Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OpenBSD/OpenIKED でリモートアクセス VPN

OpenBSD/OpenIKED でリモートアクセス VPN

Masakazu Asama

February 29, 2020
Tweet

More Decks by Masakazu Asama

Other Decks in Technology

Transcript

  1. 0QFO#4%0QFO*,&%Ͱ
    ϦϞʔτΞΫηε71/
    ઙؒਖ਼࿨
    (!εϊʔϐʔΫ)FBERVBSUFSTΩϟϯϓϑΟʔϧυ
    1

    View full-size slide

  2. ߏ੒
    Ұൠతͳϒϩʔυόϯυϧʔλ

    Ұൠతͳ0QFO#4%αʔό
    SBTNZEPNBJO

    71/ΫϥΠΞϯτʹ
    ׂΓ౰ͯΔ*1WΞυϨεଳ

    6%1ͱ6%1Λ
    ʹ/"5
    Ұൠతͳ*,&Wઃఆ
    ઀ଓઌ͸%%/4౳Λ૝ఆ
    2
    Πϥετ $
    ͍Β͢ͱ΍

    View full-size slide

  3. ϒϩʔυόϯυϧʔλͷઃఆ
    3

    View full-size slide

  4. Լ४උ

    w *1Wύέοτసૹͷ༗ޮԽ
    w QGͷઃఆ
    w JLFEͷىಈઃఆ
    ras# cp /etc/examples/sysctl.conf /etc/
    ras# vi /etc/sysctl.conf
    net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
    ras# vi /etc/rc.conf.local
    iked_flags=""
    ras# vi /etc/pf.conf
    pass in log on smsc0 proto udp from any to 192.168.11.254 port {isakmp, ipsec-nat-t}
    pass in log on enc0
    4

    View full-size slide

  5. Լ४උ

    w ϓϩΩγ"31ͷઃఆ
    ras# ifconfig smsc0
    smsc0: flags=8843 mtu 1500
    lladdr b8:27:eb:b7:4a:f4
    index 3 priority 0 llprio 3
    groups: egress
    media: Ethernet autoselect (100baseTX full-duplex)
    status: active
    inet 192.168.11.254 netmask 0xffffff00 broadcast 192.168.11.255
    ras# arp -s 192.168.11.240 b8:27:eb:b7:4a:f4 pub
    ras# arp -s 192.168.11.241 b8:27:eb:b7:4a:f4 pub
    ras# arp -s 192.168.11.242 b8:27:eb:b7:4a:f4 pub
    ras# arp -s 192.168.11.243 b8:27:eb:b7:4a:f4 pub
    ras# arp -s 192.168.11.244 b8:27:eb:b7:4a:f4 pub
    ras# arp -s 192.168.11.245 b8:27:eb:b7:4a:f4 pub
    ras# arp -s 192.168.11.246 b8:27:eb:b7:4a:f4 pub
    ras# arp -s 192.168.11.247 b8:27:eb:b7:4a:f4 pub
    5

    View full-size slide

  6. $"ͷઃఆ

    ras# ikectl ca vpn create
    CA passphrase:
    Retype CA passphrase:
    Generating RSA private key, 2048 bit long modulus
    .........+++++
    ................................................................................................
    +++
    e is 65537 (0x10001)
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    ...
    6

    View full-size slide

  7. $"ͷઃఆ

    ...
    -----
    Country Name (2 letter code) [JP]:
    State or Province Name (full name) [Niigata]:
    Locality Name (eg, city) [Sanjo]:
    Organization Name (eg, company) [Ginzado]:
    Organizational Unit Name (eg, section) [BT]:
    Common Name (eg, fully qualified host name) [VPN CA]:
    Email Address [[email protected]]:
    Signature ok
    subject=/C=JP/ST=Niigata/L=Sanjo/O=Ginzado/OU=BT/CN=VPN CA/[email protected]
    Getting Private key
    Using configuration from /etc/ssl/vpn/ca-revoke-ssl.cnf
    ras# ikectl ca vpn install
    certificate for CA 'vpn' installed into /etc/iked/ca/ca.crt
    CRL for CA 'vpn' installed to /etc/iked/crls/ca.crl
    7

