OpenBSD/OpenIKED でリモートアクセス VPN

Transcript

1. 0QFO#4%0QFO*,&%
   Ͱ
   ϦϞʔτΞΫηε
   71/ 
   ઙؒਖ਼࿨
   &#6(
   !
   εϊʔϐʔΫ
   )FBERVBSUFST
   ΩϟϯϓϑΟʔϧυ 1

2. ߏ੒ Ұൠతͳϒϩʔυόϯυϧʔλ
    Ұൠతͳ
   0QFO#4%
   αʔό
   SBTNZEPNBJO
    71/
   ΫϥΠΞϯτʹ
   ׂΓ౰ͯΔ
   *1W
   ΞυϨεଳ
    6%1
   ͱ
   6%1
   Λ
   

   
   ʹ
   /"5 Ұൠతͳ
   *,&W
   ઃఆ
   ઀ଓઌ͸
   %%/4
   ౳Λ૝ఆ 2 Πϥετ
   $ ͍Β͢ͱ΍

3. ϒϩʔυόϯυϧʔλͷઃఆ 3

4. Լ४උ  w *1W
   ύέοτసૹͷ༗ޮԽ
   w QG
   ͷઃఆ
   w JLFE
   ͷىಈઃఆ ras# cp

   /etc/examples/sysctl.conf /etc/ ras# vi /etc/sysctl.conf net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets ras# vi /etc/rc.conf.local iked_flags="" ras# vi /etc/pf.conf pass in log on smsc0 proto udp from any to 192.168.11.254 port {isakmp, ipsec-nat-t} pass in log on enc0 4

5. Լ४උ  w ϓϩΩγ
   "31
   ͷઃఆ ras# ifconfig smsc0 smsc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu

   1500 lladdr b8:27:eb:b7:4a:f4 index 3 priority 0 llprio 3 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.11.254 netmask 0xffffff00 broadcast 192.168.11.255 ras# arp -s 192.168.11.240 b8:27:eb:b7:4a:f4 pub ras# arp -s 192.168.11.241 b8:27:eb:b7:4a:f4 pub ras# arp -s 192.168.11.242 b8:27:eb:b7:4a:f4 pub ras# arp -s 192.168.11.243 b8:27:eb:b7:4a:f4 pub ras# arp -s 192.168.11.244 b8:27:eb:b7:4a:f4 pub ras# arp -s 192.168.11.245 b8:27:eb:b7:4a:f4 pub ras# arp -s 192.168.11.246 b8:27:eb:b7:4a:f4 pub ras# arp -s 192.168.11.247 b8:27:eb:b7:4a:f4 pub 5

6. $"
   ͷઃఆ  ras# ikectl ca vpn create CA passphrase: Retype

   CA passphrase: Generating RSA private key, 2048 bit long modulus .........+++++ ................................................................................................ +++ e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- ... 6

7. $"
   ͷઃఆ  ... ----- Country Name (2 letter code) [JP]:

   State or Province Name (full name) [Niigata]: Locality Name (eg, city) [Sanjo]: Organization Name (eg, company) [Ginzado]: Organizational Unit Name (eg, section) [BT]: Common Name (eg, fully qualified host name) [VPN CA]: Email Address [[email protected]]: Signature ok subject=/C=JP/ST=Niigata/L=Sanjo/O=Ginzado/OU=BT/CN=VPN CA/[email protected] Getting Private key Using configuration from /etc/ssl/vpn/ca-revoke-ssl.cnf ras# ikectl ca vpn install certificate for CA 'vpn' installed into /etc/iked/ca/ca.crt CRL for CA 'vpn' installed to /etc/iked/crls/ca.crl 7

8. αʔό伴ϖΞͷઃఆ  ras# ikectl ca vpn certificate ras.my.domain create Generating

   RSA private key, 2048 bit long modulus ..............................................................................+++++ ..................................+++++ e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [JP]: State or Province Name (full name) [Niigata]: Locality Name (eg, city) [Sanjo]: Organization Name (eg, company) [Ginzado]: Organizational Unit Name (eg, section) [BT]: ... 8

9. αʔό伴ϖΞͷઃఆ  ... Common Name (eg, fully qualified host name)

