diff options
author | Robert Göhler <github@ghlr.de> | 2024-03-18 22:37:24 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-18 22:37:24 +0100 |
commit | 44dd53b5f4b8f2f8cadd5e4e0e96787a722e0d15 (patch) | |
tree | 55b1a71a507382a322292cd9e25dbd44615740ab /docs/_locale/uk/configuration.pot | |
parent | bebd4d74114812ef01410b5ed4e640a682b40a65 (diff) | |
parent | b7e06049dce4b6556b5feb50305ec258cfe06bf8 (diff) | |
download | vyos-documentation-44dd53b5f4b8f2f8cadd5e4e0e96787a722e0d15.tar.gz vyos-documentation-44dd53b5f4b8f2f8cadd5e4e0e96787a722e0d15.zip |
Merge pull request #1335 from vyos/update-translations-master
Github: update translations
Diffstat (limited to 'docs/_locale/uk/configuration.pot')
-rw-r--r-- | docs/_locale/uk/configuration.pot | 3710 |
1 files changed, 2598 insertions, 1112 deletions
diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot index 62a76e08..e664bc23 100644 --- a/docs/_locale/uk/configuration.pot +++ b/docs/_locale/uk/configuration.pot @@ -168,9 +168,9 @@ msgstr "**Documentation under development**" msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocol, destination address or source address)**" -#: ../../configuration/service/dhcp-server.rst:200 -#: ../../configuration/service/dhcp-server.rst:587 -#: ../../configuration/service/dhcp-server.rst:626 +#: ../../configuration/service/dhcp-server.rst:206 +#: ../../configuration/service/dhcp-server.rst:593 +#: ../../configuration/service/dhcp-server.rst:634 msgid "**Example:**" msgstr "**Example:**" @@ -269,11 +269,11 @@ msgstr "**Input**: stage where traffic destined for the router itself can be fil msgid "**Interface name**" msgstr "**Interface name**" -#: ../../configuration/vpn/site2site_ipsec.rst:303 +#: ../../configuration/vpn/site2site_ipsec.rst:306 msgid "**LEFT**" msgstr "**LEFT**" -#: ../../configuration/vpn/site2site_ipsec.rst:287 +#: ../../configuration/vpn/site2site_ipsec.rst:290 msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)" msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)" @@ -309,11 +309,11 @@ msgstr "**MED check**" msgid "**Multi-path check**" msgstr "**Multi-path check**" -#: ../../configuration/protocols/bgp.rst:1193 +#: ../../configuration/protocols/bgp.rst:1215 msgid "**Node1:**" msgstr "**Node1:**" -#: ../../configuration/protocols/bgp.rst:1221 +#: ../../configuration/protocols/bgp.rst:1243 msgid "**Node2:**" msgstr "**Node2:**" @@ -326,10 +326,10 @@ msgid "**Node 1**" msgstr "**Node 1**" #: ../../configuration/protocols/babel.rst:192 -#: ../../configuration/protocols/bgp.rst:1103 -#: ../../configuration/protocols/bgp.rst:1130 -#: ../../configuration/protocols/bgp.rst:1148 -#: ../../configuration/protocols/bgp.rst:1176 +#: ../../configuration/protocols/bgp.rst:1125 +#: ../../configuration/protocols/bgp.rst:1152 +#: ../../configuration/protocols/bgp.rst:1170 +#: ../../configuration/protocols/bgp.rst:1198 #: ../../configuration/protocols/isis.rst:341 #: ../../configuration/protocols/isis.rst:416 #: ../../configuration/protocols/isis.rst:457 @@ -350,10 +350,10 @@ msgid "**Node 2**" msgstr "**Node 2**" #: ../../configuration/protocols/babel.rst:202 -#: ../../configuration/protocols/bgp.rst:1114 #: ../../configuration/protocols/bgp.rst:1136 -#: ../../configuration/protocols/bgp.rst:1160 +#: ../../configuration/protocols/bgp.rst:1158 #: ../../configuration/protocols/bgp.rst:1182 +#: ../../configuration/protocols/bgp.rst:1204 #: ../../configuration/protocols/isis.rst:352 #: ../../configuration/protocols/isis.rst:432 #: ../../configuration/protocols/isis.rst:511 @@ -384,6 +384,10 @@ msgid "**Output**: stage where traffic that is originated by the router itself c msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" #: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" @@ -411,7 +415,7 @@ msgstr "**Prerouting**: several actions can be done in this stage, and currently msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" -#: ../../configuration/service/dhcp-server.rst:391 +#: ../../configuration/service/dhcp-server.rst:397 msgid "**Primary**" msgstr "**Primary**" @@ -481,11 +485,11 @@ msgstr "**RADIUS based IP pools (Framed-IP-Address)**" msgid "**RADIUS sessions management DM/CoA**" msgstr "**RADIUS sessions management DM/CoA**" -#: ../../configuration/vpn/site2site_ipsec.rst:343 +#: ../../configuration/vpn/site2site_ipsec.rst:346 msgid "**RIGHT**" msgstr "**RIGHT**" -#: ../../configuration/vpn/site2site_ipsec.rst:293 +#: ../../configuration/vpn/site2site_ipsec.rst:296 msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)" msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)" @@ -521,15 +525,15 @@ msgstr "**SW1**" msgid "**SW2**" msgstr "**SW2**" -#: ../../configuration/service/dhcp-server.rst:400 +#: ../../configuration/service/dhcp-server.rst:406 msgid "**Secondary**" msgstr "**Secondary**" -#: ../../configuration/vpn/ipsec.rst:261 +#: ../../configuration/vpn/ipsec.rst:265 msgid "**Setting up IPSec**" msgstr "**Setting up IPSec**" -#: ../../configuration/vpn/ipsec.rst:237 +#: ../../configuration/vpn/ipsec.rst:241 msgid "**Setting up the GRE tunnel**" msgstr "**Setting up the GRE tunnel**" @@ -575,11 +579,25 @@ msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 1 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" +#: ../../configuration/service/pppoe-server.rst:474 +#: ../../configuration/vpn/l2tp.rst:428 +#: ../../configuration/vpn/pptp.rst:352 +#: ../../configuration/vpn/sstp.rst:386 +msgid "**allow** - Negotiate IPv4 only if client requests (Default value)" +msgstr "**allow** - Negotiate IPv4 only if client requests (Default value)" + +#: ../../configuration/service/pppoe-server.rst:349 +#: ../../configuration/vpn/l2tp.rst:293 +#: ../../configuration/vpn/pptp.rst:217 +#: ../../configuration/vpn/sstp.rst:251 +msgid "**allow** - Negotiate IPv6 only if client requests" +msgstr "**allow** - Negotiate IPv6 only if client requests" + #: ../../configuration/container/index.rst:38 msgid "**allow-host-networks** cannot be used with **network**" msgstr "**allow-host-networks** cannot be used with **network**" -#: ../../configuration/container/index.rst:102 +#: ../../configuration/container/index.rst:107 msgid "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" msgstr "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" @@ -595,6 +613,10 @@ msgstr "**application**: analyzes received flow data in the context of intrusion msgid "**auto** – automatically determines the interface type. **wired** – enables optimisations for wired interfaces. **wireless** – disables a number of optimisations that are only correct on wired interfaces. Specifying wireless is always correct, but may cause slower convergence and extra routing traffic." msgstr "**auto** – automatically determines the interface type. **wired** – enables optimisations for wired interfaces. **wireless** – disables a number of optimisations that are only correct on wired interfaces. Specifying wireless is always correct, but may cause slower convergence and extra routing traffic." +#: ../../configuration/service/ids.rst:90 +msgid "**ban-time** and **threshold**: these values are kept very low in order to easily identify and generate and attack." +msgstr "**ban-time** and **threshold**: these values are kept very low in order to easily identify and generate and attack." + #: ../../configuration/protocols/ospf.rst:435 msgid "**broadcast** – broadcast IP addresses distribution. **non-broadcast** – address distribution in NBMA networks topology. **point-to-multipoint** – address distribution in point-to-multipoint networks. **point-to-point** – address distribution in point-to-point networks." msgstr "**broadcast** – broadcast IP addresses distribution. **non-broadcast** – address distribution in NBMA networks topology. **point-to-multipoint** – address distribution in point-to-multipoint networks. **point-to-point** – address distribution in point-to-point networks." @@ -603,6 +625,13 @@ msgstr "**broadcast** – broadcast IP addresses distribution. **non-broadcast** msgid "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." msgstr "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." +#: ../../configuration/service/pppoe-server.rst:401 +#: ../../configuration/vpn/l2tp.rst:345 +#: ../../configuration/vpn/pptp.rst:269 +#: ../../configuration/vpn/sstp.rst:303 +msgid "**calling-sid** - Calculate interface identifier from calling-station-id." +msgstr "**calling-sid** - Calculate interface identifier from calling-station-id." + #: ../../configuration/protocols/ospf.rst:121 msgid "**cisco** – a router will be considered as ABR if it has several configured links to the networks in different areas one of which is a backbone area. Moreover, the link to the backbone area should be active (working). **ibm** – identical to \"cisco\" model but in this case a backbone area link may not be active. **standard** – router has several active links to different areas. **shortcut** – identical to \"standard\" but in this model a router is allowed to use a connected areas topology without involving a backbone area for inter-area connections." msgstr "**cisco** – a router will be considered as ABR if it has several configured links to the networks in different areas one of which is a backbone area. Moreover, the link to the backbone area should be active (working). **ibm** – identical to \"cisco\" model but in this case a backbone area link may not be active. **standard** – router has several active links to different areas. **shortcut** – identical to \"standard\" but in this model a router is allowed to use a connected areas topology without involving a backbone area for inter-area connections." @@ -619,7 +648,28 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." -#: ../../configuration/vpn/sstp.rst:199 +#: ../../configuration/service/pppoe-server.rst:566 +msgid "**deny**: Deny second session authorization." +msgstr "**deny**: Deny second session authorization." + +#: ../../configuration/service/pppoe-server.rst:475 +#: ../../configuration/vpn/l2tp.rst:429 +#: ../../configuration/vpn/pptp.rst:353 +#: ../../configuration/vpn/sstp.rst:387 +msgid "**deny** - Do not negotiate IPv4" +msgstr "**deny** - Do not negotiate IPv4" + +#: ../../configuration/service/pppoe-server.rst:350 +#: ../../configuration/vpn/l2tp.rst:294 +#: ../../configuration/vpn/pptp.rst:218 +#: ../../configuration/vpn/sstp.rst:252 +msgid "**deny** - Do not negotiate IPv6 (default value)" +msgstr "**deny** - Do not negotiate IPv6 (default value)" + +#: ../../configuration/service/pppoe-server.rst:507 +#: ../../configuration/vpn/l2tp.rst:461 +#: ../../configuration/vpn/pptp.rst:385 +#: ../../configuration/vpn/sstp.rst:419 msgid "**deny** - deny mppe" msgstr "**deny** - deny mppe" @@ -635,6 +685,10 @@ msgstr "**dhcp** interface address is received by DHCP from a DHCP server on thi msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." +#: ../../configuration/service/pppoe-server.rst:565 +msgid "**disable**: Disables session control." +msgstr "**disable**: Disables session control." + #: ../../configuration/service/dhcp-relay.rst:75 msgid "**discard:** Received packets which already contain relay information will be discarded." msgstr "**discard:** Received packets which already contain relay information will be discarded." @@ -667,6 +721,17 @@ msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It co msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." +#: ../../configuration/service/pppoe-server.rst:400 +#: ../../configuration/vpn/l2tp.rst:344 +#: ../../configuration/vpn/pptp.rst:268 +#: ../../configuration/vpn/sstp.rst:302 +msgid "**ipv4-addr** - Calculate interface identifier from IPv4 address." +msgstr "**ipv4-addr** - Calculate interface identifier from IPv4 address." + +#: ../../configuration/service/ipoe-server.rst:91 +msgid "**l2**: It means that clients are on same network where interface is.**(default)**" +msgstr "**l2**: It means that clients are on same network where interface is.**(default)**" + #: ../../configuration/interfaces/bonding.rst:161 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" @@ -707,10 +772,18 @@ msgstr "**level-2-only** - Act as an area (Level 2) router only." msgid "**level-2-only** - Level-2 only adjacencies are formed" msgstr "**level-2-only** - Level-2 only adjacencies are formed" -#: ../../configuration/vpn/sstp.rst:105 +#: ../../configuration/service/ipoe-server.rst:65 +#: ../../configuration/service/pppoe-server.rst:43 +#: ../../configuration/vpn/l2tp.rst:31 +#: ../../configuration/vpn/pptp.rst:32 +#: ../../configuration/vpn/sstp.rst:58 msgid "**local**: All authentication queries are handled locally." msgstr "**local**: All authentication queries are handled locally." +#: ../../configuration/service/ipoe-server.rst:93 +msgid "**local**: It means that client are behind some router." +msgstr "**local**: It means that client are behind some router." + #: ../../configuration/interfaces/wireguard.rst:140 msgid "**local side - commands**" msgstr "**local side - commands**" @@ -723,27 +796,36 @@ msgstr "**log-fail** In this mode, the recursor will attempt to validate all dat msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**narrow** - Use old style of TLVs with narrow metric." -#: ../../configuration/container/index.rst:119 +#: ../../configuration/container/index.rst:124 msgid "**net-admin**: Network operations (interface, firewall, routing tables)" msgstr "**net-admin**: Network operations (interface, firewall, routing tables)" -#: ../../configuration/container/index.rst:120 +#: ../../configuration/container/index.rst:125 msgid "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" msgstr "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" -#: ../../configuration/container/index.rst:121 +#: ../../configuration/container/index.rst:126 msgid "**net-raw**: Permission to create raw network sockets" msgstr "**net-raw**: Permission to create raw network sockets" -#: ../../configuration/container/index.rst:100 +#: ../../configuration/container/index.rst:105 msgid "**no**: Do not restart containers on exit" msgstr "**no**: Do not restart containers on exit" +#: ../../configuration/service/ipoe-server.rst:66 +msgid "**noauth**: Authentication disabled" +msgstr "**noauth**: Authentication disabled" + +#: ../../configuration/service/pppoe-server.rst:44 +#: ../../configuration/vpn/pptp.rst:33 +msgid "**noauth**: Authentication disabled." +msgstr "**noauth**: Authentication disabled." + #: ../../configuration/service/dns.rst:66 msgid "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." msgstr "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." -#: ../../configuration/container/index.rst:101 +#: ../../configuration/container/index.rst:106 msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" @@ -755,10 +837,31 @@ msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It config msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/vpn/sstp.rst:198 +#: ../../configuration/service/pppoe-server.rst:473 +#: ../../configuration/vpn/l2tp.rst:427 +#: ../../configuration/vpn/pptp.rst:351 +#: ../../configuration/vpn/sstp.rst:385 +msgid "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" +msgstr "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" + +#: ../../configuration/service/pppoe-server.rst:348 +#: ../../configuration/vpn/l2tp.rst:292 +#: ../../configuration/vpn/pptp.rst:216 +#: ../../configuration/vpn/sstp.rst:250 +msgid "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" +msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" + +#: ../../configuration/vpn/sstp.rst:204 msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - ask client for mppe, if it rejects don't fail" +#: ../../configuration/service/pppoe-server.rst:506 +#: ../../configuration/vpn/l2tp.rst:460 +#: ../../configuration/vpn/pptp.rst:384 +#: ../../configuration/vpn/sstp.rst:418 +msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" +msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" + #: ../../configuration/service/dns.rst:77 msgid "**process** When dnssec is set to process the behavior is similar to process-no-validate. However, the recursor will try to validate the data if at least one of the DO or AD bits is set in the query; in that case, it will set the AD-bit in the response when the data is validated successfully, or send SERVFAIL when the validation comes up bogus." msgstr "**process** When dnssec is set to process the behavior is similar to process-no-validate. However, the recursor will try to validate the data if at least one of the DO or AD bits is set in the query; in that case, it will set the AD-bit in the response when the data is validated successfully, or send SERVFAIL when the validation comes up bogus." @@ -771,19 +874,55 @@ msgstr "**process-no-validate** In this mode the recursor acts as a \"security a msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols." msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols." -#: ../../configuration/vpn/sstp.rst:103 +#: ../../configuration/service/ipoe-server.rst:63 +#: ../../configuration/service/pppoe-server.rst:41 +#: ../../configuration/vpn/l2tp.rst:29 +#: ../../configuration/vpn/pptp.rst:30 +#: ../../configuration/vpn/sstp.rst:56 msgid "**radius**: All authentication queries are handled by a configured RADIUS server." msgstr "**radius**: All authentication queries are handled by a configured RADIUS server." +#: ../../configuration/service/pppoe-server.rst:391 +#: ../../configuration/service/pppoe-server.rst:398 +#: ../../configuration/vpn/l2tp.rst:335 +#: ../../configuration/vpn/l2tp.rst:342 +#: ../../configuration/vpn/pptp.rst:259 +#: ../../configuration/vpn/pptp.rst:266 +#: ../../configuration/vpn/sstp.rst:293 +#: ../../configuration/vpn/sstp.rst:300 +msgid "**random** - Random interface identifier for IPv6" +msgstr "**random** - Random interface identifier for IPv6" + #: ../../configuration/interfaces/wireguard.rst:190 msgid "**remote side - commands**" msgstr "**remote side - commands**" +#: ../../configuration/service/pppoe-server.rst:567 +msgid "**replace**: Terminate first session when second is authorized **(default)**" +msgstr "**replace**: Terminate first session when second is authorized **(default)**" + #: ../../configuration/service/dhcp-relay.rst:81 msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set." msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set." -#: ../../configuration/vpn/sstp.rst:197 +#: ../../configuration/service/pppoe-server.rst:472 +#: ../../configuration/vpn/l2tp.rst:426 +#: ../../configuration/vpn/pptp.rst:350 +#: ../../configuration/vpn/sstp.rst:384 +msgid "**require** - Require IPv4 negotiation" +msgstr "**require** - Require IPv4 negotiation" + +#: ../../configuration/service/pppoe-server.rst:347 +#: ../../configuration/vpn/l2tp.rst:291 +#: ../../configuration/vpn/pptp.rst:215 +#: ../../configuration/vpn/sstp.rst:249 +msgid "**require** - Require IPv6 negotiation" +msgstr "**require** - Require IPv6 negotiation" + +#: ../../configuration/service/pppoe-server.rst:505 +#: ../../configuration/vpn/l2tp.rst:459 +#: ../../configuration/vpn/pptp.rst:383 +#: ../../configuration/vpn/sstp.rst:417 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" @@ -791,19 +930,23 @@ msgstr "**require** - ask client for mppe, if it rejects drop connection" msgid "**right**" msgstr "**right**" -#: ../../configuration/container/index.rst:122 +#: ../../configuration/container/index.rst:127 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" +#: ../../configuration/service/ipoe-server.rst:99 +msgid "**shared**: Multiple clients share the same network. **(default)**" +msgstr "**shared**: Multiple clients share the same network. **(default)**" + #: ../../configuration/nat/nat44.rst:195 msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT." msgstr "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT." -#: ../../configuration/container/index.rst:123 +#: ../../configuration/container/index.rst:128 msgid "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" msgstr "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" -#: ../../configuration/container/index.rst:124 +#: ../../configuration/container/index.rst:129 msgid "**sys-time**: Permission to set system clock" msgstr "**sys-time**: Permission to set system clock" @@ -819,10 +962,25 @@ msgstr "**upstream:** The upstream network interface is the outgoing interface w msgid "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." msgstr "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." +#: ../../configuration/service/ipoe-server.rst:100 +msgid "**vlan**: One VLAN per client." +msgstr "**vlan**: One VLAN per client." + #: ../../configuration/protocols/isis.rst:102 msgid "**wide** - Use new style of TLVs to carry wider metric." msgstr "**wide** - Use new style of TLVs to carry