    *pLang='\0'; pLang++;
-  }else{
-    pLang=paramString;
+  /* split language and address in paramString
+     [addr=0-0-0&lang=ja&redirectedurl=xxxx] */
+  ptr=paramString;
+  while(ptr!=NULL){
+    split(ptr, name, value, next);
+    if(strstr(name[0], "addr")!=NULL){
+      pAddr4=value[0];
+    }else if(strstr(name[0], "lang")!=NULL){
+      pLang=value[0];
+    }else if(strstr(name[0], "redirectedurl")!=NULL){
+      pUrl=value[0];
+    }
+    ptr=next[0];
   }
 
-  if(strnstr(pAddr4, "addr=", BUFFMAXLN)==pAddr4) pAddr4+=5;
-  if(strnstr(pLang, "lang=", BUFFMAXLN)==pLang)  pLang+=5;
-
   /* copy clientAddr(encoded) */
   if(isNull(pAddr4)){
     clientAddr[0]='\0';
@@ -121,19 +138,39 @@ int  main(int argc, char **argv)
     sscanf(GetConfValue("HtmlLangs"), "%s", lang);
   }
 
+  /* copy redirected URL */
+  strncpy(redirectedUrl, pUrl, BUFFMAXLN);
+
   /* send out header */
-  printf("Content-Type: text/html\r\n\r\n\r\n");
+  printf("Content-Type: text/html\r\n\r\n");
 
   /* construct html file path */
   sprintf(htmlFile, "%s%s/%s/", GetConfValue("DocumentRoot"),
 	  opengateDir, lang);
 
-  /* ssl or non-ssl file */
-  if(!isNull(getenv("SERVER_PORT"))
-	    && strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
-    strncat(htmlFile, GetConfValue("AuthDocSsl"), BUFFMAXLN);
-  }else{
-    strncat(htmlFile, GetConfValue("AuthDoc"), BUFFMAXLN);
+  /*** if http-cookie for opengate authentication exist */
+  /* skip authenticaion */
+  if(GetAuthCookie(cookie,userid)){
+    strncat(htmlFile, GetConfValue("SkipAuthDoc"), BUFFMAXLN);
+
+    /* ssl or non-ssl protocol  */
+    if(!isNull(getenv("SERVER_PORT"))
+       && strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
+      strncpy(protocol, "https", WORDMAXLN);
+    }else{
+      strncpy(protocol, "http", WORDMAXLN);
+    }
+  }
+  
+  /*** if cookie does not exist, request userid and password */
+  else{
+    /* ssl or non-ssl file */
+    if(!isNull(getenv("SERVER_PORT"))
+       && strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
+      strncat(htmlFile, GetConfValue("AuthDocSsl"), BUFFMAXLN);
+    }else{
+      strncat(htmlFile, GetConfValue("AuthDoc"), BUFFMAXLN);
+    }
   }
 
   /* replace keywords and send out */
diff --git a/opengate/opengatesrv/opengatefwd.c b/opengate/opengatesrv/opengatefwd.c
index 503e0f6..b589409 100644
--- a/opengate/opengatesrv/opengatefwd.c
+++ b/opengate/opengatesrv/opengatefwd.c
@@ -47,6 +47,10 @@ int  main(int argc, char **argv)
   char encodeAddr[ADDRMAXLN]=""; /* encoded ip address */
   char lang[ADDRMAXLN]=""; /* client language */
   char authCgiUrl[BUFFMAXLN];  /* url of opengateauth.cgi */
+  char redirectedUrl[BUFFMAXLN]; /* url of redirected(requested) page */
+  char *protocol;
+  char *httpHost;
+  char *requestUri;
 
   /* keyword pairs */
   /*  the left key is replaced by the right value */
@@ -54,6 +58,7 @@ int  main(int argc, char **argv)
     {
       {"%%ADDR4%%", encodeAddr},
       {"%%AUTHCGIURL%%", authCgiUrl},
+      {"%%REDIRECTEDURL%%", redirectedUrl},
       {"",""}  /* DON'T REMOVE THIS LINE */
     };
 