   [ras.my.domain]: Email Address [[email protected]]: Using configuration from /etc/ssl/vpn/ras.my.domain-ssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :ASN.1 12:'Niigata' localityName :ASN.1 12:'Sanjo' organizationName :ASN.1 12:'Ginzado' organizationalUnitName:ASN.1 12:'BT' commonName :ASN.1 12:'ras.my.domain' emailAddress :IA5STRING:'[email protected]' Certificate is to be certified until Feb 5 04:51:16 2021 GMT (365 days) Write out database with 1 new entries Data Base Updated ras# ikectl ca vpn certificate ras.my.domain install writing RSA key 9

10. 0QFO*,&%
    ͷઃఆ ras# touch /etc/iked.conf ras# chmod 600 /etc/iked.conf ras# vi

    /etc/iked.conf user "m-asama" "password" ikev2 passive esp \ from 0.0.0.0/0 to 0.0.0.0/0 \ local 192.168.11.254 peer any \ srcid ras.my.domain \ eap "mschap-v2" \ config address 192.168.11.240/29 \ config netmask 255.255.255.0 \ config name-server 192.168.11.1 10

11. ୺຤ଆઃఆ J1BE04ͷྫ  11

12. ୺຤ଆઃఆ J1BE04ͷྫ  12

13. ୺຤ଆઃఆ J1BE04ͷྫ  13

14. ୺຤ଆઃఆ J1BE04ͷྫ  14

15. ୺຤ଆઃఆ J1BE04ͷྫ  15

16. ୺຤ଆઃఆ J1BE04ͷྫ  16

17. ୺຤ଆઃఆ J1BE04ͷྫ  17

18. ୺຤ଆઃఆ J1BE04ͷྫ  18

19. ୺຤ଆઃఆ J1BE04ͷྫ  19

20. ୺຤ଆઃఆ J1BE04ͷྫ  20

21. ୺຤ଆઃఆ J1BE04ͷྫ  21

22. ୺຤ଆઃఆ J1BE04ͷྫ  22

23. ҰମԿ͕ى͖͍ͯΔͷ͔ʁ 23

24. *1 6%1 )%3 4"J ,&J /J *1 6%1 )%3 4"S

    ,&S /S $&353&2 *OJUJBUPS 3FTQPOEFS *,&@4"@*/*5
    SFRVFTU *,&@4"@*/*5
    SFTQPOTF *,&@"65)
    SFRVFTU *,&@"65)
    SFTQPOTF *1 6%1 &41 1BZMPBE &41
    QBDLFU &"1
    ͷ৔߹
    *,&@"65)
    ΛԿԟ෮͔͢Δ *1 6%1 )%3 *%J $1 54J 54S 4"J ҉߸จ ฏจ *,&W
    ʹΑΔ伴ަ׵ ࣮τϥώοΫ *,&@"65)
    Λ
    อޢ͢ΔͨΊͷ
    ΍ΓͱΓ ࣮τϥώοΫΛ
    อޢ͢ΔͨΊͷ
    ΍ΓͱΓ 24 Πϥετ
    $ ͍Β͢ͱ΍ *1 6%1 )%3 *%S "65) &"1 $&35

25. 4"
    4FDVSJUZ
    "TTPDJBUJPO w ཁ͢Δʹ
    l઀ଓz
    Λදݱ͢ΔϞϊ
    w ҉߸ԽΞϧΰϦζϜ͸ԿͰ伴௕͸͍͔ͭ͘
    w ׬શੑݕূΞϧΰϦζϜ͸ԿͰ伴௕͸͍͔ͭ͘
    w ٖࣅཚ਺ੜ੒ΞϧΰϦζϜ͸ԿͰ伴௕͸͍͔ͭ͘
    w

    %J⒏F)FMMNBO
    άϧʔϓ ˞ޙड़ ͸Կ͔
    w ߦ͖ͱؼΓͰͦΕͧΕผͷ
    4"
    ͕༻ҙ͞ΕΔ
    w *,&
    ͷ΍ΓͱΓͷͨΊͷ
    4" *,&
    4"
    ͱ
    &41
    ͷ΍ΓͱΓͷͨΊͷ
    4" $IJME
    4"
    ͕ผʹͳ͍ͬͯΔ
    w લทͷ
    4"J
    ͸
    *OJUJBUPS
    ͕ఏҊ͢Δ
    *,&
    4"
    ͷΞϧΰϦζϜ܈Λද͠
    4"S
    ͸
    3FTQPOEFS
    ͕ఏҊ͢Δ
    *,&
    4"
    ͷΞϧΰϦζϜ܈Λද͢ 25