wider metric." +#: ../../configuration/service/pppoe-server.rst:392 +#: ../../configuration/service/pppoe-server.rst:399 +#: ../../configuration/vpn/l2tp.rst:336 +#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/vpn/pptp.rst:260 +#: ../../configuration/vpn/pptp.rst:267 +#: ../../configuration/vpn/sstp.rst:294 +#: ../../configuration/vpn/sstp.rst:301 +msgid "**x:x:x:x** - Specify interface identifier for IPv6" +msgstr "**x:x:x:x** - Specify interface identifier for IPv6" + #: ../../configuration/protocols/bgp.rst:143 msgid "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." msgstr "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." @@ -887,7 +1045,7 @@ msgstr "0 if not defined, which means no refreshing." msgid "0 if not defined." msgstr "0 if not defined." -#: ../../configuration/service/dhcp-server.rst:237 +#: ../../configuration/service/dhcp-server.rst:243 #: ../../configuration/system/syslog.rst:114 #: ../../configuration/system/syslog.rst:173 #: ../../configuration/trafficpolicy/index.rst:801 @@ -950,7 +1108,7 @@ msgstr "10 - 10 MBit/s" msgid "11" msgstr "11" -#: ../../configuration/service/dhcp-server.rst:319 +#: ../../configuration/service/dhcp-server.rst:325 msgid "119" msgstr "119" @@ -960,11 +1118,11 @@ msgstr "119" msgid "12" msgstr "12" -#: ../../configuration/service/dhcp-server.rst:324 +#: ../../configuration/service/dhcp-server.rst:330 msgid "121, 249" msgstr "121, 249" -#: ../../configuration/service/dhcp-server.rst:304 +#: ../../configuration/service/dhcp-server.rst:310 #: ../../configuration/system/syslog.rst:138 #: ../../configuration/trafficpolicy/index.rst:870 msgid "13" @@ -976,7 +1134,7 @@ msgstr "13" msgid "14" msgstr "14" -#: ../../configuration/service/dhcp-server.rst:264 +#: ../../configuration/service/dhcp-server.rst:270 #: ../../configuration/system/syslog.rst:142 #: ../../configuration/trafficpolicy/index.rst:866 msgid "15" @@ -1000,7 +1158,7 @@ msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgid "18" msgstr "18" -#: ../../configuration/service/dhcp-server.rst:269 +#: ../../configuration/service/dhcp-server.rst:275 #: ../../configuration/system/syslog.rst:150 msgid "19" msgstr "19" @@ -1025,7 +1183,7 @@ msgstr "1: Enable DAD (default)" msgid "1 if not defined." msgstr "1 if not defined." -#: ../../configuration/service/dhcp-server.rst:243 +#: ../../configuration/service/dhcp-server.rst:249 #: ../../configuration/system/syslog.rst:116 #: ../../configuration/system/syslog.rst:178 #: ../../configuration/trafficpolicy/index.rst:799 @@ -1059,7 +1217,7 @@ msgstr "25000 - 25 GBit/s" msgid "2500 - 2.5 GBit/s" msgstr "2500 - 2.5 GBit/s" -#: ../../configuration/service/dhcp-server.rst:329 +#: ../../configuration/service/dhcp-server.rst:335 msgid "252" msgstr "252" @@ -1087,7 +1245,7 @@ msgstr "2. Since this is the first packet, connection status of this connection, msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." -#: ../../configuration/service/dhcp-server.rst:249 +#: ../../configuration/service/dhcp-server.rst:255 #: ../../configuration/system/syslog.rst:118 #: ../../configuration/system/syslog.rst:181 #: ../../configuration/trafficpolicy/index.rst:797 @@ -1115,7 +1273,7 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Add a full path to the script" -#: ../../configuration/service/dhcp-server.rst:254 +#: ../../configuration/service/dhcp-server.rst:260 #: ../../configuration/system/syslog.rst:120 #: ../../configuration/system/syslog.rst:183 #: ../../configuration/trafficpolicy/index.rst:795 @@ -1131,11 +1289,11 @@ msgstr "40000 - 40 GBit/s" msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." -#: ../../configuration/service/dhcp-server.rst:274 +#: ../../configuration/service/dhcp-server.rst:280 msgid "42" msgstr "42" -#: ../../configuration/service/dhcp-server.rst:279 +#: ../../configuration/service/dhcp-server.rst:285 msgid "44" msgstr "44" @@ -1166,7 +1324,7 @@ msgstr "50000 - 50 GBit/s" msgid "5000 - 5 GBit/s" msgstr "5000 - 5 GBit/s" -#: ../../configuration/service/dhcp-server.rst:284 +#: ../../configuration/service/dhcp-server.rst:290 msgid "54" msgstr "54" @@ -1179,7 +1337,7 @@ msgstr "5. Second packet for this connection is received by the router. Since co msgid "5 if not defined." msgstr "5 if not defined." -#: ../../configuration/service/dhcp-server.rst:259 +#: ../../configuration/service/dhcp-server.rst:265 #: ../../configuration/system/syslog.rst:124 #: ../../configuration/system/syslog.rst:189 #: ../../configuration/trafficpolicy/index.rst:791 @@ -1187,7 +1345,7 @@ msgstr "5 if not defined." msgid "6" msgstr "6" -#: ../../configuration/service/dhcp-server.rst:294 +#: ../../configuration/service/dhcp-server.rst:300 msgid "66" msgstr "66" @@ -1195,11 +1353,11 @@ msgstr "66" msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic." msgstr "66% of traffic is routed to eth0, eth1 gets 33% of traffic." -#: ../../configuration/service/dhcp-server.rst:299 +#: ../../configuration/service/dhcp-server.rst:305 msgid "67" msgstr "67" -#: ../../configuration/service/dhcp-server.rst:309 +#: ../../configuration/service/dhcp-server.rst:315 msgid "69" msgstr "69" @@ -1222,7 +1380,7 @@ msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defin msgid "7" msgstr "7" -#: ../../configuration/service/dhcp-server.rst:314 +#: ../../configuration/service/dhcp-server.rst:320 msgid "70" msgstr "70" @@ -1299,11 +1457,11 @@ msgstr "<x.x.x.x>-<x.x.x.x>: IP range to match." msgid "<x.x.x.x>: IP address to match." msgstr "<x.x.x.x>: IP address to match." -#: ../../configuration/pki/index.rst:252 +#: ../../configuration/pki/index.rst:283 msgid "ACME" msgstr "ACME" -#: ../../configuration/pki/index.rst:281 +#: ../../configuration/pki/index.rst:312 msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." @@ -1311,7 +1469,7 @@ msgstr "ACME Directory Resource URI." msgid "API" msgstr "API" -#: ../../configuration/protocols/static.rst:150 +#: ../../configuration/protocols/static.rst:183 msgid "ARP" msgstr "ARP" @@ -1335,7 +1493,7 @@ msgstr "A *bit* is written as **bit**," msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." -#: ../../configuration/protocols/bgp.rst:929 +#: ../../configuration/protocols/bgp.rst:951 msgid "A BGP confederation divides our AS into sub-ASes to reduce the number of required IBGP peerings. Within a sub-AS we still require full-mesh IBGP but between these sub-ASes we use something that looks like EBGP but behaves like IBGP (called confederation BGP). Confederation mechanism is described in :rfc:`5065`" msgstr "A BGP confederation divides our AS into sub-ASes to reduce the number of required IBGP peerings. Within a sub-AS we still require full-mesh IBGP but between these sub-ASes we use something that looks like EBGP but behaves like IBGP (called confederation BGP). Confederation mechanism is described in :rfc:`5065`" @@ -1351,7 +1509,7 @@ msgstr "A GRE tunnel operates at layer 3 of the OSI model and is represented by msgid "A Rule-Set can be applied to every interface:" msgstr "A Rule-Set can be applied to every interface:" -#: ../../configuration/service/dhcp-server.rst:561 +#: ../../configuration/service/dhcp-server.rst:567 msgid "A SNTP server address can be specified for DHCPv6 clients." msgstr "A SNTP server address can be specified for DHCPv6 clients." @@ -1363,11 +1521,11 @@ msgstr "A VRF device is created with an associated route table. Network interfac msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)." msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)." -#: ../../configuration/service/dns.rst:162 +#: ../../configuration/service/dns.rst:149 msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com." msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com." -#: ../../configuration/service/dhcp-server.rst:533 +#: ../../configuration/service/dhcp-server.rst:539 msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients." msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients." @@ -1384,6 +1542,10 @@ msgstr "A basic introduction to zone-based firewalls can be found `here <https:/ msgid "A bridge named `br100`" msgstr "A bridge named `br100`" +#: ../../configuration/container/index.rst:144 +msgid "A brief description what this network is all about." +msgstr "A brief description what this network is all about." + #: ../../configuration/trafficpolicy/index.rst:147 msgid "A class can have multiple match filters:" msgstr "A class can have multiple match filters:" @@ -1396,7 +1558,11 @@ msgstr "A common example is the case of some policies which, in order to be effe msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:" -#: ../../configuration/vpn/sstp.rst:335 +#: ../../configuration/service/ids.rst:84 +msgid "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" +msgstr "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" + +#: ../../configuration/vpn/sstp.rst:508 msgid "A connection attempt will be shown as:" msgstr "A connection attempt will be shown as:" @@ -1420,7 +1586,7 @@ msgstr "A domain name is the label (name) assigned to a computer network and is msgid "A dummy interface for the provider-assigned IP;" msgstr "A dummy interface for the provider-assigned IP;" -#: ../../configuration/highavailability/index.rst:426 +#: ../../configuration/highavailability/index.rst:436 msgid "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." @@ -1436,11 +1602,11 @@ msgstr "A generic `<name>` referencing this sync service." msgid "A hostname is the label (name) assigned to a network device (a host) on a network and is used to distinguish one device from another on specific networks or over the internet. On the other hand this will be the name which appears on the command line prompt." msgstr "A hostname is the label (name) assigned to a network device (a host) on a network and is used to distinguish one device from another on specific networks or over the internet. On the other hand this will be the name which appears on the command line prompt." -#: ../../configuration/pki/index.rst:189 +#: ../../configuration/pki/index.rst:191 msgid "A human readable description what this CA is about." msgstr "A human readable description what this CA is about." -#: ../../configuration/pki/index.rst:228 +#: ../../configuration/pki/index.rst:230 msgid "A human readable description what this certificate is about." msgstr "A human readable description what this certificate is about." @@ -1456,7 +1622,7 @@ msgstr "A managed device is a network node that implements an SNMP interface tha msgid "A match filter can contain multiple criteria and will match traffic if all those criteria are true." msgstr "A match filter can contain multiple criteria and will match traffic if all those criteria are true." -#: ../../configuration/protocols/bfd.rst:138 +#: ../../configuration/protocols/bfd.rst:145 msgid "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." msgstr "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." @@ -1476,7 +1642,7 @@ msgstr "A packet rate limit can be set for a rule to apply the rule to traffic a msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." -#: ../../configuration/protocols/bgp.rst:698 +#: ../../configuration/protocols/bgp.rst:720 msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route." msgstr "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route." @@ -1488,7 +1654,7 @@ msgstr "A physical interface is required to connect this MACsec instance to. Tra msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/ipv4.rst:485 +#: ../../configuration/firewall/ipv4.rst:508 #: ../../configuration/firewall/ipv6.rst:491 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1526,11 +1692,11 @@ msgstr "A segment ID that contains an IP address prefix calculated by an IGP in msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." -#: ../../configuration/service/dhcp-server.rst:589 +#: ../../configuration/service/dhcp-server.rst:595 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" -#: ../../configuration/protocols/bgp.rst:1146 +#: ../../configuration/protocols/bgp.rst:1168 msgid "A simple BGP configuration via IPv6." msgstr "A simple BGP configuration via IPv6." @@ -1538,7 +1704,7 @@ msgstr "A simple BGP configuration via IPv6." msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." -#: ../../configuration/protocols/bgp.rst:1101 +#: ../../configuration/protocols/bgp.rst:1123 msgid "A simple eBGP configuration:" msgstr "A simple eBGP configuration:" @@ -1602,7 +1768,7 @@ msgstr "A very small buffer will soon start dropping packets." msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." -#: ../../configuration/service/dns.rst:397 +#: ../../configuration/service/dns.rst:411 msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized." msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized." @@ -1622,6 +1788,21 @@ msgstr "Accept SSH connections for the given `<device>` on TCP port `<port>`. Af msgid "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." msgstr "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." +#: ../../configuration/service/pppoe-server.rst:384 +#: ../../configuration/vpn/l2tp.rst:328 +#: ../../configuration/vpn/pptp.rst:252 +#: ../../configuration/vpn/sstp.rst:286 +msgid "Accept peer interface identifier. By default is not defined." +msgstr "Accept peer interface identifier. By default is not defined." + +#: ../../configuration/service/ipoe-server.rst:364 +#: ../../configuration/service/pppoe-server.rst:530 +#: ../../configuration/vpn/l2tp.rst:484 +#: ../../configuration/vpn/pptp.rst:408 +#: ../../configuration/vpn/sstp.rst:442 +msgid "Acceptable rate of connections (e.g. 1/min, 60/sec)" +msgstr "Acceptable rate of connections (e.g. 1/min, 60/sec)" + #: ../../configuration/policy/access-list.rst:3 msgid "Access List Policy" msgstr "Access List Policy" @@ -1665,7 +1846,7 @@ msgstr "Add Power Constraint element to Beacon and Probe Response frames." msgid "Add a forwarding rule matching UDP port on your internet router." msgstr "Add a forwarding rule matching UDP port on your internet router." -#: ../../configuration/container/index.rst:113 +#: ../../configuration/container/index.rst:118 msgid "Add a host device to the container." msgstr "Add a host device to the container." @@ -1693,11 +1874,11 @@ msgstr "Add new port to SSL-ports acl. Ports included by default in SSL-ports ac msgid "Add new port to Safe-ports acl. Ports included by default in Safe-ports acl: 21, 70, 80, 210, 280, 443, 488, 591, 777, 873, 1025-65535" msgstr "Add new port to Safe-ports acl. Ports included by default in Safe-ports acl: 21, 70, 80, 210, 280, 443, 488, 591, 777, 873, 1025-65535" -#: ../../configuration/policy/route-map.rst:221 +#: ../../configuration/policy/route-map.rst:224 msgid "Add or replace BGP community attribute in format ``<0-65535:0-65535>`` or from well-known community list" msgstr "Add or replace BGP community attribute in format ``<0-65535:0-65535>`` or from well-known community list" -#: ../../configuration/policy/route-map.rst:236 +#: ../../configuration/policy/route-map.rst:239 msgid "Add or replace BGP large-community attribute in format ``<0-4294967295:0-4294967295:0-4294967295>``" msgstr "Add or replace BGP large-community attribute in format ``<0-4294967295:0-4294967295:0-4294967295>``" @@ -1705,11 +1886,11 @@ msgstr "Add or replace BGP large-community attribute in format ``<0-4294967295:0 msgid "Add policy route matching VLAN source addresses" msgstr "Add policy route matching VLAN source addresses" -#: ../../configuration/pki/index.rst:217 +#: ../../configuration/pki/index.rst:219 msgid "Add public key portion for the certificate named `name` to the VyOS CLI." msgstr "Add public key portion for the certificate named `name` to the VyOS CLI." -#: ../../configuration/pki/index.rst:193 +#: ../../configuration/pki/index.rst:195 msgid "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." msgstr "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." @@ -1717,11 +1898,11 @@ msgstr "Add the CAs private key to the VyOS CLI. This should never leave the sys msgid "Add the commands from Snippet in the Windows side via PowerShell. Also import the root CA cert to the Windows “Trusted Root Certification Authorities” and establish the connection." msgstr "Add the commands from Snippet in the Windows side via PowerShell. Also import the root CA cert to the Windows “Trusted Root Certification Authorities” and establish the connection." -#: ../../configuration/pki/index.rst:232 +#: ../../configuration/pki/index.rst:234 msgid "Add the private key portion of this certificate to the CLI. This should never leave the system as it is used to decrypt the data." msgstr "Add the private key portion of this certificate to the CLI. This should never leave the system as it is used to decrypt the data." -#: ../../configuration/pki/index.rst:174 +#: ../../configuration/pki/index.rst:176 msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." @@ -1765,11 +1946,11 @@ msgstr "Address Families" msgid "Address Groups" msgstr "Address Groups" -#: ../../configuration/service/dhcp-server.rst:592 +#: ../../configuration/service/dhcp-server.rst:598 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:582 +#: ../../configuration/service/dhcp-server.rst:588 msgid "Address pools" msgstr "Address pools" @@ -1777,14 +1958,30 @@ msgstr "Address pools" msgid "Address to listen for HTTPS requests" msgstr "Address to listen for HTTPS requests" -#: ../../configuration/container/index.rst:136 +#: ../../configuration/container/index.rst:160 +msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." +msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." + +#: ../../configuration/container/index.rst:141 msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." -#: ../../configuration/protocols/bgp.rst:647 +#: ../../configuration/protocols/bgp.rst:669 msgid "Administrative Distance" msgstr "Administrative Distance" +#: ../../configuration/service/ipoe-server.rst:335 +msgid "Advanced Interface Options" +msgstr "Advanced Interface Options" + +#: ../../configuration/service/ipoe-server.rst:307 +#: ../../configuration/service/pppoe-server.rst:425 +#: ../../configuration/vpn/l2tp.rst:369 +#: ../../configuration/vpn/pptp.rst:293 +#: ../../configuration/vpn/sstp.rst:327 +msgid "Advanced Options" +msgstr "Advanced Options" + #: ../../configuration/nat/nat44.rst:301 msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." @@ -1797,7 +1994,11 @@ msgstr "Advantages of OpenVPN are:" msgid "Advertise DNS server per https://tools.ietf.org/html/rfc6106" msgstr "Advertise DNS server per https://tools.ietf.org/html/rfc6106" -#: ../../configuration/service/router-advert.rst:53 +#: ../../configuration/service/router-advert.rst:78 +msgid "Advertising a NAT64 Prefix" +msgstr "Advertising a NAT64 Prefix" + +#: ../../configuration/service/router-advert.rst:54 msgid "Advertising a Prefix" msgstr "Advertising a Prefix" @@ -1805,7 +2006,7 @@ msgstr "Advertising a Prefix" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" -#: ../../configuration/vrf/index.rst:325 +#: ../../configuration/vrf/index.rst:344 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." @@ -1813,10 +2014,18 @@ msgstr "After committing the configuration we can verify all leaked routes are i msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." -#: ../../configuration/pki/index.rst:212 +#: ../../configuration/vpn/ipsec.rst:418 +msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." +msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." + +#: ../../configuration/pki/index.rst:214 msgid "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." msgstr "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." +#: ../../configuration/vpn/ipsec.rst:399 +msgid "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." +msgstr "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." + #: ../../configuration/service/snmp.rst:39 msgid "Agent - software which runs on managed devices" msgstr "Agent - software which runs on managed devices" @@ -1825,7 +2034,7 @@ msgstr "Agent - software which runs on managed devices" msgid "Alert" msgstr "Alert" -#: ../../configuration/highavailability/index.rst:346 +#: ../../configuration/highavailability/index.rst:356 msgid "Algorithm" msgstr "Algorithm" @@ -1833,7 +2042,7 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" -#: ../../configuration/service/dns.rst:167 +#: ../../configuration/service/dns.rst:154 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -1861,7 +2070,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop." msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop." -#: ../../configuration/service/dns.rst:169 +#: ../../configuration/service/dns.rst:156 msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff" msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff" @@ -1897,7 +2106,11 @@ msgstr "All traffic to and