@@ -113,6 +118,27 @@ int  main(int argc, char **argv)
     encodeAddr[0]='\0';
   }
 
+  /* construct redirected(requested) URL */
+  /* protocol */
+  if(!isNull(getenv("SERVER_PORT"))
+     && strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
+    protocol="https";
+  }else{
+    protocol="http";
+  }
+  /* http-host */
+  if(!isNull(getenv("HTTP_HOST"))) httpHost=getenv("HTTP_HOST");
+  else httpHost="";
+
+  /* request-uri */
+  if(!isNull(getenv("REQUEST_URI"))) requestUri=getenv("REQUEST_URI");
+  else requestUri="";
+
+  /* concat above items to make redirect URL */
+  if(!isNull(httpHost)){
+    snprintf(redirectedUrl,BUFFMAXLN,"%s://%s%s", protocol,httpHost,requestUri);
+  }else redirectedUrl[0]='\0';
+
   /* construct readin html file path */
   snprintf(htmlFile, BUFFMAXLN, "%s%s/%s/%s", 
 	  GetConfValue("DocumentRoot"), 
diff --git a/opengate/opengatesrv/opengatesrv.h b/opengate/opengatesrv/opengatesrv.h
index 3b6c1e4..6dd618d 100644
--- a/opengate/opengatesrv/opengatesrv.h
+++ b/opengate/opengatesrv/opengatesrv.h
@@ -77,15 +77,15 @@ typedef	void	Sigfunc(int);	/* for signal handlers */
 #define USERMAXLN 64       /* maximum userid string length */
 #define BUFFMAXLN 1024      /* maximum buffer string length */
 #define WORDMAXLN 64       /* maximum word length */
+#define SIDMAXLN 64       /* maximum sessionID length */
 #define TRUE 1
 #define FALSE 0
 #define DENY   0
 #define ACCEPT 1
 
 #define NOCONNECT 0    /* the client is not connected yet. */
-#define JAVACONNECT 1  /* the client is connected by using Java Applet */
-#define HTTPCONNECT 2  /* the client is connected by HTTP Keep-Alive */
-#define ENDCONNECT 3   /* the client is now terminating */
+#define HTTPCONNECT 1  /* the client is connected by HTTP Keep-Alive */
+#define ENDCONNECT 2   /* the client is now terminating */
 
 #define IPV4ONLY 4
 #define IPV46DUAL 46
@@ -139,20 +139,32 @@ struct clientAddr *CreateAddrListItem(char* ipAddr, char *ruleNumber, int ipType
 
 /* cgi interface */
 void GetClientAddr(char *clientAddr);
-int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered);
-int GetUserProperty(char *userid, char *userProperty);
+int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, int *durationEntered,char *language, char *redirectedUrl);
+int GetCookieData(char *userid, char *clientAddr4, int *durationPtr, int *durationEntered,char *language);
+int GetAuthCookie(char *cookie, char *userid);
 void SplitId(char* userid, char* useridshort, char* extraId);
 int CheckReferer(void);
-void PutClientDeny(char *clientAddr4);
+void PutClientDeny(char *clientAddr4, char *language);
 void PutClientRetry(char *lang);
 void PutClientMsg(char *message);
-void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered);
-
+void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, int durationEntered, char *language, char *cookie, int cookieAuth, char *redirectedUrl);
+void split(char content[], char *name[], char *value[], char *next[]);
+
+/* db interface*/
+int PutSessionBeginToDb(char* cookie, char* userid, 
+			char* clientAddr4, char* clientAddr6, 
+			char* macAddr4, 
+			char* ruleNumber4, char* ruleNumber6,
+			int duration, int durationEntered, int cookieAuth, 
+			char *language);
+int PutSessionEndToDb(char* cookie, char* watchMode);
+int GetSessionInfoFromDb(char* cookie, char* userid, char* clientAddr4,
+			  char *macAddr, int *duration, int *durationEntered, char *language);
+int GetUserProperty(char *userid, char *userProperty);
 