26. ,&
    ,FZ
    &YDIBOHF w l*OJUJBUPS
    ͱ
    3FTQPOEFS
    Ͱڞ༗͢Δൿີͷ਺ࣈz
    Λੜ੒͢ΔͨΊͷ਺ࣈ
    w %J⒏F)FMMNBO
    伴ަ׵Ͱ༻͍Δ ˞ޙड़ 26

27. /J/S
    /PODF w *OJUJBUPS
    ͱ
    3FTQPOEFS
    ͰͦΕͧΕੜ੒ͨ͠ϥϯμϜͳ਺ࣈ
    w ٖࣅཚ਺ੜ੒ͱ͔ೝূͷࡍʹ༻͍Δ 27

28. %J⒏F)FMMNBO
    伴ަ׵ *OJUJBUPS 3FTQPOEFS 伴ަ׵ʹ༻͍Δ
    %J⒏F)FMMNBO
    άϧʔϓΛܾఆ͢Δ
    *,&@4"@*/*5
    ͷ
    4"J4"S
    Ͱܾ·Δ ྫ͑͹
    
    (SPVQ
     CJU
    .0%1
    ͷ৔߹
    Q
    
    ?
    
    ?
    
    
    
    ?
    

    
    \
    <?
    QJ>
    
    
    ^
    H
    
     
    㱡
    J
    㱡
    Q
    
    
    ͱͳΔ
    ཚ਺
    J
    Λੜ੒ 
    㱡
    S
    㱡
    Q
    
    
    ͱͳΔ
    ཚ਺
    S
    Λੜ੒ H?J
    NPE
    Q
    Λ
    ,&J
    ͱͯ͠ૹ৴ H?S
    NPE
    Q
    Λ
    ,&S
    ͱͯ͠ૹ৴ H?S
    NPE
    Q ?J
    NPE
    Q
    
    H? J S
    NPE
    Q
    ͕ڞ༗ൿີ伴 H?J
    NPE
    Q ?S
    NPE
    Q
    
    H? J S
    NPE
    Q
    ͕ڞ༗ൿີ伴 Q
    ͕େ͖͍ͱ
    Q
    H
    H?J
    NPE
    Q
    H?S
    NPE
    Q
    ͷ৘ใ͔Β
    H? J S
    NPE
    Q
    Λܭࢉ͢Δͷ͸೉͍͠Β͍͠ ཭ࢄର਺໰୊
    ଞʹ΋ପԁۂઢ҉߸Λ༻͍ͨ΋ͷͳͲ΋͋Δ 28 Πϥετ
    $ ͍Β͢ͱ΍

29. *,&
    4"
    ͷ伴ͷੜ੒ ఆٛ
    QSG
    ,
    4
    
    4
    ͱ
    ,
    ͔Βݻఆ௕ͷٖࣅཚ਺Λੜ੒͢Δؔ਺
    QSG
    ,
    4

    
    
    QSG
    Λ࢖ͬͯ
    QSG
    Ͱੜ੒͞ΕΔٖࣅཚ਺ΑΓ େ͖͍ٖࣅཚ਺ ٖࣅཚ਺ͷ࿈ଓ Λੜ੒͢Δؔ਺
    QSG
    JT
    EFpOFE
    BT
    QSG
    , 4
    