from an interface within a zone is permitted." msgid "All tunnel sessions can be checked via:" msgstr "All tunnel sessions can be checked via:" -#: ../../configuration/vpn/l2tp.rst:209 +#: ../../configuration/service/ipoe-server.rst:231 +#: ../../configuration/service/pppoe-server.rst:193 +#: ../../configuration/vpn/l2tp.rst:236 +#: ../../configuration/vpn/pptp.rst:176 +#: ../../configuration/vpn/sstp.rst:209 msgid "Allocation clients ip addresses by RADIUS" msgstr "Allocation clients ip addresses by RADIUS" @@ -1913,7 +2126,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/dns.rst:359 +#: ../../configuration/service/dns.rst:362 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -1933,7 +2146,7 @@ msgstr "Allow this BFD peer to not be directly connected" msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:812 +#: ../../configuration/firewall/ipv4.rst:835 #: ../../configuration/firewall/ipv6.rst:821 #: ../../configuration/system/conntrack.rst:199 msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." @@ -1947,11 +2160,11 @@ msgstr "Allows specific VLAN IDs to pass through the bridge member interface. Th msgid "Allows to define URL path matching rules for a specific service." msgstr "Allows to define URL path matching rules for a specific service." -#: ../../configuration/protocols/static.rst:69 +#: ../../configuration/protocols/static.rst:92 msgid "Allows you to configure the next-hop interface for an interface-based IPv4 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." msgstr "Allows you to configure the next-hop interface for an interface-based IPv4 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." -#: ../../configuration/protocols/static.rst:89 +#: ../../configuration/protocols/static.rst:112 msgid "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." msgstr "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." @@ -1977,11 +2190,11 @@ msgstr "Also, for those who haven't updated to newer version, legacy documentati msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." -#: ../../configuration/protocols/static.rst:138 +#: ../../configuration/protocols/static.rst:171 msgid "Alternate Routing Tables" msgstr "Alternate Routing Tables" -#: ../../configuration/protocols/static.rst:142 +#: ../../configuration/protocols/static.rst:175 msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`." msgstr "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`." @@ -2037,7 +2250,7 @@ msgstr "An agent is a network-management software module that resides on a manag msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)" -#: ../../configuration/firewall/ipv4.rst:373 +#: ../../configuration/firewall/ipv4.rst:396 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." @@ -2062,7 +2275,7 @@ msgstr "An basic introduction to zone-based firewalls can be found `here <https: #: ../../configuration/interfaces/tunnel.rst:71 #: ../../configuration/interfaces/tunnel.rst:93 #: ../../configuration/interfaces/tunnel.rst:194 -#: ../../configuration/system/login.rst:195 +#: ../../configuration/system/login.rst:199 msgid "An example:" msgstr "An example:" @@ -2074,7 +2287,7 @@ msgstr "An example of a configuration that sends ``telegraf`` metrics to remote msgid "An example of creating a VLAN-aware bridge is as follows:" msgstr "An example of creating a VLAN-aware bridge is as follows:" -#: ../../configuration/system/login.rst:149 +#: ../../configuration/system/login.rst:153 msgid "An example of key generation:" msgstr "An example of key generation:" @@ -2102,6 +2315,10 @@ msgstr "And base chain for traffic generated by the router is ``set firewall ipv msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +#: ../../configuration/service/ids.rst:138 +msgid "And content of the script:" +msgstr "And content of the script:" + #: ../../configuration/policy/route.rst:76 msgid "And for ipv6:" msgstr "And for ipv6:" @@ -2114,7 +2331,7 @@ msgstr "And next, some configuration example where groups are used:" msgid "And op-mode commands:" msgstr "And op-mode commands:" -#: ../../configuration/system/ip.rst:84 +#: ../../configuration/system/ip.rst:97 msgid "And the different IPv4 **reset** commands available:" msgstr "And the different IPv4 **reset** commands available:" @@ -2131,6 +2348,10 @@ msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT con msgid "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." msgstr "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." +#: ../../configuration/vpn/ipsec.rst:549 +msgid "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." +msgstr "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." + #: ../../configuration/vrf/index.rst:52 #: ../../configuration/vrf/index.rst:62 msgid "Apply a route-map filter to routes for the specified protocol." @@ -2221,11 +2442,15 @@ msgstr "As a result, the processing of each packet becomes more efficient, poten msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." +#: ../../configuration/vpn/ipsec.rst:523 +msgid "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." +msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." + #: ../../configuration/firewall/flowtables.rst:109 msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." -#: ../../configuration/system/option.rst:80 +#: ../../configuration/system/option.rst:110 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." @@ -2265,7 +2490,7 @@ msgstr "As the example image below shows, the device was configured with rules b msgid "As the name implies, it's IPv4 encapsulated in IPv6, as simple as that." msgstr "As the name implies, it's IPv4 encapsulated in IPv6, as simple as that." -#: ../../configuration/vpn/l2tp.rst:36 +#: ../../configuration/vpn/l2tp.rst:86 msgid "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" msgstr "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" @@ -2301,7 +2526,7 @@ msgstr "Assign `<member>` interface to bridge `<interface>`. A completion helper msgid "Assign a specific backend to a rule" msgstr "Assign a specific backend to a rule" -#: ../../configuration/vrf/index.rst:79 +#: ../../configuration/vrf/index.rst:98 msgid "Assign interface identified by `<interface>` to VRF named `<name>`." msgstr "Assign interface identified by `<interface>` to VRF named `<name>`." @@ -2309,7 +2534,10 @@ msgstr "Assign interface identified by `<interface>` to VRF named `<name>`." msgid "Assign member interfaces to PortChannel" msgstr "Assign member interfaces to PortChannel" -#: ../../configuration/vpn/sstp.rst:80 +#: ../../configuration/service/pppoe-server.rst:437 +#: ../../configuration/vpn/l2tp.rst:381 +#: ../../configuration/vpn/pptp.rst:305 +#: ../../configuration/vpn/sstp.rst:339 msgid "Assign static IP address to `<user>` account." msgstr "Assign static IP address to `<user>` account." @@ -2317,7 +2545,7 @@ msgstr "Assign static IP address to `<user>` account." msgid "Assign the IP address to this machine for `<time>` seconds." msgstr "Assign the IP address to this machine for `<time>` seconds." -#: ../../configuration/system/login.rst:62 +#: ../../configuration/system/login.rst:66 msgid "Assign the SSH public key portion `<key>` identified by per-key `<identifier>` to the local user `<username>`." msgstr "Assign the SSH public key portion `<key>` identified by per-key `<identifier>` to the local user `<username>`." @@ -2401,6 +2629,14 @@ msgstr "Attaches user-defined network to a container. Only one network must be s msgid "Authentication" msgstr "Authentication" +#: ../../configuration/service/ipoe-server.rst:310 +#: ../../configuration/service/pppoe-server.rst:428 +#: ../../configuration/vpn/l2tp.rst:372 +#: ../../configuration/vpn/pptp.rst:296 +#: ../../configuration/vpn/sstp.rst:330 +msgid "Authentication Advanced Options" +msgstr "Authentication Advanced Options" + #: ../../configuration/interfaces/ethernet.rst:99 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2437,11 +2673,11 @@ msgstr "Authentication – to verify that the message is from a valid source." msgid "Authorization token" msgstr "Authorization token" -#: ../../configuration/service/pppoe-server.rst:159 +#: ../../configuration/service/pppoe-server.rst:228 msgid "Automatic VLAN Creation" msgstr "Automatic VLAN Creation" -#: ../../configuration/service/ipoe-server.rst:96 +#: ../../configuration/service/ipoe-server.rst:97 msgid "Automatic VLAN creation" msgstr "Automatic VLAN creation" @@ -2469,7 +2705,7 @@ msgstr "Azure-data-explorer" msgid "BFD" msgstr "BFD" -#: ../../configuration/protocols/bfd.rst:136 +#: ../../configuration/protocols/bfd.rst:143 msgid "BFD Static Route Monitoring" msgstr "BFD Static Route Monitoring" @@ -2505,7 +2741,7 @@ msgstr "BGP Example" msgid "BGP Router Configuration" msgstr "BGP Router Configuration" -#: ../../configuration/protocols/bgp.rst:888 +#: ../../configuration/protocols/bgp.rst:910 msgid "BGP Scaling Configuration" msgstr "BGP Scaling Configuration" @@ -2517,7 +2753,7 @@ msgstr "BGP aggregator attribute: AS number or IP address of an aggregation." msgid "BGP as-path list to match." msgstr "BGP as-path list to match." -#: ../../configuration/policy/route-map.rst:216 +#: ../../configuration/policy/route-map.rst:219 msgid "BGP atomic aggregate attribute." msgstr "BGP atomic aggregate attribute." @@ -2533,11 +2769,11 @@ msgstr "BGP extended community to match." msgid "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add route leak prevention, detection and mitigation. The local Role value is negotiated with the new BGP Role capability which has a built-in check of the corresponding value. In case of a mismatch the new OPEN Roles Mismatch Notification <2, 11> would be sent. The correct Role pairs are:" msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add route leak prevention, detection and mitigation. The local Role value is negotiated with the new BGP Role capability which has a built-in check of the corresponding value. In case of a mismatch the new OPEN Roles Mismatch Notification <2, 11> would be sent. The correct Role pairs are:" -#: ../../configuration/protocols/bgp.rst:890 +#: ../../configuration/protocols/bgp.rst:912 msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." -#: ../../configuration/vrf/index.rst:413 +#: ../../configuration/vrf/index.rst:432 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." @@ -2569,18 +2805,16 @@ msgstr "Balancing Rules" msgid "Balancing based on domain name" msgstr "Balancing based on domain name" -#: ../../configuration/service/ipoe-server.rst:122 -#: ../../configuration/service/pppoe-server.rst:182 -#: ../../configuration/vpn/l2tp.rst:113 +#: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" -#: ../../configuration/service/ipoe-server.rst:128 +#: ../../configuration/service/ipoe-server.rst:129 #: ../../configuration/vpn/l2tp.rst:118 msgid "Bandwidth Shaping for local users" msgstr "Bandwidth Shaping for local users" -#: ../../configuration/service/pppoe-server.rst:184 +#: ../../configuration/service/pppoe-server.rst:253 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes." @@ -2588,7 +2822,7 @@ msgstr "Bandwidth rate limits can be set for local users or RADIUS based attribu msgid "Bandwidth rate limits can be set for local users or via RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users or via RADIUS based attributes." -#: ../../configuration/service/ipoe-server.rst:124 +#: ../../configuration/service/ipoe-server.rst:125 msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." @@ -2648,7 +2882,7 @@ msgstr "Before enabling any hardware segmentation offload a corresponding softwa msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first." -#: ../../configuration/vpn/site2site_ipsec.rst:422 +#: ../../configuration/vpn/site2site_ipsec.rst:425 msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured." msgstr "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured." @@ -2672,6 +2906,10 @@ msgstr "Bidirectional NAT" msgid "Binary value" msgstr "Binary value" +#: ../../configuration/container/index.rst:153 +msgid "Bind container network to a given VRF instance." +msgstr "Bind container network to a given VRF instance." + #: ../../configuration/protocols/bfd.rst:39 msgid "Bind listener to specific interface/address, mandatory for IPv6" msgstr "Bind listener to specific interface/address, mandatory for IPv6" @@ -2680,7 +2918,7 @@ msgstr "Bind listener to specific interface/address, mandatory for IPv6" msgid "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge." msgstr "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge." -#: ../../configuration/protocols/static.rst:108 +#: ../../configuration/protocols/static.rst:142 msgid "Blackhole" msgstr "Blackhole" @@ -2708,11 +2946,11 @@ msgstr "Bond / Link Aggregation" msgid "Bond options" msgstr "Bond options" -#: ../../configuration/service/dhcp-server.rst:306 +#: ../../configuration/service/dhcp-server.rst:312 msgid "Boot image length in 512-octet blocks" msgstr "Boot image length in 512-octet blocks" -#: ../../configuration/service/dhcp-server.rst:301 +#: ../../configuration/service/dhcp-server.rst:307 msgid "Bootstrap file name" msgstr "Bootstrap file name" @@ -2761,6 +2999,14 @@ msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgid "Bridge maximum aging `<time>` in seconds (default: 20)." msgstr "Bridge maximum aging `<time>` in seconds (default: 20)." +#: ../../configuration/service/ipoe-server.rst:360 +#: ../../configuration/service/pppoe-server.rst:526 +#: ../../configuration/vpn/l2tp.rst:480 +#: ../../configuration/vpn/pptp.rst:404 +#: ../../configuration/vpn/sstp.rst:438 +msgid "Burst count" +msgstr "Burst count" + #: ../../configuration/interfaces/pppoe.rst:41 msgid "Business Users" msgstr "Business Users" @@ -2777,11 +3023,11 @@ msgstr "By default, FRR will bring up peering with minimal common capability for msgid "By default, VyOS does not advertise a default route (0.0.0.0/0) even if it is in routing table. When you want to announce default routes to the peer, use this command. Using optional argument :cfgcmd:`route-map` you can inject the default route to given neighbor only if the conditions in the route map are met." msgstr "By default, VyOS does not advertise a default route (0.0.0.0/0) even if it is in routing table. When you want to announce default routes to the peer, use this command. Using optional argument :cfgcmd:`route-map` you can inject the default route to given neighbor only if the conditions in the route map are met." -#: ../../configuration/system/login.rst:126 +#: ../../configuration/system/login.rst:130 msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client." msgstr "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client." -#: ../../configuration/service/dns.rst:393 +#: ../../configuration/service/dns.rst:401 msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP." msgstr "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP." @@ -2794,6 +3040,10 @@ msgstr "By default, enabling RPKI does not change best path selection. In partic msgid "By default, it supports both planned and unplanned outages." msgstr "By default, it supports both planned and unplanned outages." +#: ../../configuration/protocols/bgp.rst:661 +msgid "By default, locally advertised prefixes use the implicit-null label to encode in the outgoing NLRI." +msgstr "By default, locally advertised prefixes use the implicit-null label to encode in the outgoing NLRI." + #: ../../configuration/service/https.rst:45 msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." @@ -2839,7 +3089,7 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" -#: ../../configuration/pki/index.rst:170 +#: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" @@ -2860,20 +3110,20 @@ msgstr "Capability Negotiation" msgid "Certain vendors use broadcasts to identify their equipment within one ethernet segment. Unfortunately if you split your network with multiple VLANs you loose the ability of identifying your equipment." msgstr "Certain vendors use broadcasts to identify their equipment within one ethernet segment. Unfortunately if you split your network with multiple VLANs you loose the ability of identifying your equipment." -#: ../../configuration/pki/index.rst:33 +#: ../../configuration/pki/index.rst:35 msgid "Certificate Authority (CA)" msgstr "Certificate Authority (CA)" -#: ../../configuration/pki/index.rst:185 +#: ../../configuration/pki/index.rst:187 msgid "Certificate revocation list in PEM format." msgstr "Certificate revocation list in PEM format." -#: ../../configuration/pki/index.rst:63 +#: ../../configuration/pki/index.rst:65 #: ../../configuration/vpn/sstp.rst:27 msgid "Certificates" msgstr "Certificates" -#: ../../configuration/system/option.rst:66 +#: ../../configuration/system/option.rst:96 msgid "Change system keyboard layout to given language." msgstr "Change system keyboard layout to given language." @@ -2889,7 +3139,7 @@ msgstr "Changes in BGP policies require the BGP session to be cleared. Clearing msgid "Changes to the NAT system only affect newly established connections. Already established connections are not affected." msgstr "Changes to the NAT system only affect newly established connections. Already established connections are not affected." -#: ../../configuration/system/option.rst:70 +#: ../../configuration/system/option.rst:100 msgid "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." msgstr "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." @@ -2909,11 +3159,11 @@ msgstr "Check if the Intel® QAT device is up and ready to do the job." msgid "Check status" msgstr "Check status" -#: ../../configuration/system/ipv6.rst:64 +#: ../../configuration/system/ipv6.rst:77 msgid "Check the many parameters available for the `show ipv6 route` command:" msgstr "Check the many parameters available for the `show ipv6 route` command:" -#: ../../configuration/service/pppoe-server.rst:307 +#: ../../configuration/service/pppoe-server.rst:315 msgid "Checking connections" msgstr "Checking connections" @@ -2945,11 +3195,11 @@ msgstr "Class treatment" msgid "Classes" msgstr "Classes" -#: ../../configuration/service/dhcp-server.rst:326 +#: ../../configuration/service/dhcp-server.rst:332 msgid "Classless static route" msgstr "Classless static route" -#: ../../configuration/policy/route-map.rst:269 +#: ../../configuration/policy/route-map.rst:272 msgid "Clear all BGP extcommunities." msgstr "Clear all BGP extcommunities." @@ -2973,7 +3223,15 @@ msgstr "Client Authentication" msgid "Client Configuration" msgstr "Client Configuration" -#: ../../configuration/vpn/sstp.rst:289 +#: ../../configuration/service/ipoe-server.rst:328 +#: ../../configuration/service/pppoe-server.rst:446 +#: ../../configuration/vpn/l2tp.rst:400 +#: ../../configuration/vpn/pptp.rst:324 +#: ../../configuration/vpn/sstp.rst:358 +msgid "Client IP Pool Advanced Options" +msgstr "Client IP Pool Advanced Options" + +#: ../../configuration/vpn/sstp.rst:358 msgid "Client IP addresses will be provided from pool `192.0.2.0/25`" msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`" @@ -2981,15 +3239,15 @@ msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`" msgid "Client Side" msgstr "Client Side" -#: ../../configuration/service/ipoe-server.rst:184 +#: ../../configuration/service/ipoe-server.rst:186 msgid "Client configuration" msgstr "Client configuration" -#: ../../configuration/service/dhcp-server.rst:266 +#: ../../configuration/service/dhcp-server.rst:272 msgid "Client domain name" msgstr "Client domain name" -#: ../../configuration/service/dhcp-server.rst:321 +#: ../../configuration/service/dhcp-server.rst:327 msgid "Client domain search" msgstr "Client domain search" @@ -3001,7 +3259,7 @@ msgstr "Client isolation can be used to prevent low-level bridging of frames bet msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" -#: ../../configuration/service/dhcp-server.rst:514 +#: ../../configuration/service/dhcp-server.rst:520 msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." @@ -3019,11 +3277,11 @@ msgstr "Command completion can be used to list available time zones. The adjustm msgid "Command for disabling a rule but keep it in the configuration." msgstr "Command for disabling a rule but keep it in the configuration." -#: ../../configuration/vrf/index.rst:128 +#: ../../configuration/vrf/index.rst:147 msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." -#: ../../configuration/firewall/ipv4.rst:1179 +#: ../../configuration/firewall/ipv4.rst:1202 #: ../../configuration/firewall/ipv6.rst:1195 msgid "Command used to update GeoIP database and firewall sets." msgstr "Command used to update GeoIP database and firewall sets." @@ -3032,7 +3290,7 @@ msgstr "Command used to update GeoIP database and firewall sets." msgid "Commands" msgstr "Commands" -#: ../../configuration/service/dhcp-server.rst:379 +#: ../../configuration/service/dhcp-server.rst:385 