 /* TCP communication with client */
-void WaitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr4, char *macAddr6, int ipStatus);
 int GetListenPort(void);
-int WaitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid);
+int WaitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid, int cookieAuth, char *redirectedUrl);
 void WaitHttpClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr4, char *macAddr6, int ipStatus, char *sessionid, int port);
 
 /* utilities */
@@ -168,6 +180,7 @@ int Pclose(FILE *stream);
 int isNull(const char *pStr);
 char *GetServicePortStr(char *servName);
 void CreateSessionId(char *sessionId);
+void CreateCookie(char *cookie);
 char *md5hex(char *hexdigest, int len, char *str);
 
 void ReFormatMacAddr(char* macAddr4, char* macAddr6);
diff --git a/opengate/opengatesrv/test-watch-client.c b/opengate/opengatesrv/test-watch-client.c
index 6cd309e..7d182f6 100644
--- a/opengate/opengatesrv/test-watch-client.c
+++ b/opengate/opengatesrv/test-watch-client.c
@@ -70,16 +70,7 @@ int  main(int argc, char **argv)
   /* guide for connecting */
   printf("Waiting connection for %d seconds\n",duration);
   printf("\n");
-  printf(" ### Try to connect from other window as ###\n");
-  printf("  Simulate Java connection \n");
-  printf("===============================================\n");
-  printf("PUT> telnet %s %d\n", clientAddr4, port);
-  printf("PUT> %s\n",userID);
-  printf("GET> accept\n");
-  printf(" waiting ActiveCheckInterval \n");
-  printf("GET> hello \n");
-  printf("PUT> hello \n");
-  printf("PUT> quit \n");
+  printf(" ### Try to connect from other window ###\n");
   printf("===============================================\n\n");
   printf("  Simulate Http connection \n");
   printf("===============================================\n");
@@ -99,16 +90,16 @@ int  main(int argc, char **argv)
 
   /* connection wait */
   connMode=WaitClientConnect(userID, "", "999",clientAddr4,clientAddr6, 
-			   duration,"?","?",4,pClientAddr, language, port, 99);
+			     duration,"?","?",4,pClientAddr, language, port, 
+			     99,1,"http://www.yahoo.com");
   switch(connMode){
 
-  case JAVACONNECT:
-    WaitJavaClose(pClientAddr, userID, "", "?", "?", 4);
-    break;
-
   case HTTPCONNECT:
     WaitHttpClose(pClientAddr, userID, "", "?", "?", 4, "999", port);
     break;
+
+  default:
+    printf("Connection failed\n");
   }
 
   return 0;
diff --git a/opengate/opengatesrv/utilities.c b/opengate/opengatesrv/utilities.c
index 292c496..6655817 100644
--- a/opengate/opengatesrv/utilities.c
+++ b/opengate/opengatesrv/utilities.c
@@ -319,8 +319,9 @@ char *getServicePortStr(char *servName)
 void createSessionId(char *sessionId)
 {
   srandom(getpid()+time(NULL));
-  snprintf(sessionId, BUFFMAXLN, "%ld", random() );
+  snprintf(sessionId, SIDMAXLN, "%ld", random() );
 }
+
 /*************************************************/
 /* calc MD5 in hex form                          */
 /*  str: plain text to convert                   */
@@ -353,6 +354,18 @@ char *md5hex(char *hexdigest, int len, char *str)
   return hexdigest;
 }
 