    5
    c
    5
    c
    5
    c
    5
    c
    
    XIFSF
    5
    
    QSG
    ,
    4
    c
    Y
    5
    
    QSG
    ,
    5
    c
    4
    c
    Y
    5
    
    QSG
    ,
    5
    c
    4
    c
    Y
    5
    
    QSG
    ,
    5
    c
    4
    c
    Y
    
    3'$
    
    ͔ΒҾ༻ લड़ͷ
    %J⒏F)FMMNBO
    伴ަ׵Ͱ
    H? J S
    Λܭࢉ͠
    4
    ͱ͠
    /J
    ͱ
    /S
    Λ͚ͬͭͨ͘΋ͷΛ
    ,
    ͱ͢Δ ˞ॳճͷ৔߹
    ˣ
    ,
    ͱ
    4
    ͔Β
    QSG
    ,
    4
    Λܭࢉ͠
    4,&:4&&%
    ͱ͢Δ
    ˣ
    /J
    ͱ
    /S
    ͱ
    41*J
    ͱ
    41*S
    Λ͚ͬͭͨ͘΋ͷΛ
    4
    ͱ͢Δ
    ˞41*
    ͸
    )%3
    ʹॻ͔Εͨ
    *%
    ͷΑ͏ͳ΋ͷ
    ˣ
    4,&:4&&%
    ͱ
    4
    ͔Β
    QSG
    4,&:4&&%
    4
    Λܭࢉ͠
    ٖࣅཚ਺ͷ࿈ଓΛಘΔ
    ˣ
    ੜ੒͞Εٖͨࣅཚ਺ͷ࿈ଓΛઌ಄͔Β੾ΓऔΓ
    4,@E $IJME
    4"
    ੜ੒༻ٖࣅཚ਺ੜ੒伴
    4,@BJ
    4,@BS *OJUJBUPS3FTQPOEFS
    ͷ׬શੑݕূ伴
    4,@FJ
    4,@FS *OJUJBUPS3FTQPOEFS
    ͷ҉߸伴
    4,@QJ
    4,@QS "65)༻ٖࣅཚ਺ੜ੒伴
    ͱ͢Δ 29

30. ೝূ &"1
    ͷ৔߹ w 3FTQPOEFS
    ͔ΒΈͨ
    *OJUJBUPS
    ͷೝূ
    w 111
    ͳͲͰ࢖ΘΕ͍ͯΔ
    .4$)"1W
    Λ༻͍Δ
    w ಉ͘͡
    .4$)"1W
    Λ༻͍Δ
    1151
    ͸੬ऑੑ͕ݟ͔͍ͭͬͯΔ͕
    *,&W
    ͸
    *,&
    4"
    Ͱ௨৴͕อޢ͞Ε͍ͯΔͷͰେৎ෉Β͍͠
    w

    3FTQPOEFS
    ͕νϟϨϯδΛૹͬͯ
    *OJUJBUPS
    ͕ਖ਼͍͠ϨεϙϯεΛฦͤ Ε͹ೝূ੒ޭ
    w *OJUJBUPS
    ͔ΒΈͨ
    3FTQPOEFS
    ͷೝূ
    w 3FTQPOEFS
    ͸
    *,&@4"@*/*5
    ͳͲͷ಺༰Λൿີ伴Ͱॺ໊͠
    *OJUJBUPS
    ʹ ૹΔ
    w *OJUJBUPS
    ͸
    $"
    ͷެ։伴Ͱݕূ͢Δ͜ͱͰ
    3FTQPOEFS
    Λೝূ ଟ෼ 30

31. $IJME
    4"
    ͷ伴ͷੜ੒ w *,&
    4"
    ͷ伴ͷੜ੒ͱಉ͡Α͏ͳײ͡Ͱ
    /J
    ͱ
    /S
    Λ͚ͬͭͨ͘΋ͷΛλω ʹ
    4,@E
    Λ伴ʹͯ͠
    QSG
    Λ࣮ߦٖ͠ࣅཚ਺ͷ࿈ଓΛੜ੒͠಄͔Β҉߸伴 ͱ׬શੑݕূ伴Λ੾ΓऔΔ
    w $IJME
    4"
    ͷ৘ใ͸
    1'@,&:
    ιέοτΛ࢖ͬͯΧʔωϧʹྲྀ͠ࠐ·ΕΔ 31

32. 4"
    ͷߋ৽ w ΊΜͲ͍ͷͰলུ
    w $3&"5&@$)*-%@4"
    ͱ͍͏ϝοηʔδͰ
    w *,&
    4"
    ͷߋ৽
    w ͦΜͳʹසൟʹ͸΍Βͳ͍
    w

    ͜ͷ৔߹͸طଘͷ
    $IJME
    4"
    Λ৽͍͠
    *,&
    4"
    ʹඥ෇͚Δ
    w $IJME
    4"
    ͷߋ৽
    w *,&
    4"
    ΑΓ͸සൟʹ΍Δ
    w Λߦ͏Μ͚ͩͲ͜Ε͕·ͨ௒ઈΊΜͲ͍ ओʹύέοτফࣦ΍ΤϥʔରԠ
    w *OJUJBUPS3FTQPOEFS
    ͷͲͪΒ΋
    $3&"5&@$)*-%@4"
    Λ։࢝͢Δ͜ͱ ͕Ͱ͖ͯͦΕ͕ಉ࣌ʹى͖ͨ࣌͸Ͳ͏͢Δ͔ͱ͔ߟ͑ͳ͍ͱ͚ͳ͍ 32