msgid "Common configuration, valid for both primary and secondary node." msgstr "Common configuration, valid for both primary and secondary node." @@ -3059,7 +3317,7 @@ msgstr "Common interface configuration" msgid "Common parameters" msgstr "Common parameters" -#: ../../configuration/protocols/bgp.rst:927 +#: ../../configuration/protocols/bgp.rst:949 msgid "Confederation Configuration" msgstr "Confederation Configuration" @@ -3098,7 +3356,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/policy/local-route.rst:9 #: ../../configuration/policy/prefix-list.rst:16 #: ../../configuration/policy/route-map.rst:10 -#: ../../configuration/protocols/bfd.rst:143 +#: ../../configuration/protocols/bfd.rst:150 #: ../../configuration/protocols/bgp.rst:164 #: ../../configuration/protocols/igmp-proxy.rst:14 #: ../../configuration/protocols/isis.rst:28 @@ -3111,15 +3369,15 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/service/dhcp-relay.rst:19 #: ../../configuration/service/dhcp-relay.rst:137 #: ../../configuration/service/dhcp-server.rst:22 -#: ../../configuration/service/dhcp-server.rst:510 +#: ../../configuration/service/dhcp-server.rst:516 #: ../../configuration/service/dns.rst:8 -#: ../../configuration/service/dns.rst:227 +#: ../../configuration/service/dns.rst:214 #: ../../configuration/service/https.rst:14 -#: ../../configuration/service/ipoe-server.rst:28 +#: ../../configuration/service/ids.rst:20 #: ../../configuration/service/lldp.rst:36 #: ../../configuration/service/mdns.rst:19 #: ../../configuration/service/ntp.rst:40 -#: ../../configuration/service/pppoe-server.rst:17 +#: ../../configuration/service/router-advert.rst:28 #: ../../configuration/service/salt-minion.rst:25 #: ../../configuration/service/ssh.rst:36 #: ../../configuration/service/tftp-server.rst:14 @@ -3127,18 +3385,18 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/system/default-route.rst:12 #: ../../configuration/system/flow-accounting.rst:43 #: ../../configuration/system/lcd.rst:17 -#: ../../configuration/system/login.rst:241 -#: ../../configuration/system/login.rst:310 +#: ../../configuration/system/login.rst:245 +#: ../../configuration/system/login.rst:314 #: ../../configuration/system/sflow.rst:12 #: ../../configuration/system/updates.rst:8 #: ../../configuration/vpn/dmvpn.rst:38 #: ../../configuration/vpn/dmvpn.rst:182 #: ../../configuration/vpn/openconnect.rst:21 -#: ../../configuration/vpn/sstp.rst:65 +#: ../../configuration/vpn/sstp.rst:40 #: ../../configuration/vrf/index.rst:16 -#: ../../configuration/vrf/index.rst:253 -#: ../../configuration/vrf/index.rst:288 -#: ../../configuration/vrf/index.rst:436 +#: ../../configuration/vrf/index.rst:272 +#: ../../configuration/vrf/index.rst:307 +#: ../../configuration/vrf/index.rst:455 msgid "Configuration" msgstr "Configuration" @@ -3148,8 +3406,8 @@ msgstr "Configuration" #: ../../configuration/protocols/pim6.rst:78 #: ../../configuration/protocols/rip.rst:239 #: ../../configuration/protocols/segment-routing.rst:187 -#: ../../configuration/system/login.rst:279 -#: ../../configuration/system/login.rst:350 +#: ../../configuration/system/login.rst:283 +#: ../../configuration/system/login.rst:354 msgid "Configuration Example" msgstr "Configuration Example" @@ -3171,7 +3429,7 @@ msgstr "Configuration Options" msgid "Configuration commands covered in this section:" msgstr "Configuration commands covered in this section:" -#: ../../configuration/vpn/ipsec.rst:284 +#: ../../configuration/vpn/ipsec.rst:288 msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" @@ -3183,7 +3441,7 @@ msgstr "Configuration commands will display. Note the command with the public ke msgid "Configuration example:" msgstr "Configuration example:" -#: ../../configuration/vrf/index.rst:430 +#: ../../configuration/vrf/index.rst:449 msgid "Configuration for these exported routes must, at a minimum, specify these two parameters." msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters." @@ -3191,15 +3449,15 @@ msgstr "Configuration for these exported routes must, at a minimum, specify thes msgid "Configuration of :ref:`routing-static`" msgstr "Configuration of :ref:`routing-static`" -#: ../../configuration/service/dhcp-server.rst:371 +#: ../../configuration/service/dhcp-server.rst:377 msgid "Configuration of a DHCP failover pair" msgstr "Configuration of a DHCP failover pair" -#: ../../configuration/vrf/index.rst:438 +#: ../../configuration/vrf/index.rst:457 msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." -#: ../../configuration/protocols/static.rst:166 +#: ../../configuration/protocols/static.rst:199 #: ../../configuration/system/conntrack.rst:12 msgid "Configure" msgstr "Configure" @@ -3208,11 +3466,11 @@ msgstr "Configure" msgid "Configure BFD" msgstr "Configure BFD" -#: ../../configuration/service/dns.rst:258 +#: ../../configuration/service/dns.rst:245 msgid "Configure DNS `<record>` which should be updated. This can be set multiple times." msgstr "Configure DNS `<record>` which should be updated. This can be set multiple times." -#: ../../configuration/service/dns.rst:253 +#: ../../configuration/service/dns.rst:241 msgid "Configure DNS `<zone>` to be updated." msgstr "Configure DNS `<zone>` to be updated." @@ -3230,15 +3488,27 @@ msgstr "Configure Graceful Restart :rfc:`3623` helper support. By default, helpe msgid "Configure Graceful Restart :rfc:`3623` restarting support. When enabled, the default grace period is 120 seconds." msgstr "Configure Graceful Restart :rfc:`3623` restarting support. When enabled, the default grace period is 120 seconds." +#: ../../configuration/service/ids.rst:69 +msgid "Configure ICMP threshold parameters." +msgstr "Configure ICMP threshold parameters." + #: ../../configuration/service/dhcp-relay.rst:40 msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets." msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets." -#: ../../configuration/vpn/sstp.rst:214 +#: ../../configuration/service/ipoe-server.rst:162 +#: ../../configuration/service/pppoe-server.rst:124 +#: ../../configuration/vpn/l2tp.rst:167 +#: ../../configuration/vpn/pptp.rst:107 +#: ../../configuration/vpn/sstp.rst:140 msgid "Configure RADIUS `<server>` and its required port for authentication requests." msgstr "Configure RADIUS `<server>` and its required port for authentication requests." -#: ../../configuration/vpn/sstp.rst:218 +#: ../../configuration/service/ipoe-server.rst:128 +#: ../../configuration/service/pppoe-server.rst:90 +#: ../../configuration/vpn/l2tp.rst:133 +#: ../../configuration/vpn/pptp.rst:73 +#: ../../configuration/vpn/sstp.rst:106 msgid "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server." msgstr "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server." @@ -3246,23 +3516,39 @@ msgstr "Configure RADIUS `<server>` and its required shared `<secret>` for commu msgid "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1." msgstr "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1." +#: ../../configuration/service/ids.rst:74 +msgid "Configure TCP threshold parameters" +msgstr "Configure TCP threshold parameters" + +#: ../../configuration/service/ids.rst:79 +msgid "Configure UDP threshold parameters" +msgstr "Configure UDP threshold parameters" + #: ../../_include/interface-mtu.txt:4 msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." -#: ../../configuration/system/login.rst:375 +#: ../../configuration/system/login.rst:379 msgid "Configure `<message>` which is shown after user has logged in to the system." msgstr "Configure `<message>` which is shown after user has logged in to the system." -#: ../../configuration/system/login.rst:370 +#: ../../configuration/system/login.rst:374 msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in." -#: ../../configuration/service/dns.rst:341 +#: ../../configuration/service/dns.rst:346 +msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service-name>`." +msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service-name>`." + +#: ../../configuration/service/dns.rst:355 msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`." msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`." -#: ../../configuration/service/dns.rst:334 +#: ../../configuration/service/dns.rst:341 +msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service-name>`." +msgstr "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service-name>`." + +#: ../../configuration/service/dns.rst:348 msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update." msgstr "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update." @@ -3274,13 +3560,13 @@ msgstr "Configure a URL that contains information about images." msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." -#: ../../configuration/protocols/bfd.rst:154 -#: ../../configuration/protocols/bfd.rst:167 +#: ../../configuration/protocols/bfd.rst:161 +#: ../../configuration/protocols/bfd.rst:174 msgid "Configure a static route for <subnet> using gateway <address> , use source address to indentify the peer when is multi-hop session and the gateway address as BFD peer destination address." msgstr "Configure a static route for <subnet> using gateway <address> , use source address to indentify the peer when is multi-hop session and the gateway address as BFD peer destination address." -#: ../../configuration/protocols/bfd.rst:148 -#: ../../configuration/protocols/bfd.rst:161 +#: ../../configuration/protocols/bfd.rst:155 +#: ../../configuration/protocols/bfd.rst:168 msgid "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." msgstr "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." @@ -3304,6 +3590,10 @@ msgstr "Configure agent IP address associated with this interface." msgid "Configure aggregation delay timer interval." msgstr "Configure aggregation delay timer interval." +#: ../../configuration/service/ids.rst:24 +msgid "Configure alert script that will be executed when an attack is detected." +msgstr "Configure alert script that will be executed when an attack is detected." + #: ../../configuration/vpn/openconnect.rst:285 msgid "Configure an accounting server and enable accounting with:" msgstr "Configure an accounting server and enable accounting with:" @@ -3328,6 +3618,10 @@ msgstr "Configure backend `<name>` mode TCP or HTTP" msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" +#: ../../configuration/service/ids.rst:33 +msgid "Configure direction for processing traffic." +msgstr "Configure direction for processing traffic." + #: ../../configuration/service/console-server.rst:49 msgid "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured." msgstr "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured." @@ -3336,6 +3630,14 @@ msgstr "Configure either one or two stop bits. This defaults to one stop bits if msgid "Configure either seven or eight data bits. This defaults to eight data bits if left unconfigured." msgstr "Configure either seven or eight data bits. This defaults to eight data bits if left unconfigured." +#: ../../configuration/service/ids.rst:64 +msgid "Configure general threshold parameters." +msgstr "Configure general threshold parameters." + +#: ../../configuration/service/ids.rst:28 +msgid "Configure how long an IP (attacker) should be kept in blocked state. Default value is 1900." +msgstr "Configure how long an IP (attacker) should be kept in blocked state. Default value is 1900." + #: ../../configuration/interfaces/bridge.rst:46 msgid "Configure individual bridge port `<priority>`." msgstr "Configure individual bridge port `<priority>`." @@ -3353,6 +3655,14 @@ msgstr "Configure interface-specific Host/Router behaviour. If set, the interfac msgid "Configure interface `<interface>` with one or more interface addresses." msgstr "Configure interface `<interface>` with one or more interface addresses." +#: ../../configuration/service/ids.rst:42 +msgid "Configure listen interface for mirroring traffic." +msgstr "Configure listen interface for mirroring traffic." + +#: ../../configuration/service/ids.rst:55 +msgid "Configure local IPv4 address to listen for sflow." +msgstr "Configure local IPv4 address to listen for sflow." + #: ../../configuration/service/snmp.rst:148 msgid "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" msgstr "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" @@ -3369,7 +3679,7 @@ msgstr "Configure next-hop `<address>` for an IPv4 static route. Multiple static msgid "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." msgstr "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." -#: ../../configuration/system/option.rst:95 +#: ../../configuration/system/option.rst:125 msgid "Configure one of the predefined system performance profiles." msgstr "Configure one of the predefined system performance profiles." @@ -3381,7 +3691,7 @@ msgstr "Configure one or more attributes to the given NTP server." msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`." msgstr "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`." -#: ../../configuration/service/dns.rst:264 +#: ../../configuration/service/dns.rst:249 msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds." msgstr "Configure optional TTL value on the given resource record. This defaults to 600 seconds." @@ -3405,6 +3715,10 @@ msgstr "Configure port mirroring for `interface` outbound traffic and copy the t msgid "Configure port number of remote VXLAN endpoint." msgstr "Configure port number of remote VXLAN endpoint." +#: ../../configuration/service/ids.rst:59 +msgid "Configure port number to be used for sflow conection. Default port is 6343." +msgstr "Configure port number to be used for sflow conection. Default port is 6343." + #: ../../configuration/system/syslog.rst:73 msgid "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." msgstr "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." @@ -3429,7 +3743,7 @@ msgstr "Configure service `<name>` mode TCP or HTTP" msgid "Configure service `<name>` to use the backend <name>" msgstr "Configure service `<name>` to use the backend <name>" -#: ../../configuration/system/login.rst:394 +#: ../../configuration/system/login.rst:398 msgid "Configure session timeout after which the user will be logged out." msgstr "Configure session timeout after which the user will be logged out." @@ -3445,7 +3759,7 @@ msgstr "Configure the A-side router for NPTv6 using the prefixes above:" msgid "Configure the B-side router for NPTv6 using the prefixes above:" msgstr "Configure the B-side router for NPTv6 using the prefixes above:" -#: ../../configuration/service/dns.rst:247 +#: ../../configuration/service/dns.rst:236 msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." @@ -3457,11 +3771,11 @@ msgstr "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple I msgid "Configure the connection tracking protocol helper modules. All modules are enable by default." msgstr "Configure the connection tracking protocol helper modules. All modules are enable by default." -#: ../../configuration/system/login.rst:252 +#: ../../configuration/system/login.rst:256 msgid "Configure the discrete port under which the RADIUS server can be reached." msgstr "Configure the discrete port under which the RADIUS server can be reached." -#: ../../configuration/system/login.rst:321 +#: ../../configuration/system/login.rst:325 msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." @@ -3469,6 +3783,10 @@ msgstr "Configure the discrete port under which the TACACS server can be reached msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." +#: ../../configuration/service/ids.rst:46 +msgid "Configure traffic capture mode." +msgstr "Configure traffic capture mode." + #: ../../_include/interface-mac.txt:4 msgid "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`." msgstr "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`." @@ -3489,10 +3807,54 @@ msgstr "Configured value" msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." +#: ../../configuration/service/ipoe-server.rst:27 +msgid "Configuring IPoE Server" +msgstr "Configuring IPoE Server" + +#: ../../configuration/vpn/l2tp.rst:57 +msgid "Configuring IPsec" +msgstr "Configuring IPsec" + +#: ../../configuration/vpn/l2tp.rst:12 +msgid "Configuring L2TP Server" +msgstr "Configuring L2TP Server" + +#: ../../configuration/vpn/l2tp.rst:270 +msgid "Configuring LNS (L2TP Network Server)" +msgstr "Configuring LNS (L2TP Network Server)" + +#: ../../configuration/service/pppoe-server.rst:18 +msgid "Configuring PPPoE Server" +msgstr "Configuring PPPoE Server" + +#: ../../configuration/vpn/pptp.rst:13 +msgid "Configuring PPTP Server" +msgstr "Configuring PPTP Server" + #: ../../configuration/vpn/openconnect.rst:279 msgid "Configuring RADIUS accounting" msgstr "Configuring RADIUS accounting" +#: ../../configuration/service/ipoe-server.rst:114 +#: ../../configuration/service/pppoe-server.rst:76 +#: ../../configuration/vpn/l2tp.rst:119 +#: ../../configuration/vpn/pptp.rst:59 +#: ../../configuration/vpn/sstp.rst:92 +msgid "Configuring RADIUS authentication" +msgstr "Configuring RADIUS authentication" + +#: ../../configuration/vpn/sstp.rst:24 +msgid "Configuring SSTP Server" +msgstr "Configuring SSTP Server" + +#: ../../configuration/vpn/sstp.rst:476 +msgid "Configuring SSTP client" +msgstr "Configuring SSTP client" + +#: ../../configuration/vpn/ipsec.rst:494 +msgid "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." +msgstr "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." + #: ../../configuration/service/tftp-server.rst:39 msgid "Configuring a listen-address is essential for the service to work." msgstr "Configuring a listen-address is essential for the service to work." @@ -3502,11 +3864,15 @@ msgstr "Configuring a listen-address is essential for the service to work." msgid "Connect/Disconnect" msgstr "Connect/Disconnect" -#: ../../configuration/vpn/sstp.rst:155 +#: ../../configuration/service/ipoe-server.rst:376 +#: ../../configuration/service/pppoe-server.rst:546 +#: ../../configuration/vpn/l2tp.rst:500 +#: ../../configuration/vpn/pptp.rst:424 +#: ../../configuration/vpn/sstp.rst:458 msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." -#: ../../configuration/protocols/rpki.rst:129 +#: ../../configuration/protocols/rpki.rst:143 msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -3542,7 +3908,7 @@ msgstr "Console" msgid "Console Server" msgstr "Console Server" -#: ../../configuration/container/index.rst:106 +#: ../../configuration/container/index.rst:111 msgid "Constrain the memory available to the container." msgstr "Constrain the memory available to the container." @@ -3550,6 +3916,14 @@ msgstr "Constrain the memory available to the container." msgid "Container" msgstr "Container" +#: ../../configuration/container/index.rst:136 +msgid "Container Networks" +msgstr "Container Networks" + +#: ../../configuration/container/index.rst:156 +msgid "Container Registry" +msgstr "Container Registry" + #: ../../configuration/system/conntrack.rst:65 msgid "Contrack Timeouts" msgstr "Contrack Timeouts" @@ -3590,7 +3964,10 @@ msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are take msgid "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" msgstr "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" -#: ../../configuration/vpn/sstp.rst:70 +#: ../../configuration/service/pppoe-server.rst:49 +#: ../../configuration/vpn/l2tp.rst:36 +#: ../../configuration/vpn/pptp.rst:38 +#: ../../configuration/vpn/sstp.rst:63 msgid "Create `<user>` for local authentication on this system. The users password will be set to `<pass>`." msgstr "Create `<user>` for local authentication on this system. The users password will be set to `<pass>`." @@ -3606,6 +3983,10 @@ msgstr "Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using msgid "Create a load balancing rule, it can be a number between 1 and 9999:" msgstr "Create a load balancing rule, it can be a number between 1 and 9999:" +#: ../../configuration/service/dhcp-server.rst:189 +msgid "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its DHCP unique identifier (DUID) `<identifier>`." +msgstr "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its DHCP unique identifier (DUID) `<identifier>`." + #: ../../configuration/service/dhcp-server.rst:183 msgid "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`." msgstr "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`." @@ -3614,31 +3995,31 @@ msgstr "Create a new DHCP static mapping named `<description>` which is valid fo msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." -#: ../../configuration/pki/index.rst:40 -#: ../../configuration/pki/index.rst:45 +#: ../../configuration/pki/index.rst:42 +#: ../../configuration/pki/index.rst:47 msgid "Create a new :abbr:`CA (Certificate Authority)` and output the CAs public and private key on the console." msgstr "Create a new :abbr:`CA (Certificate Authority)` and