    View full-size slide

  8. αʔό伴ϖΞͷઃఆ

    ras# ikectl ca vpn certificate ras.my.domain create
    Generating RSA private key, 2048 bit long modulus
    ..............................................................................+++++
    ..................................+++++
    e is 65537 (0x10001)
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [JP]:
    State or Province Name (full name) [Niigata]:
    Locality Name (eg, city) [Sanjo]:
    Organization Name (eg, company) [Ginzado]:
    Organizational Unit Name (eg, section) [BT]:
    ...
    8

    View full-size slide

  9. αʔό伴ϖΞͷઃఆ

    ...
    Common Name (eg, fully qualified host name) [ras.my.domain]:
    Email Address [[email protected]]:
    Using configuration from /etc/ssl/vpn/ras.my.domain-ssl.cnf
    Check that the request matches the signature
    Signature ok
    The Subject's Distinguished Name is as follows
    countryName :PRINTABLE:'JP'
    stateOrProvinceName :ASN.1 12:'Niigata'
    localityName :ASN.1 12:'Sanjo'
    organizationName :ASN.1 12:'Ginzado'
    organizationalUnitName:ASN.1 12:'BT'
    commonName :ASN.1 12:'ras.my.domain'
    emailAddress :IA5STRING:'[email protected]'
    Certificate is to be certified until Feb 5 04:51:16 2021 GMT (365 days)
    Write out database with 1 new entries
    Data Base Updated
    ras# ikectl ca vpn certificate ras.my.domain install
    writing RSA key
    9

    View full-size slide

  10. 0QFO*,&%ͷઃఆ
    ras# touch /etc/iked.conf
    ras# chmod 600 /etc/iked.conf
    ras# vi /etc/iked.conf
    user "m-asama" "password"
    ikev2 passive esp \
    from 0.0.0.0/0 to 0.0.0.0/0 \
    local 192.168.11.254 peer any \
    srcid ras.my.domain \
    eap "mschap-v2" \
    config address 192.168.11.240/29 \
    config netmask 255.255.255.0 \
    config name-server 192.168.11.1
    10

    View full-size slide

  11. ୺຤ଆઃఆ J1BE04ͷྫ


    11

    View full-size slide

  12. ୺຤ଆઃఆ J1BE04ͷྫ


    12

    View full-size slide

  13. ୺຤ଆઃఆ J1BE04ͷྫ


    13

    View full-size slide

  14. ୺຤ଆઃఆ J1BE04ͷྫ


    14

    View full-size slide

  15. ୺຤ଆઃఆ J1BE04ͷྫ


    15

    View full-size slide

  16. ୺຤ଆઃఆ J1BE04ͷྫ


    16

    View full-size slide

  17. ୺຤ଆઃఆ J1BE04ͷྫ


    17

    View full-size slide

  18. ୺຤ଆઃఆ J1BE04ͷྫ


    18

    View full-size slide

  19. ୺຤ଆઃఆ J1BE04ͷྫ


    19

    View full-size slide

  20. ୺຤ଆઃఆ J1BE04ͷྫ


    20

    View full-size slide

  21. ୺຤ଆઃఆ J1BE04ͷྫ


    21

    View full-size slide

  22. ୺຤ଆઃఆ J1BE04ͷྫ


    22

    View full-size slide

  23. ҰମԿ͕ى͖͍ͯΔͷ͔ʁ
    23

    View full-size slide

  24. *1
    6%1
    )%3
    4"J
    ,&J
    /J
    *1 6%1 )%3 4"S ,&S /S $&353&2
    *OJUJBUPS 3FTQPOEFS
    *,&@4"@*/*5SFRVFTU
    *,&@4"@*/*5SFTQPOTF
    *,&@"65)SFRVFTU
    *,&@"65)SFTQPOTF
    *1
    6%1
    &41
    1BZMPBE
    &41QBDLFU
    &"1ͷ৔߹*,&@"65)ΛԿԟ෮͔͢Δ

    *1
    6%1
    )%3
    *%J
    $1
    54J
    54S 4"J
    ҉߸จ
    ฏจ
    *,&WʹΑΔ伴ަ׵
    ࣮τϥώοΫ
    *,&@"65)Λ
    อޢ͢ΔͨΊͷ
    ΍ΓͱΓ
    ࣮τϥώοΫΛ
    อޢ͢ΔͨΊͷ
    ΍ΓͱΓ
    24 Πϥετ $
    ͍Β͢ͱ΍
    *1 6%1 )%3 *%S "65) &"1
    $&35