33. 54J54S
    5SB⒏D
    4FMFDUPS w $IJME
    4"
    Ͱอޢ͢Δ
    w ΞυϨεൣғ
    w ϙʔτ൪߸ൣғ
    w Λࢦఆ͢ΔϞϊ
    w

    ࠓճͷྫͰ͸
    3FTQPOEFS
    ͷઃఆ্͸
    54J
    ͱ
    54S
    ͕ڞʹ
    
    ʹઃ ఆ͞Ε͍ͯΔ͕࣮ࡍʹ͸
    54J
    Λೝূͨ࣌͠఺Ͱ
    *OJUJBUPS
    ʹׂΓ౰ͯͨΞ υϨεͷΈʹڱΊ͍ͯΔ 33 ras# ipsecctl -s flow flow esp in from 192.168.11.246 to 0.0.0.0/0 peer 203.0.113.85 \ srcid FQDN/ras.my.domain dstid IPV4/10.132.21.116 type use flow esp out from 0.0.0.0/0 to 192.168.11.246 peer 203.0.113.85 srcid FQDN/ras.my.domain dstid IPV4/10.132.21.116 type require flow esp out from ::/0 to ::/0 type deny

34. $1
    $POpHVSBUJPO w %)$1
    ͷΑ͏ʹ૬ख͔ΒΞυϨεΛׂΓ౰ͯͯ΋ΒͬͨΓ
    %/4
    αʔόͷ ৘ใͳͲΛڭ͑ͯ΋ΒͬͨΓ͢ΔͨΊͷϞϊ
    w *,&W
    ͷࠒʹ͸ͳ͘
    *,&W
    ʹͳͬͯ࡞ΒΕͨ
    w *,&W
    Ͱ͸
    *1TFD
    Ͱ҉߸Խ͞Εͨܦ࿏Λ࡞্ͬͨʹ
    -51W
    Ͱτϯωϧ Λு͍ͬͯͨ
    w

    ΞυϨεׂΓ౰ͯͳͲ͸
    -51W
    ͷػೳΛར༻͍ͯͨ͠ 34

35. /"5
    τϥόʔαϧ w ࠓճ͸
    *,&
    ΋
    &41
    ΋
    6%1
    Λ࢖ͬͯ௨৴͞ΕΔ͜ͱΛલఏͱͨ͠આ໌͠ ͔͠ͳ͔͚ͬͨͲେੲ͸
    &41
    ͸
    *1
    ͷϓϩτίϧͷͻͱͭͱͯ͠ఆٛ͞Ε ͍ͯͨͨΊؒʹ
    /"5
    ૷ஔ͕͍Δͱ࢖͑ͳ͔ͬͨ
    w *,&W
    Ͱ͸్தͰ
    /"5
    τϥόʔαϧͱ͍͏ػೳ͕ผ
    3'$
    Ͱఆٛ͞Ε
    *,&W
    Ͱ͸
    *,&W
    ͷ࢓༷ʹ͜ͷػೳ͕࠷ॳ͔Β੝Γࠐ·Ε͍ͯΔ
    w ૹ৴ݩ͕Ѽઌͱૹ৴ݩʹઃఆͨ͠
    *1
    ΞυϨεͷ৘ใΛ
    *,&
    ͷ৘ใʹຒΊ

    ࠐΈ૬ख͕ड͚औͬͨࡍʹ࣮ࡍʹઃఆ͞ΕͨѼઌͱૹ৴ݩͷ
    *1
    ΞυϨε ͱൺֱ͢Δ͜ͱͰؒʹ
    /"5
    ૷ஔ͕͍Δ͜ͱΛݕ஌͢Δ͜ͱ͕Ͱ͖Δ
    w 6%1
    ͷ
    /"5
    ͸௨৴͕ͳ͍ͱηογϣϯ৘ใ͕ফ͞ΕΔͷͰఆظతʹ σ ϑΥϧτ
    
    ඵ
    /"5
    ΩʔϓΞϥΠϒΛૹΔ 35

36. &41
    Ҏ֎ w ࠓճ͸
    &41
    Λલఏͱͨ͠આ໌͔͠͠ͳ͔͚ͬͨͲ
    *1TFD
    ʹ͸ଞʹ
    ")
    ΍
    *1$PNQ
    ͱ͍͏Ϟϊ΋͋Δ
    w ")
    ͸҉߸Խͤͣ׬શੑ ్தͰվ᜵͞Ε͍ͯͳ͍͜ͱ Λอূ͢Δ͚ͩ ͷϞϊ
    w

