From 6414138a9c5bc55c5a0037ffa523a14b76e814af Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Wed, 29 Dec 2021 08:43:01 -0500 Subject: Improve IPsec help strings --- interface-definitions/vpn_ipsec.xml.in | 112 ++++++++++++++++----------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index e82249d44..17ba83bae 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -13,13 +13,13 @@ - Option to disable requirement for unique IDs in the Security Database + Disable requirement for unique IDs in the Security Database - Name of Encapsulating Security Payload (ESP) group + Encapsulated Security Payload (ESP) group name @@ -47,7 +47,7 @@ ESP lifetime u32:30-86400 - ESP lifetime in seconds (default 3600) + ESP lifetime in seconds (default: 3600) @@ -83,7 +83,7 @@ enable - Inherit Diffie-Hellman group from IKE group - default + Inherit Diffie-Hellman group from the IKE group (default) dh-group1 @@ -185,10 +185,10 @@ - ESP-group proposal [REQUIRED] + ESP group proposal [REQUIRED] u32:1-65535 - ESP-group proposal number + ESP group proposal number @@ -200,30 +200,30 @@ - Name of Internet Key Exchange (IKE) group + Internet Key Exchange (IKE) group name - close-action_help + Action to take if a child SA is unexpectedly closed none hold clear restart none - Set action to none (default) + Do nothing (default) hold - Set action to hold + Attempt to re-negotiate when matching traffic is seen clear - Set action to clear + Remove the connection immediately restart - Set action to restart + Attempt to re-negotiate the connection immediately ^(none|hold|clear|restart)$ @@ -243,15 +243,15 @@ hold - Set action to hold (default) + Attempt to re-negotiate the connection when matching traffic is seen (default) clear - Set action to clear + Remove the connection immediately restart - Set action to restart + Attempt to re-negotiate the connection immediately ^(hold|clear|restart)$ @@ -263,7 +263,7 @@ Keep-alive interval u32:2-86400 - Keep-alive interval in seconds (default 30) + Keep-alive interval in seconds (default: 30) @@ -272,7 +272,7 @@ - Dead-Peer-Detection keep-alive timeout (IKEv1 only) + Dead Peer Detection keep-alive timeout (IKEv1 only) u32:2-86400 Keep-alive timeout in seconds (default 120) @@ -296,7 +296,7 @@ no - Disable remote host re-authenticaton during an IKE rekey. (Default) + Disable remote host re-authenticaton during an IKE rekey. (default) ^(yes|no)$ @@ -305,17 +305,17 @@ - Key Exchange Version + IKE version ikev1 ikev2 ikev1 - Use IKEv1 for Key Exchange [DEFAULT] + Use IKEv1 for key exchange [DEFAULT] ikev2 - Use IKEv2 for Key Exchange + Use IKEv2 for key exchange ^(ikev1|ikev2)$ @@ -327,7 +327,7 @@ IKE lifetime u32:30-86400 - IKE lifetime in seconds (default 28800) + IKE lifetime in seconds (default: 28800) @@ -337,7 +337,7 @@ - Enable MOBIKE Support. MOBIKE is only available for IKEv2. + Enable MOBIKE Support (IKEv2 only) enable disable @@ -356,17 +356,17 @@ - IKEv1 Phase 1 Mode Selection + IKEv1 phase 1 mode selection main aggressive main - Use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default) + Use the main mode (recommended, default) aggressive - Use Aggressive mode for Key Exchanges in the IKEv1 protocol - We do not recommend users to use aggressive mode as it is much more insecure compared to Main mode. + Use the aggressive mode (insecure, not recommended) ^(main|aggressive)$ @@ -375,10 +375,10 @@ - proposal_help + IKE proposal u32:1-65535 - IKE-group proposal + IKE group proposal @@ -490,12 +490,12 @@ - Sets to include an additional configuration directive file for strongSwan. Use an absolute path to specify the included file + Absolute path to specify a strongSwan config include file - Sets to include an additional secrets file for strongSwan. Use an absolute path to specify the included file. + Absolute path to a strongSwan secrets include file #include @@ -506,7 +506,7 @@ - strongSwan Logger Level + strongSwan logging Level 0 Very basic auditing logs e.g. SA up/SA down (default) @@ -527,7 +527,7 @@ - Subsystem in the daemon the log comes from + Subsystem logging levels dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any @@ -626,7 +626,7 @@ - VPN IPSec Profile + VPN IPSec profile #include @@ -643,7 +643,7 @@ pre-shared-secret - Use pre shared secret key + Use a pre-shared secret key @@ -657,13 +657,13 @@ - Tunnel interface associated with this configuration profile + Tunnel interface associated with this profile interfaces tunnel txt - Associated interface to this configuration profile + Associated interface to this profile @@ -699,15 +699,15 @@ eap-tls - Client uses EAP-TLS authentication + Use EAP-TLS authentication eap-mschapv2 - Client uses EAP-MSCHAPv2 authentication + Use EAP-MSCHAPv2 authentication eap-radius - Client uses EAP-RADIUS authentication + Use EAP-RADIUS authentication ^(eap-tls|eap-mschapv2|eap-radius)$ @@ -724,11 +724,11 @@ pre-shared-secret - Authentication pre-shared-secret + Use a pre-shared secret key x509 - Authentication x509 + Use x.509 certificate ^(pre-shared-secret|x509)$ @@ -754,7 +754,7 @@ u32:1-86400 - Timeout in seconds (default 28800) + Timeout in seconds (default: 28800) @@ -764,14 +764,14 @@ - Pool name used for IP address assignments + IP address pool vpn ipsec remote-access pool dhcp radius txt - Name of predefined IP pool + Predefined IP pool name dhcp @@ -786,17 +786,17 @@ - Connection uniqueness policy to enforce + Connection uniqueness enforcement policy never keep replace never - Never enforce connection uniqueness policy + Never enforce connection uniqueness keep - Rejects new connection attempts if the same user already has an active connection + Reject new connection attempts if the same user already has an active connection replace @@ -811,7 +811,7 @@ - DHCP pool options for remote-access + DHCP pool options for remote access #include @@ -831,7 +831,7 @@ - IP address pool for remote-access users + IP address pool for remote access users @@ -936,7 +936,7 @@ x509 - Use X.509 certificate + Use x.509 certificate ^(pre-shared-secret|rsa|x509)$ @@ -992,17 +992,17 @@ #include - Force UDP Encapsulation for ESP Payloads + Force UDP Encapsulation for ESP payloads enable disable enable - This endpoint will force UDP encapsulation for this peer + Force UDP encapsulation disable - This endpoint will not force UDP encapsulation for this peer + Do not force UDP encapsulation ^(enable|disable)$ @@ -1012,7 +1012,7 @@ #include - Re-authentication of the remote peer during an IKE re-key. IKEv2 option only + Re-authentication of the remote peer during an IKE re-key (IKEv2 only) yes no inherit @@ -1026,7 +1026,7 @@ inherit - Inherit the reauth configuration form your IKE-group (Default) + Inherit the reauth configuration form your IKE-group (default) ^(yes|no|inherit)$ @@ -1049,7 +1049,7 @@ #include - Remote parameters for interesting traffic + Match remote addresses #include -- cgit v1.2.3