    View full-size slide

  25. 4"4FDVSJUZ"TTPDJBUJPO
    w ཁ͢Δʹl઀ଓzΛදݱ͢ΔϞϊ
    w ҉߸ԽΞϧΰϦζϜ͸ԿͰ伴௕͸͍͔ͭ͘
    w ׬શੑݕূΞϧΰϦζϜ͸ԿͰ伴௕͸͍͔ͭ͘
    w ٖࣅཚ਺ੜ੒ΞϧΰϦζϜ͸ԿͰ伴௕͸͍͔ͭ͘
    w %J⒏F)FMMNBOάϧʔϓ ˞ޙड़
    ͸Կ͔
    w ߦ͖ͱؼΓͰͦΕͧΕผͷ4"͕༻ҙ͞ΕΔ
    w *,&ͷ΍ΓͱΓͷͨΊͷ4" *,&4"
    ͱ&41ͷ΍ΓͱΓͷͨΊͷ
    4" $IJME4"
    ͕ผʹͳ͍ͬͯΔ
    w લทͷ4"J͸*OJUJBUPS͕ఏҊ͢Δ*,&4"ͷΞϧΰϦζϜ܈Λද͠
    4"S͸3FTQPOEFS͕ఏҊ͢Δ*,&4"ͷΞϧΰϦζϜ܈Λද͢
    25

    View full-size slide

  26. ,&,FZ&YDIBOHF
    w l*OJUJBUPSͱ3FTQPOEFSͰڞ༗͢Δൿີͷ਺ࣈzΛੜ੒͢ΔͨΊͷ਺ࣈ
    w %J⒏F)FMMNBO伴ަ׵Ͱ༻͍Δ ˞ޙड़

    26

    View full-size slide

  27. /J/S/PODF
    w *OJUJBUPSͱ3FTQPOEFSͰͦΕͧΕੜ੒ͨ͠ϥϯμϜͳ਺ࣈ
    w ٖࣅཚ਺ੜ੒ͱ͔ೝূͷࡍʹ༻͍Δ
    27

    View full-size slide

  28. %J⒏F)FMMNBO伴ަ׵
    *OJUJBUPS 3FTQPOEFS
    伴ަ׵ʹ༻͍Δ%J⒏F)FMMNBOάϧʔϓΛܾఆ͢Δ
    *,&@4"@*/*5ͷ4"J4"SͰܾ·Δ

    ྫ͑͹(SPVQ CJU.0%1
    ͷ৔߹
    Q???\<?QJ>^
    H
    㱡J㱡QͱͳΔ
    ཚ਺JΛੜ੒
    㱡S㱡QͱͳΔ
    ཚ਺SΛੜ੒
    H?JNPEQΛ,&Jͱͯ͠ૹ৴
    H?SNPEQΛ,&Sͱͯ͠ૹ৴
    H?SNPEQ
    ?JNPEQ
    H? JS
    NPEQ
    ͕ڞ༗ൿີ伴
    H?JNPEQ
    ?SNPEQ
    H? JS
    NPEQ
    ͕ڞ༗ൿີ伴
    Q͕େ͖͍ͱQ H H?JNPEQ H?SNPEQͷ৘ใ͔Β
    H? JS
    NPEQΛܭࢉ͢Δͷ͸೉͍͠Β͍͠ ཭ࢄର਺໰୊

    ଞʹ΋ପԁۂઢ҉߸Λ༻͍ͨ΋ͷͳͲ΋͋Δ
    28 Πϥετ $
    ͍Β͢ͱ΍

    View full-size slide

  29. *,&4"ͷ伴ͷੜ੒
    ఆٛ
    QSG , 4
    4ͱ,͔Βݻఆ௕ͷٖࣅཚ਺Λੜ੒͢Δؔ਺
    QSG , 4
    QSGΛ࢖ͬͯQSGͰੜ੒͞ΕΔٖࣅཚ਺ΑΓ
    େ͖͍ٖࣅཚ਺ ٖࣅཚ਺ͷ࿈ଓ
    Λੜ੒͢Δؔ਺
    QSGJTEFpOFEBT
    QSG , 4
    5c5c5c5c
    XIFSF
    5QSG , 4cY