+/*******************************************/
+/* create random session cookie            */
+/*******************************************/
+void createCookie(char *cookie)
+{
+  char str[BUFFMAXLN];
+
+  /* make Http-cookie from pid&time */
+  snprintf(str, BUFFMAXLN, "%d%d", getpid(),time(NULL));
+  md5hex(cookie, SIDMAXLN, str);
+}
+
 /****************************************/
 /****************************************/
 int Pclose(FILE *stream)
@@ -419,3 +432,8 @@ void CreateSessionId(char *sessionId){
   createSessionId(sessionId);
   if(debug>1) err_msg("DEBUG:<=createSessionId(%s)",sessionId);
 }
+void CreateCookie(char *cookie){
+  if(debug>1) err_msg("DEBUG:=>createCookie( )");
+  createCookie(cookie);
+  if(debug>1) err_msg("DEBUG:<=createCookie(%s)",cookie);
+}
diff --git a/opengate/opengatesrv/watch-client.c b/opengate/opengatesrv/watch-client.c
index 9009b50..0ebdfc6 100644
--- a/opengate/opengatesrv/watch-client.c
+++ b/opengate/opengatesrv/watch-client.c
@@ -1,6 +1,6 @@
 /*************************************************
 Opengate server
-  module for communication with client program (java/javascript) 
+  module for communication with client program (javascript) 
 
 Copyright (C) 1999 Opengate Project Team
 Written by Yoshiaki Watanabe 1999-2006
@@ -29,7 +29,7 @@ void GetPeerAddr(int sockfd, char *peerAddr);
 void SendTerminateReply(void);
 void ReadHttpHeaders(void);
 void SendReplyToGetHello(void);
-void SendHttpKeepPage(char *userid, char *sessionId, char *language, int port);
+void SendHttpKeepPage(char *userid, char *sessionId, char *language, int port, int cookieAuth, char *redirectedUrl);
 int SelectAccept(void);
 void AcceptHttpReConnect(void);
 int MacAddrCheck(int ipStatus,char *clientAddr4, char *clientAddr6, char *macAddr4, char *macAddr6);
@@ -39,7 +39,6 @@ void SendHttpNotFound(void);
 
 void OnUsageTimeLimitAlarm(int signo);
 void OnCheckBasicAlarm(int signo);
-void OnCheckJavaAlarm(int signo);
 void OnCheckHttpAlarm(int signo);
 void OnReadWaitAlarm(int signo);
 void OnAjaxWaitAlarm(int signo);
@@ -143,12 +142,11 @@ int getListenPort(void)
 /************************************/
 /* wait for connection of client side program */
 /************************************/
-int waitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid)
+int waitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid, int cookieAuth, char *redirectedUrl)
 {
   char buff[BUFFMAXLN];             /* read in buffer */
   char connectAddr[ADDRMAXLN];      /* connected client address */
   char httpStr[BUFFMAXLN];          /* HTTP GET string at terminate */
-  char useridAndSessionId[BUFFMAXLN]; /* comcat userid and sessionid */
   int timeSendHttpkeep=0;
   int timeStart;
 
@@ -213,22 +211,6 @@ int waitClientConnect(char *userid, char *userProperty, char *sessionId, char *c
     }
     RemoveAlarm("ReadWaitAlarm");
     
-    /* is it the correct request from java applet */
-    /* the request is [<userid>:<sessionId>] */
-    snprintf(useridAndSessionId, BUFFMAXLN, "%s-%s", userid,sessionId);
-    if(strcmp(buff, useridAndSessionId)==0){
-
-      /* if too late request, ingore */
-      if((time(NULL)-timeStart) > atoi(GetConfValue("JavaWaitTimeout"))){
-	Close(connfd);
-	continue;
-      }
-
-      /* enter to the Java watch mode on the connection keeped */
-      connectMode=JAVACONNECT;
-      break;
-    }
-
     /* is it the httpkeep page download request */
     /* the request is [GET /httpkeep.html ....] */
     snprintf(httpStr, BUFFMAXLN, "GET /httpkeep-%s-%s", userid,sessionId);
@@ -236,7 +218,8 @@ int waitClientConnect(char *userid, char *userProperty, char *sessionId, char *c
       