output the CAs public and private key on the console." -#: ../../configuration/pki/index.rst:67 -#: ../../configuration/pki/index.rst:71 +#: ../../configuration/pki/index.rst:69 +#: ../../configuration/pki/index.rst:73 msgid "Create a new public/private keypair and output the certificate on the console." msgstr "Create a new public/private keypair and output the certificate on the console." -#: ../../configuration/pki/index.rst:89 -#: ../../configuration/pki/index.rst:94 +#: ../../configuration/pki/index.rst:91 +#: ../../configuration/pki/index.rst:96 msgid "Create a new public/private keypair which is signed by the CA referenced by `ca-name`. The signed certificate is then output to the console." msgstr "Create a new public/private keypair which is signed by the CA referenced by `ca-name`. The signed certificate is then output to the console." -#: ../../configuration/pki/index.rst:77 -#: ../../configuration/pki/index.rst:82 +#: ../../configuration/pki/index.rst:79 +#: ../../configuration/pki/index.rst:84 msgid "Create a new self-signed certificate. The public/private is then shown on the console." msgstr "Create a new self-signed certificate. The public/private is then shown on the console." -#: ../../configuration/pki/index.rst:52 +#: ../../configuration/pki/index.rst:54 msgid "Create a new subordinate :abbr:`CA (Certificate Authority)` and sign it using the private key referenced by `ca-name`." msgstr "Create a new subordinate :abbr:`CA (Certificate Authority)` and sign it using the private key referenced by `ca-name`." -#: ../../configuration/pki/index.rst:57 +#: ../../configuration/pki/index.rst:59 msgid "Create a new subordinate :abbr:`CA (Certificate Authority)` and sign it using the private key referenced by `name`." msgstr "Create a new subordinate :abbr:`CA (Certificate Authority)` and sign it using the private key referenced by `name`." @@ -3686,10 +4067,15 @@ msgstr "Create named `<alias>` for the configured static mapping for `<hostname> msgid "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF." msgstr "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF." -#: ../../configuration/service/dns.rst:234 +#: ../../configuration/service/dns.rst:248 msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." msgstr "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." +#: ../../configuration/service/dns.rst:221 +#: ../../configuration/service/dns.rst:326 +msgid "Create new dynamic DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." +msgstr "Create new dynamic DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." + #: ../../configuration/system/login.rst:21 msgid "Create new system user with username `<name>` and real-name specified by `<string>`." msgstr "Create new system user with username `<name>` and real-name specified by `<string>`." @@ -3698,10 +4084,14 @@ msgstr "Create new system user with username `<name>` and real-name specified by msgid "Create service `<name>` to listen on <port>" msgstr "Create service `<name>` to listen on <port>" -#: ../../configuration/container/index.rst:132 +#: ../../configuration/container/index.rst:140 msgid "Creates a named container network" msgstr "Creates a named container network" +#: ../../configuration/service/ipoe-server.rst:55 +msgid "Creates local IPoE user with username=**<interface>** and password=**<MAC>** (mac-address)" +msgstr "Creates local IPoE user with username=**<interface>** and password=**<MAC>** (mac-address)" + #: ../../configuration/vpn/dmvpn.rst:83 msgid "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." @@ -3722,6 +4112,10 @@ msgstr "Creating a traffic policy" msgid "Creating rules for using flow tables:" msgstr "Creating rules for using flow tables:" +#: ../../configuration/container/index.rst:173 +msgid "Credentials can be defined here and will only be used when adding a container image to the system." +msgstr "Credentials can be defined here and will only be used when adding a container image to the system." + #: ../../configuration/system/syslog.rst:178 msgid "Critical" msgstr "Critical" @@ -3754,7 +4148,7 @@ msgstr "Cur Hop Limit" msgid "Currently does not do much as caching is not implemented." msgstr "Currently does not do much as caching is not implemented." -#: ../../configuration/vrf/index.rst:86 +#: ../../configuration/vrf/index.rst:105 msgid "Currently dynamic routing is supported for the following protocols:" msgstr "Currently dynamic routing is supported for the following protocols:" @@ -3778,7 +4172,7 @@ msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." -#: ../../configuration/highavailability/index.rst:373 +#: ../../configuration/highavailability/index.rst:383 msgid "Custom health-check script allows checking real-server availability" msgstr "Custom health-check script allows checking real-server availability" @@ -3794,6 +4188,10 @@ msgstr "DCO can be enabled for both new and existing tunnels,VyOS adds an option msgid "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." msgstr "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." +#: ../../configuration/service/ids.rst:5 +msgid "DDoS Protection" +msgstr "DDoS Protection" + #: ../../configuration/service/dhcp-relay.rst:5 msgid "DHCP Relay" msgstr "DHCP Relay" @@ -3802,15 +4200,15 @@ msgstr "DHCP Relay" msgid "DHCP Server" msgstr "DHCP Server" -#: ../../configuration/service/dhcp-server.rst:351 +#: ../../configuration/service/dhcp-server.rst:357 msgid "DHCP failover parameters" msgstr "DHCP failover parameters" -#: ../../configuration/service/dhcp-server.rst:341 +#: ../../configuration/service/dhcp-server.rst:347 msgid "DHCP lease range" msgstr "DHCP lease range" -#: ../../configuration/service/dhcp-server.rst:377 +#: ../../configuration/service/dhcp-server.rst:383 msgid "DHCP range spans from `192.168.189.10` - `192.168.189.250`" msgstr "DHCP range spans from `192.168.189.10` - `192.168.189.250`" @@ -3822,7 +4220,7 @@ msgstr "DHCP relay example" msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." -#: ../../configuration/service/dhcp-server.rst:584 +#: ../../configuration/service/dhcp-server.rst:590 msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." @@ -3887,11 +4285,11 @@ msgstr "DNS name servers" msgid "DNS search list to advertise" msgstr "DNS search list to advertise" -#: ../../configuration/service/dhcp-server.rst:261 +#: ../../configuration/service/dhcp-server.rst:267 msgid "DNS server IPv4 address" msgstr "DNS server IPv4 address" -#: ../../configuration/service/dhcp-server.rst:591 +#: ../../configuration/service/dhcp-server.rst:597 msgid "DNS server is located at ``2001:db8::ffff``" msgstr "DNS server is located at ``2001:db8::ffff``" @@ -3903,7 +4301,7 @@ msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:" msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/ipv4.rst:444 +#: ../../configuration/firewall/ipv4.rst:467 #: ../../configuration/firewall/ipv6.rst:451 msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." @@ -3940,15 +4338,18 @@ msgstr "Default Gateway/Route" msgid "Default Router Preference" msgstr "Default Router Preference" -#: ../../configuration/vpn/sstp.rst:201 +#: ../../configuration/service/pppoe-server.rst:509 +#: ../../configuration/vpn/l2tp.rst:463 +#: ../../configuration/vpn/pptp.rst:387 +#: ../../configuration/vpn/sstp.rst:421 msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." -#: ../../configuration/service/dhcp-server.rst:374 +#: ../../configuration/service/dhcp-server.rst:380 msgid "Default gateway and DNS server is at `192.0.2.254`" msgstr "Default gateway and DNS server is at `192.0.2.254`" -#: ../../configuration/container/index.rst:108 +#: ../../configuration/container/index.rst:113 msgid "Default is 512 MB. Use 0 MB for unlimited memory." msgstr "Default is 512 MB. Use 0 MB for unlimited memory." @@ -3976,7 +4377,7 @@ msgstr "Defaults to 'uid'" msgid "Defaults to 225.0.0.50." msgstr "Defaults to 225.0.0.50." -#: ../../configuration/system/option.rst:68 +#: ../../configuration/system/option.rst:98 msgid "Defaults to ``us``." msgstr "Defaults to ``us``." @@ -3988,6 +4389,10 @@ msgstr "Define Conection Timeouts" msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." +#: ../../configuration/container/index.rst:148 +msgid "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." +msgstr "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." + #: ../../configuration/firewall/groups.rst:52 msgid "Define a IPv4 or IPv6 Network group." msgstr "Define a IPv4 or IPv6 Network group." @@ -4040,6 +4445,10 @@ msgstr "Define different modes for sending replies in response to received ARP r msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface." msgstr "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface." +#: ../../configuration/service/ntp.rst:88 +msgid "Define how to handle leaf-seonds." +msgstr "Define how to handle leaf-seonds." + #: ../../configuration/firewall/flowtables.rst:71 msgid "Define interfaces to be used in the flowtable." msgstr "Define interfaces to be used in the flowtable." @@ -4080,7 +4489,7 @@ msgstr "Define the zone as a local zone. A local zone has no interfaces and will msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." -#: ../../configuration/protocols/rpki.rst:114 +#: ../../configuration/protocols/rpki.rst:128 msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used." msgstr "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used." @@ -4092,26 +4501,47 @@ msgstr "Defines alternate sources for multicasting and IGMP data. The network ad msgid "Defines an off-NBMA network prefix for which the GRE interface will act as a gateway. This an alternative to defining local interfaces with shortcut-destination flag." msgstr "Defines an off-NBMA network prefix for which the GRE interface will act as a gateway. This an alternative to defining local interfaces with shortcut-destination flag." -#: ../../configuration/protocols/static.rst:120 -#: ../../configuration/protocols/static.rst:133 +#: ../../configuration/protocols/static.rst:154 +#: ../../configuration/protocols/static.rst:167 msgid "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." +#: ../../configuration/service/pppoe-server.rst:496 +#: ../../configuration/vpn/l2tp.rst:450 +#: ../../configuration/vpn/pptp.rst:374 +#: ../../configuration/vpn/sstp.rst:408 +msgid "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." +msgstr "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." + #: ../../configuration/protocols/static.rst:34 #: ../../configuration/protocols/static.rst:54 -#: ../../configuration/protocols/static.rst:81 -#: ../../configuration/protocols/static.rst:101 +#: ../../configuration/protocols/static.rst:104 +#: ../../configuration/protocols/static.rst:124 msgid "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." +#: ../../configuration/service/pppoe-server.rst:515 +#: ../../configuration/vpn/l2tp.rst:469 +#: ../../configuration/vpn/pptp.rst:393 +#: ../../configuration/vpn/sstp.rst:427 +msgid "Defines preferred MRU. By default is not defined." +msgstr "Defines preferred MRU. By default is not defined." + #: ../../configuration/protocols/failover.rst:31 msgid "Defines protocols for checking ARP, ICMP, TCP" msgstr "Defines protocols for checking ARP, ICMP, TCP" -#: ../../configuration/vpn/sstp.rst:178 +#: ../../configuration/vpn/sstp.rst:184 msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." +#: ../../configuration/service/pppoe-server.rst:479 +#: ../../configuration/vpn/l2tp.rst:433 +#: ../../configuration/vpn/pptp.rst:357 +#: ../../configuration/vpn/sstp.rst:391 +msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." +msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" @@ -4120,15 +4550,15 @@ msgstr "Defines the specified device as a system console. Available console devi msgid "Defining Peers" msgstr "Defining Peers" -#: ../../configuration/service/dhcp-server.rst:579 +#: ../../configuration/service/dhcp-server.rst:585 msgid "Delegate prefixes from the range indicated by the start and stop qualifier." msgstr "Delegate prefixes from the range indicated by the start and stop qualifier." -#: ../../configuration/policy/route-map.rst:231 +#: ../../configuration/policy/route-map.rst:234 msgid "Delete BGP communities matching the community-list." msgstr "Delete BGP communities matching the community-list." -#: ../../configuration/policy/route-map.rst:246 +#: ../../configuration/policy/route-map.rst:249 msgid "Delete BGP communities matching the large-community-list." msgstr "Delete BGP communities matching the large-community-list." @@ -4136,11 +4566,15 @@ msgstr "Delete BGP communities matching the large-community-list." msgid "Delete Logs" msgstr "Delete Logs" -#: ../../configuration/policy/route-map.rst:226 +#: ../../configuration/container/index.rst:211 +msgid "Delete a particular container image based on it's image ID. You can also delete all container images at once." +msgstr "Delete a particular container image based on it's image ID. You can also delete all container images at once." + +#: ../../configuration/policy/route-map.rst:229 msgid "Delete all BGP communities" msgstr "Delete all BGP communities" -#: ../../configuration/policy/route-map.rst:241 +#: ../../configuration/policy/route-map.rst:244 msgid "Delete all BGP large-communities" msgstr "Delete all BGP large-communities" @@ -4205,15 +4639,37 @@ msgstr "Devices evaluating whether an IPv4 address is public must be updated to msgid "Different NAT Types" msgstr "Different NAT Types" -#: ../../configuration/pki/index.rst:100 +#: ../../configuration/pki/index.rst:102 msgid "Diffie-Hellman parameters" msgstr "Diffie-Hellman parameters" +#: ../../configuration/service/ids.rst:93 +msgid "Direction: **in** and **out**. Protect public network from external attacks, and identify internal attacks towards internet." +msgstr "Direction: **in** and **out**. Protect public network from external attacks, and identify internal attacks towards internet." + +#: ../../configuration/system/option.rst:46 +msgid "Disable CPU power saving mechanisms also known as C states." +msgstr "Disable CPU power saving mechanisms also known as C states." + +#: ../../configuration/service/pppoe-server.rst:457 +#: ../../configuration/vpn/l2tp.rst:411 +#: ../../configuration/vpn/pptp.rst:335 +#: ../../configuration/vpn/sstp.rst:369 +msgid "Disable Compression Control Protocol (CCP). CCP is enabled by default." +msgstr "Disable Compression Control Protocol (CCP). CCP is enabled by default." + #: ../../configuration/protocols/pim6.rst:37 msgid "Disable MLD reports and query on the interface." msgstr "Disable MLD reports and query on the interface." -#: ../../configuration/vpn/sstp.rst:75 +#: ../../configuration/system/login.rst:39 +msgid "Disable (lock) account. User will not be able to log in." +msgstr "Disable (lock) account. User will not be able to log in." + +#: ../../configuration/service/pppoe-server.rst:432 +#: ../../configuration/vpn/l2tp.rst:376 +#: ../../configuration/vpn/pptp.rst:300 +#: ../../configuration/vpn/sstp.rst:334 msgid "Disable `<user>` account." msgstr "Disable `<user>` account." @@ -4221,11 +4677,23 @@ msgstr "Disable `<user>` account." msgid "Disable a BFD peer" msgstr "Disable a BFD peer" -#: ../../configuration/container/index.rst:128 +#: ../../configuration/container/index.rst:133 msgid "Disable a container." msgstr "Disable a container." -#: ../../configuration/firewall/ipv4.rst:930 +#: ../../configuration/container/index.rst:166 +msgid "Disable a given container registry" +msgstr "Disable a given container registry" + +#: ../../configuration/system/option.rst:35 +msgid "Disable all optional CPU mitigations. This improves system performance, but it may also expose users to several CPU vulnerabilities." +msgstr "Disable all optional CPU mitigations. This improves system performance, but it may also expose users to several CPU vulnerabilities." + +#: ../../configuration/service/conntrack-sync.rst:103 +msgid "Disable connection logging via Syslog." +msgstr "Disable connection logging via Syslog." + +#: ../../configuration/firewall/ipv4.rst:953 #: ../../configuration/firewall/ipv6.rst:939 msgid "Disable conntrack loose track option" msgstr "Disable conntrack loose track option" @@ -4242,7 +4710,7 @@ msgstr "Disable dhcpv6-relay service." msgid "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state." msgstr "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state." -#: ../../configuration/protocols/bgp.rst:616 +#: ../../configuration/protocols/bgp.rst:628 msgid "Disable immediate session reset if peer's connected link goes down." msgstr "Disable immediate session reset if peer's connected link goes down." @@ -4286,11 +4754,11 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." -#: ../../configuration/protocols/static.rst:76 +#: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Disables interface-based IPv4 static route." -#: ../../configuration/protocols/static.rst:96 +#: ../../configuration/protocols/static.rst:119 msgid "Disables interface-based IPv6 static route." msgstr "Disables interface-based IPv6 static route." @@ -4306,7 +4774,7 @@ msgstr "Disables web filtering without discarding configuration." msgid "Disables web proxy transparent mode at a listening address." msgstr "Disables web proxy transparent mode at a listening address." -#: ../../configuration/service/router-advert.rst:73 +#: ../../configuration/service/router-advert.rst:99 msgid "Disabling Advertisements" msgstr "Disabling Advertisements" @@ -4326,11 +4794,11 @@ msgstr "Disadvantages are:" msgid "Disassociate stations based on excessive transmission failures or other indications of connection loss." msgstr "Disassociate stations based on excessive transmission failures or other indications of connection loss." -#: ../../configuration/vrf/index.rst:142 +#: ../../configuration/vrf/index.rst:161 msgid "Display IPv4 routing table for VRF identified by `<name>`." msgstr "Display IPv4 routing table for VRF identified by `<name>`." -#: ../../configuration/vrf/index.rst:161 +#: ../../configuration/vrf/index.rst:180 msgid "Display IPv6 routing table for VRF identified by `<name>`." msgstr "Display IPv6 routing table for VRF identified by `<name>`." @@ -4338,7 +4806,7 @@ msgstr "Display IPv6 routing table for VRF identified by `<name>`." msgid "Display Logs" msgstr "Display Logs" -#: ../../configuration/system/login.rst:188 +#: ../../configuration/system/login.rst:192 msgid "Display OTP key for user" msgstr "Display OTP key for user" @@ -4346,11 +4814,11 @@ msgstr "Display OTP key for user" msgid "Display all authorization attempts of the specified image" msgstr "Display all authorization attempts of the specified image" -#: ../../configuration/protocols/static.rst:200 +#: ../../configuration/protocols/static.rst:233 msgid "Display all known ARP table entries on a given interface only (`eth1`):" msgstr "Display all known ARP table entries on a given interface only (`eth1`):" -#: ../../configuration/protocols/static.rst:188 +#: ../../configuration/protocols/static.rst:221 msgid "Display all known ARP table entries spanning across all interfaces" msgstr "Display all known ARP table entries spanning across all interfaces" @@ -4382,7 +4850,7 @@ msgstr "Displays information about all neighbors discovered via LLDP." msgid "Displays queue information for a PPPoE interface." msgstr "Displays queue information for a PPPoE interface." -#: ../../configuration/vrf/index.rst:213 +#: ../../configuration/vrf/index.rst:232 msgid "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." msgstr "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." @@ -4390,14 +4858,28 @@ msgstr "Displays the route packets taken to a network host utilizing VRF instanc msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows." msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows." +#: ../../configuration/system/ip.rst:55 +#: ../../configuration/vrf/index.rst:79 +#: ../../configuration/vrf/index.rst:85 +msgid "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." +msgstr "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." + +#: ../../configuration/system/ipv6.rst:51 +msgid "Do not allow IPv6 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." +msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." + #: ../../_include/interface-ipv6.txt:37 msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1208 +#: ../../configuration/trafficpolicy/index.rst:1210 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." +#: ../../configuration/protocols/bgp.rst:609 +msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." +msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." + #: ../../configuration/service/dns.rst:103 msgid "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses." msgstr "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses." @@ -4426,7 +4908,7 @@ msgstr "Domain name(s) for which to obtain certificate" msgid "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters." msgstr "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters." -#: ../../configuration/pki/index.rst:259 +#: ../../configuration/pki/index.rst:290 msgid "Domain names to apply, multiple domain-names can be specified." msgstr "Domain names to apply, multiple domain-names can be specified." @@ -4435,19 +4917,19 @@ msgstr "Domain names to apply, multiple domain-names can be specified." msgid "Domain search order" msgstr "Domain search order" -#: ../../configuration/pki/index.rst:25 +#: ../../configuration/pki/index.rst:27 msgid "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!" msgstr "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!" -#: ../../configuration/protocols/bgp.rst:1172 +#: ../../configuration/protocols/bgp.rst:1194 msgid "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**" msgstr "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**" -#: ../../configuration/protocols/bgp.rst:1126 +#: ../../configuration/protocols/bgp.rst:1148 msgid "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**" msgstr "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**" -#: ../../configuration/vpn/site2site_ipsec.rst:299 +#: ../../configuration/vpn/site2site_ipsec.rst:302 msgid "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links." msgstr "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links." @@ -4459,10 +4941,17 @@ msgstr "Download/Update complete blacklist" msgid "Download/Update partial blacklist." msgstr "Download/Update partial blacklist." -#: ../../configuration/vpn/sstp.rst:85 +#: ../../configuration/service/pppoe-server.rst:262 +#: ../../configuration/vpn/l2tp.rst:386 +#: ../../configuration/vpn/pptp.rst:310 +#: ../../configuration/vpn/sstp.rst:344 msgid "Download bandwidth limit in kbit/s for `<user>`." msgstr "Download bandwidth limit in kbit/s for `<user>`." +#: ../../configuration/service/ipoe-server.rst:320 +msgid "Download bandwidth limit in kbit/s for user on interface `<interface>`." +msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." + #: ../../configuration/policy/route-map.rst:202 msgid "Drop AS-NUMBER from the BGP AS path." msgstr "Drop AS-NUMBER from the BGP AS path." @@ -4479,7 +4968,7 @@ msgstr "Drop rate" msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" -#: ../../configuration/service/pppoe-server.rst:367 +#: ../../configuration/service/pppoe-server.rst:625 msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" @@ -4495,19 +4984,23 @@ msgstr "Dummy interface" msgid "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." msgstr "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." -#: ../../configuration/vrf/index.rst:193 +#: ../../configuration/vrf/index.rst:212 msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." -#: ../../configuration/pki/index.rst:285 +#: ../../configuration/pki/index.rst:316 msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" +#: ../../configuration/vpn/ipsec.rst:568 +msgid "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." +msgstr "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." + #: ../../configuration/service/ssh.rst:113 msgid "Dynamic-protection" msgstr "Dynamic-protection" -#: ../../configuration/service/dns.rst:212 +#: ../../configuration/service/dns.rst:199 msgid "Dynamic DNS" msgstr "Dynamic DNS" @@ -4519,11 +5012,11 @@ msgstr "EAPoL comes with an identify option. We automatically use the interface msgid "ESP Phase:" msgstr "ESP Phase:" -#: ../../configuration/vpn/ipsec.rst:111 +#: ../../configuration/vpn/ipsec.rst:113 msgid "ESP (Encapsulating Security Payload) Attributes" msgstr "ESP (Encapsulating Security Payload) Attributes" -#: ../../configuration/vpn/ipsec.rst:112 +#: ../../configuration/vpn/ipsec.rst:115 msgid "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" msgstr "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" @@ -4587,7 +5080,7 @@ msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is msgid "Email address to associate with certificate" msgstr "Email address to associate with certificate" -#: ../../configuration/pki/index.rst:265 +#: ../../configuration/pki/index.rst:296 msgid "Email used for registration and recovery contact." msgstr "Email used for registration and recovery contact." @@ -4599,35 +5092,35 @@ msgstr "Embedding one policy into another one" msgid "Emergency" msgstr "Emergency" -#: ../../configuration/protocols/bfd.rst:89 +#: ../../configuration/protocols/bfd.rst:96 msgid "Enable BFD for ISIS on an interface" msgstr "Enable BFD for ISIS on an interface" -#: ../../configuration/protocols/bfd.rst:77 +#: ../../configuration/protocols/bfd.rst:84 msgid "Enable BFD for OSPF on an interface" msgstr "Enable BFD for OSPF on an interface" -#: ../../configuration/protocols/bfd.rst:81 +#: ../../configuration/protocols/bfd.rst:88 msgid "Enable BFD for OSPFv3 on an interface" msgstr "Enable BFD for OSPFv3 on an interface" -#: ../../configuration/protocols/bfd.rst:61 +#: ../../configuration/protocols/bfd.rst:68 msgid "Enable BFD in BGP" msgstr "Enable BFD in BGP" -#: ../../configuration/protocols/bfd.rst:85 +#: ../../configuration/protocols/bfd.rst:92 msgid "Enable BFD in ISIS" msgstr "Enable BFD in ISIS" -#: ../../configuration/protocols/bfd.rst:73 +#: ../../configuration/protocols/bfd.rst:80 msgid "Enable BFD in OSPF" msgstr "Enable BFD in OSPF" -#: ../../configuration/protocols/bfd.rst:69 +#: ../../configuration/protocols/bfd.rst:76 msgid "Enable BFD on a BGP peer group" msgstr "Enable BFD on a BGP peer group" -#: ../../configuration/protocols/bfd.rst:65 +#: ../../configuration/protocols/bfd.rst:72 msgid "Enable BFD on a single BGP neighbor" msgstr "Enable BFD on a single BGP neighbor" @@ -4651,7 +5144,7 @@ msgstr "Enable IGMP and MLD querier." msgid "Enable IGMP and MLD snooping." msgstr "Enable IGMP and MLD snooping." -#: ../../configuration/service/dhcp-server.rst:271 +#: ../../configuration/service/dhcp-server.rst:277 msgid "Enable IP forwarding on client" msgstr "Enable IP forwarding on client" @@ -4705,7 +5198,7 @@ msgstr "Enable OSPF with Segment Routing (Experimental):" msgid "Enable OSPF with route redistribution of the loopback and default originate:" msgstr "Enable OSPF with route redistribution of the loopback and default originate:" -#: ../../configuration/system/login.rst:103 +#: ../../configuration/system/login.rst:107 msgid "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." msgstr "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." @@ -4713,6 +5206,18 @@ msgstr "Enable OTP 2FA for user `username` with default settings, using the BASE msgid "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." +#: ../../configuration/service/router-advert.rst:82 +msgid "Enable PREF64 option as outlined in :rfc:`8781`." +msgstr "Enable PREF64 option as outlined in :rfc:`8781`." + +#: ../../configuration/service/ipoe-server.rst:386 +#: ../../configuration/service/pppoe-server.rst:575 +#: ../../configuration/vpn/l2tp.rst:510 +#: ../../configuration/vpn/pptp.rst:434 +#: ../../configuration/vpn/sstp.rst:468 +msgid "Enable SNMP" +msgstr "Enable SNMP" + #: ../../configuration/service/lldp.rst:59 msgid "Enable SNMP queries of the LLDP database" msgstr "Enable SNMP queries of the LLDP database" @@ -4833,15 +5338,19 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." -#: ../../configuration/vrf/index.rst:461 +#: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." -#: ../../configuration/vpn/sstp.rst:277 +#: ../../configuration/service/ipoe-server.rst:220 +#: ../../configuration/service/pppoe-server.rst:182 +#: ../../configuration/vpn/l2tp.rst:225 +#: ../../configuration/vpn/pptp.rst:165 +#: ../../configuration/vpn/sstp.rst:198 msgid "Enables bandwidth shaping via RADIUS." msgstr "Enables bandwidth shaping via RADIUS." -#: ../../configuration/vrf/index.rst:483 +#: ../../configuration/vrf/index.rst:502 msgid "Enables import or export of routes between the current unicast VRF and VPN." msgstr "Enables import or export of routes between the current unicast VRF and VPN." @@ -4853,6 +5362,10 @@ msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is o msgid "Enables the echo transmission mode" msgstr "Enables the echo transmission mode" +#: ../../configuration/system/option.rst:27 +msgid "Enables the root partition auto-extension and resizes to the maximum available space on system boot." +msgstr "Enables the root partition auto-extension and resizes to the maximum available space on system boot." + #: ../../configuration/service/router-advert.rst:27 msgid "Enabling Advertisments" msgstr "Enabling Advertisments" @@ -4877,7 +5390,7 @@ msgstr "Enforce strict path checking" msgid "Enslave `<member>` interface to bond `<interface>`." msgstr "Enslave `<member>` interface to bond `<interface>`." -#: ../../configuration/protocols/bgp.rst:764 +#: ../../configuration/protocols/bgp.rst:786 msgid "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." msgstr "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." @@ -4945,11 +5458,11 @@ msgstr "Every NAT rule has a translation command defined. The address defined fo msgid "Every SNAT66 rule has a translation command defined. The prefix defined for the translation is the prefix used when the address information in a packet is replaced.、" msgstr "Every SNAT66 rule has a translation command defined. The prefix defined for the translation is the prefix used when the address information in a packet is replaced.、" -#: ../../configuration/system/login.rst:47 +#: ../../configuration/system/login.rst:51 msgid "Every SSH key comes in three parts:" msgstr "Every SSH key comes in three parts:" -#: ../../configuration/system/login.rst:68 +#: ../../configuration/system/login.rst:72 msgid "Every SSH public key portion referenced by `<identifier>` requires the configuration of the `<type>` of public-key used. This type can be any of:" msgstr "Every SSH public key portion referenced by `<identifier>` requires the configuration of the `<type>` of public-key used. This type can be any of:" @@ -4965,12 +5478,16 @@ msgstr "Every Virtual Ethernet interfaces behaves like a real Ethernet interface msgid "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." +#: ../../configuration/vpn/ipsec.rst:439 +msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." +msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:98 msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." #: ../../configuration/firewall/bridge.rst:321 -#: ../../configuration/highavailability/index.rst:397 +#: ../../configuration/highavailability/index.rst:407 #: ../../configuration/interfaces/bonding.rst:291 #: ../../configuration/interfaces/l2tpv3.rst:86 #: ../../configuration/interfaces/pppoe.rst:323 @@ -4980,23 +5497,24 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/protocols/failover.rst:63 #: ../../configuration/protocols/igmp-proxy.rst:61 #: ../../configuration/protocols/pim.rst:217 -#: ../../configuration/protocols/rpki.rst:156 +#: ../../configuration/protocols/rpki.rst:166 #: ../../configuration/service/broadcast-relay.rst:55 -#: ../../configuration/service/conntrack-sync.rst:186 +#: ../../configuration/service/conntrack-sync.rst:190 #: ../../configuration/service/dhcp-relay.rst:85 #: ../../configuration/service/dhcp-relay.rst:174 -#: ../../configuration/service/dhcp-server.rst:362 -#: ../../configuration/service/dns.rst:160 -#: ../../configuration/service/dns.rst:276 +#: ../../configuration/service/dhcp-server.rst:368 +#: ../../configuration/service/dns.rst:147 +#: ../../configuration/service/dns.rst:260 #: ../../configuration/service/eventhandler.rst:83 -#: ../../configuration/service/ipoe-server.rst:150 +#: ../../configuration/service/ids.rst:82 #: ../../configuration/service/mdns.rst:50 #: ../../configuration/service/monitoring.rst:134 +#: ../../configuration/service/router-advert.rst:108 #: ../../configuration/service/snmp.rst:94 #: ../../configuration/service/snmp.rst:145 #: ../../configuration/service/tftp-server.rst:47 #: ../../configuration/system/acceleration.rst:58 -#: ../../configuration/system/login.rst:397 +#: ../../configuration/system/login.rst:401 #: ../../configuration/system/name-server.rst:28 #: ../../configuration/system/name-server.rst:63 #: ../../configuration/system/sflow.rst:49 @@ -5005,9 +5523,8 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/trafficpolicy/index.rst:1122 #: ../../configuration/vpn/dmvpn.rst:161 #: ../../configuration/vpn/openconnect.rst:97 -#: ../../configuration/vpn/sstp.rst:286 -#: ../../configuration/vrf/index.rst:99 -#: ../../configuration/vrf/index.rst:232 +#: ../../configuration/vrf/index.rst:118 +#: ../../configuration/vrf/index.rst:251 msgid "Example" msgstr "Example" @@ -5028,16 +5545,18 @@ msgstr "Example, from radius-server send command for disconnect client with user #: ../../configuration/nat/nat44.rst:425 #: ../../configuration/nat/nat66.rst:78 #: ../../configuration/nat/nat66.rst:96 -#: ../../configuration/protocols/static.rst:174 -#: ../../configuration/service/dns.rst:363 +#: ../../configuration/protocols/static.rst:67 +#: ../../configuration/protocols/static.rst:135 +#: ../../configuration/protocols/static.rst:207 +#: ../../configuration/service/dns.rst:366 #: ../../configuration/service/monitoring.rst:69 #: ../../configuration/service/monitoring.rst:98 #: ../../configuration/service/ssh.rst:165 #: ../../configuration/service/ssh.rst:200 #: ../../configuration/system/flow-accounting.rst:164 -#: ../../configuration/vpn/l2tp.rst:41 -#: ../../configuration/vpn/site2site_ipsec.rst:162 -#: ../../configuration/vpn/site2site_ipsec.rst:273 +#: ../../configuration/vpn/l2tp.rst:91 +#: ../../configuration/vpn/site2site_ipsec.rst:165 +#: ../../configuration/vpn/site2site_ipsec.rst:276 #: ../../_include/interface-address-with-dhcp.txt:22 #: ../../_include/interface-address.txt:9 #: ../../_include/interface-description.txt:7 @@ -5121,13 +5640,12 @@ msgstr "Example: Set `eth0` member port to be native VLAN 2" msgid "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." -#: ../../configuration/container/index.rst:177 +#: ../../configuration/container/index.rst:216 #: ../../configuration/service/https.rst:77 -#: ../../configuration/service/router-advert.rst:80 msgid "Example Configuration" msgstr "Example Configuration" -#: ../../configuration/service/dns.rst:378 +#: ../../configuration/service/dns.rst:384 msgid "Example IPv6 only:" msgstr "Example IPv6 only:" @@ -5135,7 +5653,7 @@ msgstr "Example IPv6 only:" msgid "Example Network" msgstr "Example Network" -#: ../../configuration/firewall/ipv4.rst:1130 +#: ../../configuration/firewall/ipv4.rst:1153 #: ../../configuration/firewall/ipv6.rst:1153 msgid "Example Partial Config" msgstr "Example Partial Config" @@ -5156,7 +5674,7 @@ msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access ( msgid "Example of redirection:" msgstr "Example of redirection:" -#: ../../configuration/firewall/ipv4.rst:925 +#: ../../configuration/firewall/ipv4.rst:948 #: ../../configuration/firewall/ipv6.rst:934 msgid "Example synproxy" msgstr "Example synproxy" @@ -5167,16 +5685,16 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/wireless.rst:541 #: ../../configuration/loadbalancing/reverse-proxy.rst:187 #: ../../configuration/policy/index.rst:46 -#: ../../configuration/protocols/bgp.rst:1096 +#: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 #: ../../configuration/protocols/ospf.rst:834 -#: ../../configuration/service/pppoe-server.rst:343 +#: ../../configuration/service/pppoe-server.rst:601 #: ../../configuration/service/webproxy.rst:419 msgid "Examples" msgstr "Examples" #: ../../configuration/nat/nat44.rst:154 -#: ../../configuration/vpn/site2site_ipsec.rst:157 +#: ../../configuration/vpn/site2site_ipsec.rst:160 msgid "Examples:" msgstr "Examples:" @@ -5224,6 +5742,10 @@ msgstr "External DHCPv6 server is at 2001:db8::4" msgid "External Route Summarisation" msgstr "External Route Summarisation" +#: ../../configuration/service/ids.rst:101 +msgid "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" +msgstr "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" + #: ../../configuration/trafficpolicy/index.rst:441 msgid "FQ-CoDel" msgstr "FQ-CoDel" @@ -5275,7 +5797,7 @@ msgstr "Facility Code" #: ../../configuration/loadbalancing/wan.rst:218 #: ../../configuration/protocols/failover.rst:3 #: ../../configuration/service/dhcp-server.rst:136 -#: ../../configuration/service/dhcp-server.rst:369 +#: ../../configuration/service/dhcp-server.rst:375 msgid "Failover" msgstr "Failover" @@ -5303,6 +5825,14 @@ msgstr "Fair Queue is a non-shaping (work-conserving) policy, so it will only be msgid "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." msgstr "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." +#: ../../configuration/service/ids.rst:9 +msgid "FastNetMon" +msgstr "FastNetMon" + +#: ../../configuration/service/ids.rst:11 +msgid "FastNetMon is a high-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). It can detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event, such as calling a custom script." +msgstr "FastNetMon is a high-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). It can detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event, such as calling a custom script." + #: ../../configuration/protocols/rpki.rst:78 msgid "Features of the Current Implementation" msgstr "Features of the Current Implementation" @@ -5311,11 +5841,15 @@ msgstr "Features of the Current Implementation" msgid "Field" msgstr "Field" -#: ../../configuration/service/dns.rst:241 +#: ../../configuration/service/dns.rst:231 +msgid "File identified by `<filename>` containing the TSIG authentication key for RFC2136 nsupdate on remote DNS server." +msgstr "File identified by `<filename>` containing the TSIG authentication key for RFC2136 nsupdate on remote DNS server." + +#: ../../configuration/service/dns.rst:255 msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." -#: ../../configuration/service/pppoe-server.rst:228 +#: ../../configuration/service/pppoe-server.rst:302 msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" @@ -5404,7 +5938,7 @@ msgstr "Firewall groups represent collections of IP addresses, networks, ports, msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." -#: ../../configuration/highavailability/index.rst:381 +#: ../../configuration/highavailability/index.rst:391 msgid "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" @@ -5428,7 +5962,7 @@ msgstr "Firmware Update" msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." -#: ../../configuration/vpn/ipsec.rst:267 +#: ../../configuration/vpn/ipsec.rst:271 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." @@ -5544,15 +6078,15 @@ msgstr "For Hashing:" msgid "For IS-IS top operate correctly, one must do the equivalent of a Router ID in CLNS. This Router ID is called the :abbr:`NET (Network Entity Title)`. This must be unique for each and every router that is operating in IS-IS. It also must not be duplicated otherwise the same issues that occur within OSPF will occur within IS-IS when it comes to said duplication." msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router ID in CLNS. This Router ID is called the :abbr:`NET (Network Entity Title)`. This must be unique for each and every router that is operating in IS-IS. It also must not be duplicated otherwise the same issues that occur within OSPF will occur within IS-IS when it comes to said duplication." -#: ../../configuration/policy/route-map.rst:311 +#: ../../configuration/policy/route-map.rst:314 msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." -#: ../../configuration/service/pppoe-server.rst:188 +#: ../../configuration/service/pppoe-server.rst:257 msgid "For Local Users" msgstr "For Local Users" -#: ../../configuration/service/pppoe-server.rst:223 +#: ../../configuration/service/pppoe-server.rst:297 msgid "For RADIUS users" msgstr "For RADIUS users" @@ -5592,7 +6126,7 @@ msgstr "For a simple home network using just the ISP's equipment, this is usuall msgid "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." msgstr "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." -#: ../../configuration/system/login.rst:132 +#: ../../configuration/system/login.rst:136 msgid "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." msgstr "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." @@ -5618,7 +6152,7 @@ msgstr "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol t msgid "For generating an OTP key in VyOS, you can use the CLI command (operational mode):" msgstr "For generating an OTP key in VyOS, you can use the CLI command (operational mode):" -#: ../../configuration/protocols/bgp.rst:823 +#: ../../configuration/protocols/bgp.rst:845 msgid "For inbound updates the order of