    5QSG , 5c4cY

    5QSG , 5c4cY

    5QSG , 5c4cY


    3'$͔ΒҾ༻

    લड़ͷ%J⒏F)FMMNBO伴ަ׵ͰH? JS
    Λܭࢉ͠4ͱ͠
    /Jͱ/SΛ͚ͬͭͨ͘΋ͷΛ,ͱ͢Δ ˞ॳճͷ৔߹

    ˣ
    ,ͱ4͔ΒQSG , 4
    Λܭࢉ͠4,&:4&&%ͱ͢Δ
    ˣ
    /Jͱ/Sͱ41*Jͱ41*SΛ͚ͬͭͨ͘΋ͷΛ4ͱ͢Δ
    ˞41*͸)%3ʹॻ͔Εͨ*%ͷΑ͏ͳ΋ͷ

    ˣ
    4,&:4&&%ͱ4͔ΒQSG 4,&:4&&% 4
    Λܭࢉ͠
    ٖࣅཚ਺ͷ࿈ଓΛಘΔ
    ˣ
    ੜ੒͞Εٖͨࣅཚ਺ͷ࿈ଓΛઌ಄͔Β੾ΓऔΓ
    4,@E $IJME4"ੜ੒༻ٖࣅཚ਺ੜ੒伴

    4,@BJ 4,@BS *OJUJBUPS3FTQPOEFSͷ׬શੑݕূ伴

    4,@FJ 4,@FS *OJUJBUPS3FTQPOEFSͷ҉߸伴

    4,@QJ 4,@QS "65)༻ٖࣅཚ਺ੜ੒伴
    ͱ͢Δ
    29

    View full-size slide

  30. ೝূ &"1ͷ৔߹

    w 3FTQPOEFS͔ΒΈͨ*OJUJBUPSͷೝূ
    w 111ͳͲͰ࢖ΘΕ͍ͯΔ.4$)"1WΛ༻͍Δ
    w ಉ͘͡.4$)"1WΛ༻͍Δ1151͸੬ऑੑ͕ݟ͔͍ͭͬͯΔ͕
    *,&W͸*,&4"Ͱ௨৴͕อޢ͞Ε͍ͯΔͷͰେৎ෉Β͍͠
    w 3FTQPOEFS͕νϟϨϯδΛૹͬͯ*OJUJBUPS͕ਖ਼͍͠ϨεϙϯεΛฦͤ
    Ε͹ೝূ੒ޭ
    w *OJUJBUPS͔ΒΈͨ3FTQPOEFSͷೝূ
    w 3FTQPOEFS͸*,&@4"@*/*5ͳͲͷ಺༰Λൿີ伴Ͱॺ໊͠*OJUJBUPSʹ
    ૹΔ
    w *OJUJBUPS͸$"ͷެ։伴Ͱݕূ͢Δ͜ͱͰ3FTQPOEFSΛೝূ ଟ෼

    30

    View full-size slide

  31. $IJME4"ͷ伴ͷੜ੒
    w *,&4"ͷ伴ͷੜ੒ͱಉ͡Α͏ͳײ͡Ͱ/Jͱ/SΛ͚ͬͭͨ͘΋ͷΛλω
    ʹ4,@EΛ伴ʹͯ͠QSGΛ࣮ߦٖ͠ࣅཚ਺ͷ࿈ଓΛੜ੒͠಄͔Β҉߸伴
    ͱ׬શੑݕূ伴Λ੾ΓऔΔ
    w $IJME4"ͷ৘ใ͸1'@,&:ιέοτΛ࢖ͬͯΧʔωϧʹྲྀ͠ࠐ·ΕΔ
    31

    View full-size slide

  32. 4"ͷߋ৽
    w ΊΜͲ͍ͷͰলུ
    w $3&"5&@$)*-%@4"ͱ͍͏ϝοηʔδͰ
    w *,&4"ͷߋ৽
    w ͦΜͳʹසൟʹ͸΍Βͳ͍
    w ͜ͷ৔߹͸طଘͷ$IJME4"Λ৽͍͠*,&4"ʹඥ෇͚Δ
    w $IJME4"ͷߋ৽
    w *,&4"ΑΓ͸සൟʹ΍Δ
    w Λߦ͏Μ͚ͩͲ͜Ε͕·ͨ௒ઈΊΜͲ͍ ओʹύέοτফࣦ΍ΤϥʔରԠ

    w *OJUJBUPS3FTQPOEFSͷͲͪΒ΋$3&"5&@$)*-%@4"Λ։࢝͢Δ͜ͱ
    ͕Ͱ͖ͯͦΕ͕ಉ࣌ʹى͖ͨ࣌͸Ͳ͏͢Δ͔ͱ͔ߟ͑ͳ͍ͱ͚ͳ͍
    32