    େੲ͸
    &41
    ͸҉߸Խ͢Δ͚ͩͰ׬શੑ͸อূͤͣ׬શੑΛ୲อͨ͠ ͍࣌͸
    ")
    ͱ૊Έ߹ΘͤΔͱ͍͏Ϟϊ͚ͩͬͨͲ
    &41
    Ͱ׬શੑ΋อ ূͰ͖ΔΑ͏ʹͳͬͯ
    ")
    ͸શ͘ͱݴ͍͍ͬͯ΄Ͳ࢖ΘΕͳ͔ͬͨ
    w ηΩϡϦςΟతʹ΋׬શੑΛνΣοΫ͠ͳ͍҉߸Խ͸ྑ͘ͳ͍Β͍͠
    w *1$PNQ
    ͸ϖΠϩʔυΛѹॖ͢ΔͨΊͷϞϊ 36

37. τϯωϧϞʔυҎ֎ w ࠓճ͸τϯωϧϞʔυΛલఏͱ͢Δઆ໌͔͠͠ͳ͔͚ͬͨͲ
    *1TFD
    ʹ͸ଞ ʹτϥϯεϙʔτϞʔυͱ͍͏Ϟϊ΋͋Δ
    w τϯωϧϞʔυ͸ΦϦδφϧͷ
    *1
    ύέοτΛ
    *1TFD
    ૷ஔ͕ΧϓηϧԽ ͯ͠શମΛอޢ͢Δ͕τϥϯεϙʔτϞʔυ͸
    *1TFD
    ૷ஔؒͷ௨৴ͷத ਎ͷΈΛอޢ͢Δ ΦϦδφϧͷ
    *1
    ϔομͷ಺ଆͷΈΛอޢ
    

    w 3'$
    
    ʹ͸
    lτϥϯεϙʔτϞʔυ͸Ϋη͕ڧ͍z
    Έ͍ͨͳ͜ͱ͕ ॻ͔Ε͍ͯͯݸਓతʹ͸͋·ΓؔΘΓͨ͘ͳ͍ 
    5IJT
    TDFOBSJP
    FOBCMFT
    UIF
    FOEUPFOE
    TFDVSJUZ
    UIBU
    IBT
    CFFO
    B
    HVJEJOH
    QSJODJQMF
    GPS
    UIF
    *OUFSOFU
    TJODF
    <"3$)13*/$>
    <53"/41"3&/$:>
    BOE
    B
    NFUIPE
    PG
    MJNJUJOH
    UIF
    JOIFSFOU
    QSPCMFNT
    XJUI
    DPNQMFYJUZ
    JO
    OFUXPSLT
    OPUFE
    CZ
    <"3$)(6*%&1)*->
    
    
    3'$
    
    
    
    &OEQPJOUUP&OEQPJOU
    5SBOTQPSU
    .PEF 37

38. ཧ૝ओٛ
    WT
    ݱ࣮ओٛ w ϦϞʔτΞΫηεʹ͸
    -51W
    ͕͋ΔΜ͔ͩΒ
    *1TFD
    ʹ͸ෆཁ
    ˠ ΍ͬͺΞυϨεׂΓ౰ͯػೳ͋ͬͨํ͕͍͍ΑͶ
    w /"5
    ͸ѱ
    ")
    ͱ
    &41
    ͸
    *1
    ͷϓϩτίϧͰ
    ˠ ෆศ͗͢
    6%1
    Ͱ
    /"5
    ӽ͑Ͱ͖ΔΑ͏ʹ͠Α
    w

    ׬શੑΛ୲อ͍͚ͨ͠Ͳػີੑ͸ඞཁͳ͍࣌΋͋Ε͹ػີੑΛ୲อ͍ͨ͠ ͚Ͳ׬શੑ͕ඞཁͳ͍࣌΋͋Δ͸ͣͳͷͰඞཁʹԠͯ͡
    ")
    ͱ
    &41
    Λ૊ Έ߹Θͤͯ࢖͏΂͖
    ˠ ࣮ࡍʹ͸
    &41
    ͔͠࢖ΘΕͣޙ͔Β׬શੑ΋୲อ͞ΕΔ
    w Πϯλʔωοτ͸ΤϯυπʔΤϯυ͡Όͳ͍ͱ
    ˠ τϥϯεϙʔτϞʔυ୭΋࢖ͬͯͳ͍ 38 ˞ݸਓͷภݟͰ͢