       /* read out the remained headers and send the page */
       ReadHttpHeaders();
-      SendHttpKeepPage(userid, sessionId, language, port);
+      SendHttpKeepPage(userid, sessionId, language, port, cookieAuth, 
+		       redirectedUrl);
       timeSendHttpkeep=time(NULL);
 
       /* return to wait next request (that night be GET /hello) */
@@ -351,7 +334,7 @@ int selectAccept(void)
 void onUsageTimeLimitAlarm(int signo)
 {
   connectMode=ENDCONNECT;
-  err_msg("ERR at %s#%d: duration time out",__FILE__,__LINE__);
+  err_msg("ERR at %s#%d: duration timeout",__FILE__,__LINE__);
 }
 
 /***************************************/
@@ -462,118 +445,6 @@ void getPeerAddr(int sockfd, char *peerAddr)
   return;
 }
 
-/***************************************************/
-/* wait for close connection of java               */
-/***************************************************/
-void waitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr4, char *macAddr6, int ipStatus)
-{
-  char buff[BUFFMAXLN];
-  int ret;
-
-  /* set alarm function arguments */
-  alarmArg.pClientAddr=pClientAddr;
-  alarmArg.macAddr4=macAddr4;
-  alarmArg.macAddr6=macAddr6;
-  alarmArg.userid=userid;
-  alarmArg.userProperty=userProperty;
-  alarmArg.ipStatus=ipStatus;
-
-  Writefmt(connfd,"accept\r\n");
-  
-  /* TCP read/write loop */
-  /* this loop implement following logic */
-  /*   repeat until receiving 'quit' or EOF from client         */
-  /*      say 'hello' to client                                 */
-  /*      receive 'hello' from client. if no reply, then quit.  */
-  /*      get packet count for client after short delay.        */
-  /*      long interval                                         */
-  /*      get packet count again. if no packet, then quit.      */
-  
-  /* set the alarm for periodic check */
-  AddAlarm("CheckJavaAlarm", alarmArg.checkInterval, FALSE, OnCheckJavaAlarm);
-  EnableAlarm();
-  
-  while(1){
-    /* set default to terminate */
-    connectMode=ENDCONNECT;
-    ret=readln(connfd, buff, BUFFMAXLN);
-
-    /* stop alarm */
-    DisableAlarm();
-
-    if(ret>=0){
-      /* normal read */
-      connectMode=JAVACONNECT;
-      /* read quit, then quit */
-      if(strstr(buff,"quit") != NULL){
-	break;
-      }
-      
-      /* read hello reply to the hello message in periodic check */
-      /* see onCheckJavaAlarm for timeout alarm setting */
-      else if((helloWait)&&(strstr(buff,"hello") !=NULL)){
-        helloWait=FALSE;
-	RemoveAlarm("ReplyTimeoutAlarm");
-      }
-      /* read other string */
-      else{
-      }
-    }
-
-    /* connection terminated */
-    if(connectMode==ENDCONNECT) break;
-
-    /* restart alarm */
-    EnableAlarm();
-  }
-
-  /* reset alarm */
-  RemoveAlarm(NULL);
-    
-  SendQuitClient();
-  
-  return;
-  }
-
-
-/***************************************/
-/* called at periodic java alive check */
-/***************************************/
-void onReplyTimeoutAlarm(int signo)
-{
-  /* no reply */
-  err_msg("ERR at %s#%d: no reply to hello",__FILE__,__LINE__);
-  connectMode=ENDCONNECT;
-}
-	
-/***************************************/
-/* called at periodic java alive check */
-/***************************************/
-void onCheckJavaAlarm(int signo)
-{
-  /* search new IPv6 addresses */
-  ScanNdpEntry(alarmArg.pClientAddr, alarmArg.userid,
-	     alarmArg.macAddr6, alarmArg.userProperty);
-
-  /* send hello and wait the reply */
-  Writefmt(connfd,"hello\r\n");
-  helloWait=TRUE;
-
-  /* mac address check */
-  if(MacAddrCheck(alarmArg.ipStatus, 
-		  alarmArg.clientAddr4, alarmArg.clientAddr6, 
-		  alarmArg.macAddr4, alarmArg.macAddr6)==FALSE){
-    connectMode=ENDCONNECT;
-    return;
-  }
-
-  /* set the alarm for next periodic check */
-  AddAlarm("CheckJavaAlarm", alarmArg.checkInterval, FALSE, OnCheckJavaAlarm);
-  /* EnableAlarm is called automatically in alarm function */
-
-  connectMode=JAVACONNECT;
-  return;
-}
 