    View full-size slide

  33. 54J54S5SB⒏D4FMFDUPS
    w $IJME4"Ͱอޢ͢Δ
    w ΞυϨεൣғ
    w ϙʔτ൪߸ൣғ
    w Λࢦఆ͢ΔϞϊ
    w ࠓճͷྫͰ͸3FTQPOEFSͷઃఆ্͸54Jͱ54S͕ڞʹʹઃ
    ఆ͞Ε͍ͯΔ͕࣮ࡍʹ͸54JΛೝূͨ࣌͠఺Ͱ*OJUJBUPSʹׂΓ౰ͯͨΞ
    υϨεͷΈʹڱΊ͍ͯΔ
    33
    ras# ipsecctl -s flow
    flow esp in from 192.168.11.246 to 0.0.0.0/0 peer 203.0.113.85 \
    srcid FQDN/ras.my.domain dstid IPV4/10.132.21.116 type use
    flow esp out from 0.0.0.0/0 to 192.168.11.246 peer 203.0.113.85
    srcid FQDN/ras.my.domain dstid IPV4/10.132.21.116 type require
    flow esp out from ::/0 to ::/0 type deny

    View full-size slide

  34. $1$POpHVSBUJPO
    w %)$1ͷΑ͏ʹ૬ख͔ΒΞυϨεΛׂΓ౰ͯͯ΋ΒͬͨΓ%/4αʔόͷ
    ৘ใͳͲΛڭ͑ͯ΋ΒͬͨΓ͢ΔͨΊͷϞϊ
    w *,&Wͷࠒʹ͸ͳ͘*,&Wʹͳͬͯ࡞ΒΕͨ
    w *,&WͰ͸*1TFDͰ҉߸Խ͞Εͨܦ࿏Λ࡞্ͬͨʹ-51WͰτϯωϧ
    Λு͍ͬͯͨ
    w ΞυϨεׂΓ౰ͯͳͲ͸-51WͷػೳΛར༻͍ͯͨ͠
    34

    View full-size slide

  35. /"5τϥόʔαϧ
    w ࠓճ͸*,&΋&41΋6%1Λ࢖ͬͯ௨৴͞ΕΔ͜ͱΛલఏͱͨ͠આ໌͠
    ͔͠ͳ͔͚ͬͨͲେੲ͸&41͸*1ͷϓϩτίϧͷͻͱͭͱͯ͠ఆٛ͞Ε
    ͍ͯͨͨΊؒʹ/"5૷ஔ͕͍Δͱ࢖͑ͳ͔ͬͨ
    w *,&WͰ͸్தͰ/"5τϥόʔαϧͱ͍͏ػೳ͕ผ3'$Ͱఆٛ͞Ε
    *,&WͰ͸*,&Wͷ࢓༷ʹ͜ͷػೳ͕࠷ॳ͔Β੝Γࠐ·Ε͍ͯΔ
    w ૹ৴ݩ͕Ѽઌͱૹ৴ݩʹઃఆͨ͠*1ΞυϨεͷ৘ใΛ*,&ͷ৘ใʹຒΊ
    ࠐΈ૬ख͕ड͚औͬͨࡍʹ࣮ࡍʹઃఆ͞ΕͨѼઌͱૹ৴ݩͷ*1ΞυϨε
    ͱൺֱ͢Δ͜ͱͰؒʹ/"5૷ஔ͕͍Δ͜ͱΛݕ஌͢Δ͜ͱ͕Ͱ͖Δ
    w 6%1ͷ/"5͸௨৴͕ͳ͍ͱηογϣϯ৘ใ͕ফ͞ΕΔͷͰఆظతʹ σ
    ϑΥϧτඵ
    /"5ΩʔϓΞϥΠϒΛૹΔ
    35