 /***************************************************/
 /* send reply to terminate access via connfd(not stdout) */
@@ -868,7 +739,7 @@ void sendReplyToGetHello(void)
 /***************************************************/
 /* send httpkeep page to client via connfd         */
 /***************************************************/
-void sendHttpKeepPage(char *userid, char *sessionId, char *language, int port)
+void sendHttpKeepPage(char *userid, char *sessionId, char *language, int port, int cookieAuth, char *redirectedUrl)
 {
   char buff[BUFFMAXLN];             /* read in buffer */
   FILE *fp;
@@ -879,9 +750,9 @@ void sendHttpKeepPage(char *userid, char *sessionId, char *language, int port)
   char acceptDoc2Url[BUFFMAXLN];
   char httpkeepJsUrl[BUFFMAXLN];
   char md5JsUrl[BUFFMAXLN];
-  char *startPageUrl=GetConfValue("StartPage/Url");
-  int startPageType=atoi(GetConfValue("StartPage/Type"));
   char portStr[WORDMAXLN];
+  char *startPageUrl="";
+  int startPageType=atoi(GetConfValue("StartPage/Type"));
 
   char *opengateServerName=GetConfValue("OpengateServerName");
   char *opengateDir=GetConfValue("OpengateDir");
@@ -924,6 +795,13 @@ void sendHttpKeepPage(char *userid, char *sessionId, char *language, int port)
     return;
   }
 
+  /* create start page url to put information */
+  if(cookieAuth==1) startPageUrl=redirectedUrl;
+  else if(startPageType==0) startPageUrl=acceptDoc2Url;
+  else if(startPageType==1) startPageUrl=GetConfValue("StartPage/Url");
+  else if(startPageType==2) startPageUrl=redirectedUrl;
+  else startPageUrl=acceptDoc2Url;
+
   /* send HTTP headers */
   Writefmt(connfd,"HTTP/1.1 200 OK\r\n");
   Writefmt(connfd,"Transfer-Encoding: chunked\r\n");
@@ -936,7 +814,8 @@ void sendHttpKeepPage(char *userid, char *sessionId, char *language, int port)
 
     /* length check */
     if(strlen(buff)>=BUFFMAXLN-1){
-      err_msg("ERR at %s#%d: too long line in %s",__FILE__,__LINE__,httpKeepDoc);
+      err_msg("ERR at %s#%d: too long line in %s",__FILE__,__LINE__,
+	      httpKeepDoc);
     }
 
     /* replace mark */
@@ -951,13 +830,7 @@ void sendHttpKeepPage(char *userid, char *sessionId, char *language, int port)
     htmlReplace(buff, "%%OPENGATEDIR%%", opengateDir);
     htmlReplace(buff, "%%OPENGATEPORT%%", portStr);
     htmlReplace(buff, "%%LANGUAGE%%", language);
-
-    /* replace start url mark */
-    if( startPageType==1 ){
-      htmlReplace(buff, "%%STARTURL%%", startPageUrl);
-    }else{
-      htmlReplace(buff, "%%STARTURL%%", acceptDoc2Url);
-    }
+    htmlReplace(buff, "%%STARTURL%%", startPageUrl);
 
     /* length of chunk in hex */
     Writefmt(connfd, "%x\r\n", strlen(buff));
@@ -1029,24 +902,17 @@ int GetListenPort(void)
   return ret;
 }
 
-int WaitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid)
+int WaitClientConnect(char *userid, char *userProperty, char *sessionId, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port, int pid, int cookieAuth, char *redirectedUrl)
 {
   int ret;
 
-  if(debug>1) err_msg("DEBUG:=>waitClientConnect(%s,%s,%s,%s,%s,%d,%s,%s,%d,%s,%d,%d)",userid,userProperty,sessionId,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,language,port,pid);
-  ret=waitClientConnect(userid,userProperty,sessionId,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,pClientAddr,language,port,pid);
+  if(debug>1) err_msg("DEBUG:=>waitClientConnect(%s,%s,%s,%s,%s,%d,%s,%s,%d,%s,%d,%d,%d,%s)",userid,userProperty,sessionId,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,language,port,pid,cookieAuth,redirectedUrl);
+  ret=waitClientConnect(userid,userProperty,sessionId,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,pClientAddr,language,port,pid,cookieAuth,redirectedUrl);
   if(debug>1) err_msg("DEBUG:(%d)<=waitClientConnect( )",ret);
 
   return ret;
 }
 
-void WaitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr4, char *macAddr6, int ipStatus)
-{
-  if(debug>1) err_msg("DEBUG:=>waitJavaClose(%p,%s,userProperty,%s,%s,%d)",pClientAddr,userid,macAddr4,macAddr6,ipStatus);
-  waitJavaClose(pClientAddr,userid,userProperty,macAddr4,macAddr6,ipStatus);
-  if(debug>1) err_msg("DEBUG:<=waitJavaClose( )");
-}
-
 void SendQuitClient(void)
 {
   if(debug>1) err_msg("DEBUG:=>sendQuitClient( )");
@@ -1083,10 +949,10 @@ void SendReplyToGetHello(void)
   if(debug>1) err_msg("DEBUG:<=sendReplyToGetHello( )");
 }
 
-void SendHttpKeepPage(char *userid, char *sessionId, char *language, int port)
+void SendHttpKeepPage(char *userid, char *sessionId, char *language, int port, int cookieAuth, char *redirectedUrl)
 {
-  if(debug>1) err_msg("DEBUG:=>sendHttpKeepPage(%s,%s,%s,%d)", userid, sessionId, language, port);
-  sendHttpKeepPage(userid, sessionId, language, port);
+  if(debug>1) err_msg("DEBUG:=>sendHttpKeepPage(%s,%s,%s,%d,%d,%s)", userid, sessionId, language, port, cookieAuth, redirectedUrl);
+  sendHttpKeepPage(userid, sessionId, language, port, cookieAuth, redirectedUrl);
   if(debug>1) err_msg("DEBUG:<=sendHttpKeepPage( )");
 
 }
@@ -1105,13 +971,6 @@ void OnCheckBasicAlarm(int signo){
   if(debug>1) err_msg("DEBUG:<=onCheckBasicAlarm()");
 }
 
-void OnCheckJavaAlarm(int signo){
-
-  if(debug>1) err_msg("DEBUG:=>onCheckJavaAlarm()");
-  onCheckJavaAlarm(signo);
-  if(debug>1) err_msg("DEBUG:<=onCheckJavaAlarm()");
-}
-
 void OnCheckHttpAlarm(int signo){
 
   if(debug>1) err_msg("DEBUG:=>onCheckHttpAlarm()");
@@ -1182,5 +1041,3 @@ void SendHttpNotFound(void){
   sendHttpNotFound();
   if(debug>1) err_msg("DEBUG:<=sendHttpNotFound()");
 }
-
-