    View full-size slide

  36. &41Ҏ֎
    w ࠓճ͸&41Λલఏͱͨ͠આ໌͔͠͠ͳ͔͚ͬͨͲ*1TFDʹ͸ଞʹ")
    ΍*1$PNQͱ͍͏Ϟϊ΋͋Δ
    w ")͸҉߸Խͤͣ׬શੑ ్தͰվ᜵͞Ε͍ͯͳ͍͜ͱ
    Λอূ͢Δ͚ͩ
    ͷϞϊ
    w େੲ͸&41͸҉߸Խ͢Δ͚ͩͰ׬શੑ͸อূͤͣ׬શੑΛ୲อͨ͠
    ͍࣌͸")ͱ૊Έ߹ΘͤΔͱ͍͏Ϟϊ͚ͩͬͨͲ&41Ͱ׬શੑ΋อ
    ূͰ͖ΔΑ͏ʹͳͬͯ")͸શ͘ͱݴ͍͍ͬͯ΄Ͳ࢖ΘΕͳ͔ͬͨ
    w ηΩϡϦςΟతʹ΋׬શੑΛνΣοΫ͠ͳ͍҉߸Խ͸ྑ͘ͳ͍Β͍͠
    w *1$PNQ͸ϖΠϩʔυΛѹॖ͢ΔͨΊͷϞϊ
    36

    View full-size slide

  37. τϯωϧϞʔυҎ֎
    w ࠓճ͸τϯωϧϞʔυΛલఏͱ͢Δઆ໌͔͠͠ͳ͔͚ͬͨͲ*1TFDʹ͸ଞ
    ʹτϥϯεϙʔτϞʔυͱ͍͏Ϟϊ΋͋Δ
    w τϯωϧϞʔυ͸ΦϦδφϧͷ*1ύέοτΛ*1TFD૷ஔ͕ΧϓηϧԽ
    ͯ͠શମΛอޢ͢Δ͕τϥϯεϙʔτϞʔυ͸*1TFD૷ஔؒͷ௨৴ͷத
    ਎ͷΈΛอޢ͢Δ ΦϦδφϧͷ*1ϔομͷ಺ଆͷΈΛอޢ

    w 3'$ʹ͸lτϥϯεϙʔτϞʔυ͸Ϋη͕ڧ͍zΈ͍ͨͳ͜ͱ͕
    ॻ͔Ε͍ͯͯݸਓతʹ͸͋·ΓؔΘΓͨ͘ͳ͍
    5IJTTDFOBSJPFOBCMFTUIFFOEUPFOETFDVSJUZUIBUIBTCFFOBHVJEJOHQSJODJQMFGPSUIF
    *OUFSOFUTJODF<"3$)13*/$> <53"/41"3&/$:> BOEBNFUIPEPGMJNJUJOHUIFJOIFSFOU
    QSPCMFNTXJUIDPNQMFYJUZJOOFUXPSLTOPUFECZ<"3$)(6*%&1)*->
    3'$&OEQPJOUUP&OEQPJOU5SBOTQPSU.PEF
    37

    View full-size slide

  38. ཧ૝ओٛWTݱ࣮ओٛ
    w ϦϞʔτΞΫηεʹ͸-51W͕͋ΔΜ͔ͩΒ*1TFDʹ͸ෆཁ
    ˠ ΍ͬͺΞυϨεׂΓ౰ͯػೳ͋ͬͨํ͕͍͍ΑͶ
    w /"5͸ѱ")ͱ&41͸*1ͷϓϩτίϧͰ
    ˠ ෆศ͗͢6%1Ͱ/"5ӽ͑Ͱ͖ΔΑ͏ʹ͠Α
    w ׬શੑΛ୲อ͍͚ͨ͠Ͳػີੑ͸ඞཁͳ͍࣌΋͋Ε͹ػີੑΛ୲อ͍ͨ͠
    ͚Ͳ׬શੑ͕ඞཁͳ͍࣌΋͋Δ͸ͣͳͷͰඞཁʹԠͯ͡")ͱ&41Λ૊
    Έ߹Θͤͯ࢖͏΂͖
    ˠ ࣮ࡍʹ͸&41͔͠࢖ΘΕͣޙ͔Β׬શੑ΋୲อ͞ΕΔ
    w Πϯλʔωοτ͸ΤϯυπʔΤϯυ͡Όͳ͍ͱ
    ˠ τϥϯεϙʔτϞʔυ୭΋࢖ͬͯͳ͍
    38
    ˞ݸਓͷภݟͰ͢

    View full-size slide