preference is:" msgstr "For inbound updates the order of preference is:" @@ -5642,7 +6176,11 @@ msgstr "For latest releases, refer the `firewall (interface-groups) <https://doc msgid "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_." msgstr "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_." -#: ../../configuration/service/pppoe-server.rst:299 +#: ../../configuration/protocols/bfd.rst:61 +msgid "For multi hop sessions only. Configure the minimum expected TTL for an incoming BFD control packet." +msgstr "For multi hop sessions only. Configure the minimum expected TTL for an incoming BFD control packet." + +#: ../../configuration/service/pppoe-server.rst:307 msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." @@ -5650,7 +6188,7 @@ msgstr "For network maintenance, it's a good idea to direct users to a backup se msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." -#: ../../configuration/protocols/bgp.rst:829 +#: ../../configuration/protocols/bgp.rst:851 msgid "For outbound updates the order of preference is:" msgstr "For outbound updates the order of preference is:" @@ -5695,7 +6233,7 @@ msgstr "For the average user a serial console has no advantage over a console of msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." -#: ../../configuration/container/index.rst:179 +#: ../../configuration/container/index.rst:218 msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." @@ -5737,7 +6275,7 @@ msgstr "Formally, a virtual link looks like a point-to-point network connecting msgid "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." msgstr "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." -#: ../../configuration/highavailability/index.rst:362 +#: ../../configuration/highavailability/index.rst:372 msgid "Forward method" msgstr "Forward method" @@ -5765,7 +6303,7 @@ msgstr "From a security perspective, it is not recommended to let a third party msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" -#: ../../configuration/highavailability/index.rst:380 +#: ../../configuration/highavailability/index.rst:390 msgid "Fwmark" msgstr "Fwmark" @@ -5806,6 +6344,11 @@ msgstr "GRE is often seen as a one size fits all solution when it comes to class msgid "Genearate a new OpenVPN shared secret. The generated secred is the output to the console." msgstr "Genearate a new OpenVPN shared secret. The generated secred is the output to the console." +#: ../../configuration/pki/index.rst:123 +#: ../../configuration/pki/index.rst:128 +msgid "Genearate a new OpenVPN shared secret. The generated secret is the output to the console." +msgstr "Genearate a new OpenVPN shared secret. The generated secret is the output to the console." + #: ../../configuration/protocols/isis.rst:25 #: ../../configuration/protocols/ospf.rst:25 #: ../../configuration/protocols/ospf.rst:1081 @@ -5835,18 +6378,18 @@ msgstr "Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key." msgid "Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key 128 or 256 bits." msgstr "Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key 128 or 256 bits." -#: ../../configuration/pki/index.rst:153 -#: ../../configuration/pki/index.rst:157 +#: ../../configuration/pki/index.rst:155 +#: ../../configuration/pki/index.rst:159 msgid "Generate a WireGuard pre-shared secret used for peers to communicate." msgstr "Generate a WireGuard pre-shared secret used for peers to communicate." -#: ../../configuration/pki/index.rst:136 -#: ../../configuration/pki/index.rst:141 +#: ../../configuration/pki/index.rst:138 +#: ../../configuration/pki/index.rst:143 msgid "Generate a new WireGuard public/private key portion and output the result to the console." msgstr "Generate a new WireGuard public/private key portion and output the result to the console." -#: ../../configuration/pki/index.rst:104 -#: ../../configuration/pki/index.rst:111 +#: ../../configuration/pki/index.rst:106 +#: ../../configuration/pki/index.rst:113 msgid "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." msgstr "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." @@ -5898,6 +6441,14 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" +#: ../../configuration/service/ipoe-server.rst:352 +#: ../../configuration/service/pppoe-server.rst:518 +#: ../../configuration/vpn/l2tp.rst:472 +#: ../../configuration/vpn/pptp.rst:396 +#: ../../configuration/vpn/sstp.rst:430 +msgid "Global Advanced options" +msgstr "Global Advanced options" + #: ../../configuration/firewall/general.rst:84 msgid "Global Options" msgstr "Global Options" @@ -5956,7 +6507,7 @@ msgstr "HTTP based services" msgid "HTTP basic authentication username" msgstr "HTTP basic authentication username" -#: ../../configuration/system/option.rst:27 +#: ../../configuration/system/option.rst:57 msgid "HTTP client" msgstr "HTTP client" @@ -5968,7 +6519,7 @@ msgstr "HT (High Throughput) capabilities (802.11n)" msgid "Hairpin NAT/NAT Reflection" msgstr "Hairpin NAT/NAT Reflection" -#: ../../configuration/service/dhcp-server.rst:573 +#: ../../configuration/service/dhcp-server.rst:579 msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." @@ -5980,7 +6531,7 @@ msgstr "Handling and monitoring" msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." -#: ../../configuration/highavailability/index.rst:372 +#: ../../configuration/highavailability/index.rst:382 msgid "Health-check" msgstr "Health-check" @@ -6024,7 +6575,7 @@ msgstr "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS msgid "Here is an example :abbr:`NET (Network Entity Title)` value:" msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:" -#: ../../configuration/protocols/rpki.rst:167 +#: ../../configuration/protocols/rpki.rst:177 msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." @@ -6074,7 +6625,7 @@ msgstr "Host Information" msgid "Host name" msgstr "Host name" -#: ../../configuration/service/dhcp-server.rst:630 +#: ../../configuration/service/dhcp-server.rst:638 msgid "Host specific mapping shall be named ``client1``" msgstr "Host specific mapping shall be named ``client1``" @@ -6094,7 +6645,7 @@ msgstr "How to configure Event Handler" msgid "How to make it work" msgstr "How to make it work" -#: ../../configuration/vpn/ipsec.rst:263 +#: ../../configuration/vpn/ipsec.rst:267 msgid "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." msgstr "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." @@ -6158,14 +6709,18 @@ msgstr "IKE (Internet Key Exchange) Attributes" msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" -#: ../../configuration/vpn/site2site_ipsec.rst:160 +#: ../../configuration/vpn/site2site_ipsec.rst:163 msgid "IKEv1" msgstr "IKEv1" -#: ../../configuration/vpn/site2site_ipsec.rst:271 +#: ../../configuration/vpn/site2site_ipsec.rst:274 msgid "IKEv2" msgstr "IKEv2" +#: ../../configuration/vpn/ipsec.rst:372 +msgid "IKEv2 IPSec road-warriors remote-access VPN" +msgstr "IKEv2 IPSec road-warriors remote-access VPN" + #: ../../configuration/system/ip.rst:3 msgid "IP" msgstr "IP" @@ -6198,11 +6753,11 @@ msgstr "IPSec IKE and ESP Groups;" msgid "IPSec IKEv2 Remote Access VPN" msgstr "IPSec IKEv2 Remote Access VPN" -#: ../../configuration/vpn/site2site_ipsec.rst:285 +#: ../../configuration/vpn/site2site_ipsec.rst:288 msgid "IPSec IKEv2 site2site VPN" msgstr "IPSec IKEv2 site2site VPN" -#: ../../configuration/vpn/site2site_ipsec.rst:285 +#: ../../configuration/vpn/site2site_ipsec.rst:288 msgid "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)" msgstr "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)" @@ -6218,7 +6773,7 @@ msgstr "IPSec VPN tunnels." msgid "IP address" msgstr "IP address" -#: ../../configuration/service/dhcp-server.rst:202 +#: ../../configuration/service/dhcp-server.rst:208 msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" @@ -6227,19 +6782,19 @@ msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named msgid "IP address ``192.168.2.1/24``" msgstr "IP address ``192.168.2.1/24``" -#: ../../configuration/service/dhcp-server.rst:286 +#: ../../configuration/service/dhcp-server.rst:292 msgid "IP address for DHCP server identifier" msgstr "IP address for DHCP server identifier" -#: ../../configuration/service/dhcp-server.rst:276 +#: ../../configuration/service/dhcp-server.rst:282 msgid "IP address of NTP server" msgstr "IP address of NTP server" -#: ../../configuration/service/dhcp-server.rst:316 +#: ../../configuration/service/dhcp-server.rst:322 msgid "IP address of POP3 server" msgstr "IP address of POP3 server" -#: ../../configuration/service/dhcp-server.rst:311 +#: ../../configuration/service/dhcp-server.rst:317 msgid "IP address of SMTP server" msgstr "IP address of SMTP server" @@ -6255,7 +6810,7 @@ msgstr "IP address of route to match, based on prefix-list." msgid "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.." msgstr "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.." -#: ../../configuration/service/dhcp-server.rst:346 +#: ../../configuration/service/dhcp-server.rst:352 msgid "IP address to exclude from DHCP lease range" msgstr "IP address to exclude from DHCP lease range" @@ -6295,7 +6850,7 @@ msgstr "IP next-hop of route to match, based on type." msgid "IP precedence as defined in :rfc:`791`:" msgstr "IP precedence as defined in :rfc:`791`:" -#: ../../configuration/vpn/l2tp.rst:33 +#: ../../configuration/vpn/l2tp.rst:83 msgid "IP protocol number 50 (ESP)" msgstr "IP protocol number 50 (ESP)" @@ -6307,19 +6862,19 @@ msgstr "IP route source of route to match, based on access-list." msgid "IP route source of route to match, based on prefix-list." msgstr "IP route source of route to match, based on prefix-list." -#: ../../configuration/service/ipoe-server.rst:7 +#: ../../configuration/service/ipoe-server.rst:5 msgid "IPoE Server" msgstr "IPoE Server" -#: ../../configuration/service/ipoe-server.rst:30 +#: ../../configuration/service/ipoe-server.rst:29 msgid "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." msgstr "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." -#: ../../configuration/service/ipoe-server.rst:13 +#: ../../configuration/service/ipoe-server.rst:11 msgid "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." msgstr "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." -#: ../../configuration/service/ipoe-server.rst:152 +#: ../../configuration/service/ipoe-server.rst:153 msgid "IPoE server will listen on interfaces eth1.50 and eth1.51" msgstr "IPoE server will listen on interfaces eth1.50 and eth1.51" @@ -6327,11 +6882,11 @@ msgstr "IPoE server will listen on interfaces eth1.50 and eth1.51" msgid "IPsec" msgstr "IPsec" -#: ../../configuration/vpn/ipsec.rst:172 +#: ../../configuration/vpn/ipsec.rst:176 msgid "IPsec policy matching GRE" msgstr "IPsec policy matching GRE" -#: ../../configuration/service/pppoe-server.rst:346 +#: ../../configuration/service/pppoe-server.rst:604 msgid "IPv4" msgstr "IPv4" @@ -6343,11 +6898,11 @@ msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, msgid "IPv4 Firewall Configuration" msgstr "IPv4 Firewall Configuration" -#: ../../configuration/service/dhcp-server.rst:291 +#: ../../configuration/service/dhcp-server.rst:297 msgid "IPv4 address of next bootstrap server" msgstr "IPv4 address of next bootstrap server" -#: ../../configuration/service/dhcp-server.rst:251 +#: ../../configuration/service/dhcp-server.rst:257 msgid "IPv4 address of router on the client's subnet" msgstr "IPv4 address of router on the client's subnet" @@ -6355,7 +6910,7 @@ msgstr "IPv4 address of router on the client's subnet" msgid "IPv4 or IPv6 source address of NetFlow packets" msgstr "IPv4 or IPv6 source address of NetFlow packets" -#: ../../configuration/protocols/bgp.rst:1099 +#: ../../configuration/protocols/bgp.rst:1121 msgid "IPv4 peering" msgstr "IPv4 peering" @@ -6376,8 +6931,12 @@ msgid "IPv4 server" msgstr "IPv4 server" #: ../../configuration/interfaces/pppoe.rst:244 -#: ../../configuration/service/pppoe-server.rst:267 +#: ../../configuration/service/ipoe-server.rst:256 +#: ../../configuration/service/pppoe-server.rst:341 #: ../../configuration/system/ipv6.rst:3 +#: ../../configuration/vpn/l2tp.rst:286 +#: ../../configuration/vpn/pptp.rst:210 +#: ../../configuration/vpn/sstp.rst:244 msgid "IPv6" msgstr "IPv6" @@ -6385,6 +6944,13 @@ msgstr "IPv6" msgid "IPv6 Access List" msgstr "IPv6 Access List" +#: ../../configuration/service/pppoe-server.rst:381 +#: ../../configuration/vpn/l2tp.rst:325 +#: ../../configuration/vpn/pptp.rst:249 +#: ../../configuration/vpn/sstp.rst:283 +msgid "IPv6 Advanced Options" +msgstr "IPv6 Advanced Options" + #: ../../configuration/interfaces/pppoe.rst:379 msgid "IPv6 DHCPv6-PD Example" msgstr "IPv6 DHCPv6-PD Example" @@ -6417,7 +6983,7 @@ msgstr "IPv6 SLAAC and IA-PD" msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" -#: ../../configuration/service/dhcp-server.rst:628 +#: ../../configuration/service/dhcp-server.rst:636 msgid "IPv6 address ``2001:db8::101`` shall be statically mapped" msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped" @@ -6434,10 +7000,18 @@ msgid "IPv6 address of route to match, based on specified prefix-length. Note th msgstr "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.." #: ../../configuration/service/pppoe-server.rst:270 +msgid "IPv6 client's prefix" +msgstr "IPv6 client's prefix" + +#: ../../configuration/service/pppoe-server.rst:270 msgid "IPv6 client's prefix assignment" msgstr "IPv6 client's prefix assignment" -#: ../../configuration/protocols/bgp.rst:1144 +#: ../../configuration/service/pppoe-server.rst:295 +msgid "IPv6 default client's pool assignment" +msgstr "IPv6 default client's pool assignment" + +#: ../../configuration/protocols/bgp.rst:1166 msgid "IPv6 peering" msgstr "IPv6 peering" @@ -6445,7 +7019,7 @@ msgstr "IPv6 peering" msgid "IPv6 prefix." msgstr "IPv6 prefix." -#: ../../configuration/service/dhcp-server.rst:629 +#: ../../configuration/service/dhcp-server.rst:637 msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" @@ -6457,7 +7031,7 @@ msgstr "IPv6 relay" msgid "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static." msgstr "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static." -#: ../../configuration/service/dhcp-server.rst:502 +#: ../../configuration/service/dhcp-server.rst:508 msgid "IPv6 server" msgstr "IPv6 server" @@ -6477,7 +7051,7 @@ msgstr "IS-IS Global Configuration" msgid "IS-IS SR Configuration" msgstr "IS-IS SR Configuration" -#: ../../configuration/service/dhcp-server.rst:233 +#: ../../configuration/service/dhcp-server.rst:239 msgid "ISC-DHCP Option name" msgstr "ISC-DHCP Option name" @@ -6493,7 +7067,7 @@ msgstr "If **max-threshold** is set but **min-threshold is not, then **min-thres msgid "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." msgstr "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." -#: ../../configuration/pki/index.rst:249 +#: ../../configuration/pki/index.rst:251 msgid "If CA is present, this certificate will be included in generated CRLs" msgstr "If CA is present, this certificate will be included in generated CRLs" @@ -6517,7 +7091,11 @@ msgstr "If :cfgcmd:`strict` is set the BGP session won’t become established un msgid "If ``alias`` is set, it can be used instead of the device when connecting." msgstr "If ``alias`` is set, it can be used instead of the device when connecting." -#: ../../configuration/vpn/l2tp.rst:29 +#: ../../configuration/policy/route-map.rst:204 +msgid "If ``all`` is specified, remove all AS numbers from the AS_PATH of the BGP path's NLRI." +msgstr "If ``all`` is specified, remove all AS numbers from the AS_PATH of the BGP path's NLRI." + +#: ../../configuration/vpn/l2tp.rst:79 msgid "If a local firewall policy is in place on your external interface you will need to allow the ports below:" msgstr "If a local firewall policy is in place on your external interface you will need to allow the ports below:" @@ -6530,7 +7108,7 @@ msgstr "If a registry is not specified, Docker.io will be used as the container msgid "If a response is heard, the lease is abandoned, and the server does not respond to the client. The lease will remain abandoned for a minimum of abandon-lease-time seconds (defaults to 24 hours)." msgstr "If a response is heard, the lease is abandoned, and the server does not respond to the client. The lease will remain abandoned for a minimum of abandon-lease-time seconds (defaults to 24 hours)." -#: ../../configuration/protocols/bgp.rst:771 +#: ../../configuration/protocols/bgp.rst:793 msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used." msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used." @@ -6660,11 +7238,46 @@ msgstr "If the AS-Path for the route has only private ASNs, the private ASNs are msgid "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." msgstr "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." +#: ../../configuration/service/ipoe-server.rst:243 +#: ../../configuration/service/pppoe-server.rst:205 +#: ../../configuration/vpn/l2tp.rst:248 +#: ../../configuration/vpn/pptp.rst:188 +#: ../../configuration/vpn/sstp.rst:221 +msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:233 +#: ../../configuration/service/pppoe-server.rst:195 +#: ../../configuration/vpn/l2tp.rst:238 +#: ../../configuration/vpn/pptp.rst:178 +#: ../../configuration/vpn/sstp.rst:211 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." + #: ../../configuration/vpn/l2tp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." -#: ../../configuration/vpn/l2tp.rst:218 +#: ../../configuration/service/ipoe-server.rst:237 +#: ../../configuration/service/pppoe-server.rst:199 +#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/vpn/pptp.rst:182 +#: ../../configuration/vpn/sstp.rst:215 +msgid "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:240 +#: ../../configuration/service/pppoe-server.rst:202 +#: ../../configuration/vpn/l2tp.rst:245 +#: ../../configuration/vpn/pptp.rst:185 +#: ../../configuration/vpn/sstp.rst:218 +msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." + +#: ../../configuration/service/pppoe-server.rst:219 +#: ../../configuration/vpn/l2tp.rst:262 +#: ../../configuration/vpn/pptp.rst:202 +#: ../../configuration/vpn/sstp.rst:235 msgid "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." msgstr "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." @@ -6688,6 +7301,10 @@ msgstr "If the current queue size is larger than **queue-limit**, then packets w msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +#: ../../configuration/firewall/index.rst:83 +msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" + #: ../../configuration/firewall/index.rst:26 msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" @@ -6705,7 +7322,7 @@ msgstr "If the statically mapped peer is running Cisco IOS, specify the cisco ke msgid "If the system detects an unconfigured wireless device, it will be automatically added the configuration tree, specifying any detected settings (for example, its MAC address) and configured to run in monitor mode." msgstr "If the system detects an unconfigured wireless device, it will be automatically added the configuration tree, specifying any detected settings (for example, its MAC address) and configured to run in monitor mode." -#: ../../configuration/service/conntrack-sync.rst:126 +#: ../../configuration/service/conntrack-sync.rst:130 msgid "If the table is empty and you have a warning message, it means conntrack is not enabled. To enable conntrack, just create a NAT or a firewall rule. :cfgcmd:`set firewall state-policy established action accept`" msgstr "If the table is empty and you have a warning message, it means conntrack is not enabled. To enable conntrack, just create a NAT or a firewall rule. :cfgcmd:`set firewall state-policy established action accept`" @@ -6713,7 +7330,7 @@ msgstr "If the table is empty and you have a warning message, it means conntrack msgid "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." msgstr "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." -#: ../../configuration/vpn/site2site_ipsec.rst:241 +#: ../../configuration/vpn/site2site_ipsec.rst:244 msgid "If there is SNAT rules on eth1, need to add exclude rule" msgstr "If there is SNAT rules on eth1, need to add exclude rule" @@ -6726,14 +7343,21 @@ msgstr "If this command is invoked from configure mode with the ``run`` prefix t msgid "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use." msgstr "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use." -#: ../../configuration/protocols/bgp.rst:768 +#: ../../configuration/protocols/bgp.rst:790 msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." -#: ../../configuration/vpn/sstp.rst:183 +#: ../../configuration/vpn/sstp.rst:189 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." +#: ../../configuration/service/pppoe-server.rst:484 +#: ../../configuration/vpn/l2tp.rst:438 +#: ../../configuration/vpn/pptp.rst:362 +#: ../../configuration/vpn/sstp.rst:396 +msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." +msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." + #: ../../_include/interface-ip.txt:75 msgid "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded." msgstr "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded." @@ -6750,11 +7374,11 @@ msgstr "If this parameter is not set, the default holdoff time is 30 seconds." msgid "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." msgstr "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." -#: ../../configuration/system/login.rst:270 +#: ../../configuration/system/login.rst:274 msgid "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." -#: ../../configuration/system/login.rst:339 +#: ../../configuration/system/login.rst:343 msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." @@ -6786,10 +7410,17 @@ msgstr "If you are responsible for the global addresses assigned to your network msgid "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." msgstr "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." -#: ../../configuration/vpn/l2tp.rst:165 +#: ../../configuration/service/ipoe-server.rst:146 +#: ../../configuration/service/pppoe-server.rst:108 +#: ../../configuration/vpn/l2tp.rst:151 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." +#: ../../configuration/vpn/pptp.rst:91 +#: ../../configuration/vpn/sstp.rst:124 +msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." +msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." + #: ../../configuration/interfaces/openvpn.rst:306 msgid "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." msgstr "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." @@ -6813,6 +7444,10 @@ msgstr "If you enable this, you will probably want to set diversity-factor and c msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." +#: ../../configuration/vpn/ipsec.rst:483 +msgid "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." +msgstr "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." + #: ../../configuration/interfaces/bonding.rst:312 msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." @@ -6849,10 +7484,26 @@ msgstr "If you only want to check if the user account is enabled and can authent msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." +#: ../../configuration/service/ipoe-server.rst:215 +#: ../../configuration/service/pppoe-server.rst:177 +#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/vpn/pptp.rst:160 +#: ../../configuration/vpn/sstp.rst:193 +msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." +msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." + #: ../../configuration/system/console.rst:41 msgid "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." msgstr "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." +#: ../../configuration/vpn/sstp.rst:482 +msgid "If you use a self-signed certificate, do not forget to install CA on the client side." +msgstr "If you use a self-signed certificate, do not forget to install CA on the client side." + +#: ../../configuration/vpn/ipsec.rst:538 +msgid "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." +msgstr "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." + #: ../../configuration/system/flow-accounting.rst:140 msgid "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." msgstr "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." @@ -6861,7 +7512,7 @@ msgstr "If you want to change the maximum number of flows, which are tracking si msgid "If you want to disable a rule but let it in the configuration." msgstr "If you want to disable a rule but let it in the configuration." -#: ../../configuration/system/login.rst:294 +#: ../../configuration/system/login.rst:298 msgid "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." msgstr "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." @@ -6873,7 +7524,7 @@ msgstr "If you want to use existing blacklists you have to create/download a dat msgid "If you want your router to forward DHCP requests to an external DHCP server you can configure the system to act as a DHCP relay agent. The DHCP relay agent works with IPv4 and IPv6 addresses." msgstr "If you want your router to forward DHCP requests to an external DHCP server you can configure the system to act as a DHCP relay agent. The DHCP relay agent works with IPv4 and IPv6 addresses." -#: ../../configuration/protocols/bgp.rst:760 +#: ../../configuration/protocols/bgp.rst:782 msgid "Ignore AS_PATH length when selecting a route" msgstr "Ignore AS_PATH length when selecting a route" @@ -6885,7 +7536,7 @@ msgstr "Ignore VRRP main interface faults" msgid "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License" msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License" -#: ../../configuration/vpn/site2site_ipsec.rst:279 +#: ../../configuration/vpn/site2site_ipsec.rst:282 msgid "Imagine the following topology" msgstr "Imagine the following topology" @@ -6893,11 +7544,35 @@ msgstr "Imagine the following topology" msgid "Immediate" msgstr "Immediate" +#: ../../configuration/pki/index.rst:254 +msgid "Import files to PKI format" +msgstr "Import files to PKI format" + +#: ../../configuration/pki/index.rst:265 +msgid "Import the CAs private key portion to the CLI. This should never leave the system as it is used to decrypt the data. The key is required if you use VyOS as your certificate generator." +msgstr "Import the CAs private key portion to the CLI. This should never leave the system as it is used to decrypt the data. The key is required if you use VyOS as your certificate generator." + +#: ../../configuration/pki/index.rst:280 +msgid "Import the OpenVPN shared secret stored in file to the VyOS CLI." +msgstr "Import the OpenVPN shared secret stored in file to the VyOS CLI." + +#: ../../configuration/pki/index.rst:271 +msgid "Import the certificate from the file to VyOS CLI." +msgstr "Import the certificate from the file to VyOS CLI." + +#: ../../configuration/pki/index.rst:275 +msgid "Import the private key of the certificate to the VyOS CLI. This should never leave the system as it is used to decrypt the data." +msgstr "Import the private key of the certificate to the VyOS CLI. This should never leave the system as it is used to decrypt the data." + +#: ../../configuration/pki/index.rst:261 +msgid "Import the public CA certificate from the defined file to VyOS CLI." +msgstr "Import the public CA certificate from the defined file to VyOS CLI." + #: ../../configuration/protocols/rpki.rst:46 msgid "Imported prefixes during the validation may have values:" msgstr "Imported prefixes during the validation may have values:" -#: ../../configuration/protocols/static.rst:158 +#: ../../configuration/protocols/static.rst:191 msgid "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." @@ -6905,7 +7580,7 @@ msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP msgid "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." msgstr "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." -#: ../../configuration/vpn/ipsec.rst:117 +#: ../../configuration/vpn/ipsec.rst:120 msgid "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." @@ -6945,7 +7620,7 @@ msgstr "In a nutshell, the current implementation provides the following feature msgid "In addition, you can specify many other parameters to get BGP information:" msgstr "In addition, you can specify many other parameters to get BGP information:" -#: ../../configuration/system/login.rst:301 +#: ../../configuration/system/login.rst:305 msgid "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." @@ -6953,12 +7628,16 @@ msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server." msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server." -#: ../../configuration/pki/index.rst:144 -#: ../../configuration/pki/index.rst:159 +#: ../../configuration/pki/index.rst:146 +#: ../../configuration/pki/index.rst:161 #: ../../configuration/pki/pki_cli_import_help.txt:1 msgid "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode." msgstr "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode." +#: ../../configuration/interfaces/pppoe.rst:388 +msgid "In addition we setup IPv6 :abbr:`RA (Router Advertisements)` to make the prefix known on the eth0 link." +msgstr "In addition we setup IPv6 :abbr:`RA (Router Advertisements)` to make the prefix known on the eth0 link." + #: ../../configuration/service/broadcast-relay.rst:48 msgid "In addition you can also disable the whole service without the need to remove it from the current configuration." msgstr "In addition you can also disable the whole service without the need to remove it from the current configuration." @@ -7003,7 +7682,7 @@ msgstr "In firewall bridge rules, the action can be:" msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." -#: ../../configuration/system/login.rst:236 +#: ../../configuration/system/login.rst:240 msgid "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." msgstr "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." @@ -7023,7 +7702,7 @@ msgstr "In order for the system to use and complete unqualified host names, a li msgid "In order to allow for LDP on the local router to exchange label advertisements with other routers, a TCP session will be established between automatically discovered and statically assigned routers. LDP will try to establish a TCP session to the **transport address** of other routers. Therefore for LDP to function properly please make sure the transport address is shown in the routing table and reachable to traffic at all times." msgstr "In order to allow for LDP on the local router to exchange label advertisements with other routers, a TCP session will be established between automatically discovered and statically assigned routers. LDP will try to establish a TCP session to the **transport address** of other routers. Therefore for LDP to function properly please make sure the transport address is shown in the routing table and reachable to traffic at all times." -#: ../../configuration/protocols/bgp.rst:820 +#: ../../configuration/protocols/bgp.rst:842 msgid "In order to control and modify routing information that is exchanged between peers you can use route-map, filter-list, prefix-list, distribute-list." msgstr "In order to control and modify routing information that is exchanged between peers you can use route-map, filter-list, prefix-list, distribute-list." @@ -7039,7 +7718,7 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." -#: ../../configuration/service/dhcp-server.rst:623 +#: ../../configuration/service/dhcp-server.rst:631 msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." @@ -7079,6 +7758,10 @@ msgstr "In our example, we used the key name ``openvpn-1`` which we will referen msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" +#: ../../configuration/vpn/ipsec.rst:411 +msgid "In our example the certificate name is called vyos:" +msgstr "In our example the certificate name is called vyos:" + #: ../../configuration/trafficpolicy/index.rst:906 msgid "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." @@ -7123,7 +7806,11 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." -#: ../../configuration/service/pppoe-server.rst:259 +#: ../../configuration/vpn/ipsec.rst:564 +msgid "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." +msgstr "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." + +#: ../../configuration/service/pppoe-server.rst:333 msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." @@ -7131,7 +7818,7 @@ msgstr "In the example above, the first 499 sessions connect without delay. PADO msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" -#: ../../configuration/system/login.rst:399 +#: ../../configuration/system/login.rst:403 msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." @@ -7151,7 +7838,7 @@ msgstr "In the following example we can see a basic multicast setup:" msgid "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." msgstr "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." -#: ../../configuration/highavailability/index.rst:400 +#: ../../configuration/highavailability/index.rst:410 msgid "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" msgstr "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" @@ -7175,7 +7862,7 @@ msgstr "In this example, we use **masquerade** as the translation address instea msgid "In this example, we will be using the example Quick Start configuration above as a starting point." msgstr "In this example, we will be using the example Quick Start configuration above as a starting point." -#: ../../configuration/highavailability/index.rst:430 +#: ../../configuration/highavailability/index.rst:440 msgid "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." @@ -7191,7 +7878,7 @@ msgstr "In this example we will use the most complicated case: a setup where eac msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default." msgstr "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default." -#: ../../configuration/service/dns.rst:165 +#: ../../configuration/service/dns.rst:152 msgid "In this scenario:" msgstr "In this scenario:" @@ -7319,6 +8006,10 @@ msgstr "Intel® QAT" msgid "Interconnect the global VRF with vrf \"red\" using the veth10 <-> veth 11 pair" msgstr "Interconnect the global VRF with vrf \"red\" using the veth10 <-> veth 11 pair" +#: ../../configuration/service/ids.rst:96 +msgid "Interface **eth0** used to connect to upstream." +msgstr "Interface **eth0** used to connect to upstream." + #: ../../configuration/protocols/isis.rst:146 #: ../../configuration/protocols/ospf.rst:356 #: ../../configuration/protocols/ospf.rst:1139 @@ -7329,7 +8020,7 @@ msgstr "Interface Configuration" msgid "Interface Groups" msgstr "Interface Groups" -#: ../../configuration/protocols/static.rst:64 +#: ../../configuration/protocols/static.rst:87 msgid "Interface Routes" msgstr "Interface Routes" @@ -7367,7 +8058,7 @@ msgid "Interface weight" msgstr "Interface weight" #: ../../configuration/interfaces/index.rst:3 -#: ../../configuration/vrf/index.rst:71 +#: ../../configuration/vrf/index.rst:90 msgid "Interfaces" msgstr "Interfaces" @@ -7388,10 +8079,18 @@ msgstr "Interfaces that participate in the DHCP relay process. If this command i msgid "Interfaces whose DHCP client nameservers to forward requests to." msgstr "Interfaces whose DHCP client nameservers to forward requests to." +#: ../../configuration/service/ids.rst:105 +msgid "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." +msgstr "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." + #: ../../configuration/system/flow-accounting.rst:70 msgid "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" msgstr "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" +#: ../../configuration/vpn/ipsec.rst:374 +msgid "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." +msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:6 msgid "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." msgstr "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." @@ -7412,7 +8111,7 @@ msgstr "Interval in milliseconds" msgid "Interval in minutes between updates (default: 60)" msgstr "Interval in minutes between updates (default: 60)" -#: ../../configuration/protocols/bgp.rst:906 +#: ../../configuration/protocols/bgp.rst:928 msgid "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect” routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." msgstr "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect” routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." @@ -7432,11 +8131,11 @@ msgstr "It's slower than IPsec due to higher protocol overhead and the fact it r msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" -#: ../../configuration/system/option.rst:111 +#: ../../configuration/system/option.rst:141 msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." -#: ../../configuration/system/option.rst:102 +#: ../../configuration/system/option.rst:132 msgid "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." msgstr "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." @@ -7457,11 +8156,11 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b msgid "It is compatible with Cisco (R) AnyConnect (R) clients." msgstr "It is compatible with Cisco (R) AnyConnect (R) clients." -#: ../../configuration/service/dhcp-server.rst:590 +#: ../../configuration/service/dhcp-server.rst:596 msgid "It is connected to ``eth1``" msgstr "It is connected to ``eth1``" -#: ../../configuration/system/login.rst:42 +#: ../../configuration/system/login.rst:46 msgid "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." msgstr "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." @@ -7477,11 +8176,11 @@ msgstr "It is important to note that when creating firewall rules, the DNAT tran msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." -#: ../../configuration/vrf/index.rst:505 +#: ../../configuration/vrf/index.rst:524 msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." -#: ../../configuration/vrf/index.rst:113 +#: ../../configuration/vrf/index.rst:132 msgid "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." @@ -7489,14 +8188,19 @@ msgstr "It is not sufficient to only configure a VRF but VRFs must be maintained msgid "It is not valid to use the `vif 1` option for VLAN aware bridges because VLAN aware bridges assume that all unlabeled packets belong to the default VLAN 1 member and that the VLAN ID of the bridge's parent interface is always 1" msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because VLAN aware bridges assume that all unlabeled packets belong to the default VLAN 1 member and that the VLAN ID of the bridge's parent interface is always 1" -#: ../../configuration/system/login.rst:93 +#: ../../configuration/system/login.rst:97 msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." -#: ../../configuration/vrf/index.rst:496 +#: ../../configuration/vrf/index.rst:515 msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." +#: ../../configuration/protocols/static.rst:64 +#: ../../configuration/protocols/static.rst:132 +msgid "It is possible to specify a static route for ipv6 prefixes using an SRv6 segments instruction. The `/` separator can be used to specify multiple segment instructions." +msgstr "It is possible to specify a static route for ipv6 prefixes using an SRv6 segments instruction. The `/` separator can be used to specify multiple segment instructions." + #: ../../configuration/service/conntrack-sync.rst:30 msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" @@ -7517,7 +8221,7 @@ msgstr "It uses a stochastic model to classify incoming packets into different f msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." -#: ../../configuration/vrf/index.rst:220 +#: ../../configuration/vrf/index.rst:239 msgid "Join a given VRF. This will open a new subshell within the specified VRF." msgstr "Join a given VRF. This will open a new subshell within the specified VRF." @@ -7529,15 +8233,19 @@ msgstr "Jump to a different rule in this route-map on a match." msgid "Juniper EX Switch" msgstr "Juniper EX Switch" +#: ../../configuration/system/option.rst:31 +msgid "Kernel" +msgstr "Kernel" + #: ../../configuration/system/syslog.rst:112 msgid "Kernel messages" msgstr "Kernel messages" -#: ../../configuration/system/login.rst:40 +#: ../../configuration/system/login.rst:44 msgid "Key Based Authentication" msgstr "Key Based Authentication" -#: ../../configuration/pki/index.rst:30 +#: ../../configuration/pki/index.rst:32 msgid "Key Generation" msgstr "Key Generation" @@ -7545,7 +8253,7 @@ msgstr "Key Generation" msgid "Key Management" msgstr "Key Management" -#: ../../configuration/vpn/site2site_ipsec.rst:383 +#: ../../configuration/vpn/site2site_ipsec.rst:386 msgid "Key Parameters:" msgstr "Key Parameters:" @@ -7557,11 +8265,15 @@ msgstr "Key Points:" msgid "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." msgstr "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." -#: ../../configuration/pki/index.rst:167 +#: ../../configuration/vpn/ipsec.rst:381 +msgid "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." +msgstr "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." + +#: ../../configuration/pki/index.rst:169 msgid "Key usage (CLI)" msgstr "Key usage (CLI)" -#: ../../configuration/system/option.rst:58 +#: ../../configuration/system/option.rst:88 msgid "Keyboard Layout" msgstr "Keyboard Layout" @@ -7574,7 +8286,7 @@ msgstr "Keypairs" msgid "Keyword" msgstr "Keyword" -#: ../../configuration/vpn/l2tp.rst:4 +#: ../../configuration/vpn/l2tp.rst:5 msgid "L2TP" msgstr "L2TP" @@ -7606,7 +8318,7 @@ msgstr "L2TPv3 is described in :rfc:`3931`." msgid "L2TPv3 options" msgstr "L2TPv3 options" -#: ../../configuration/vrf/index.rst:399 +#: ../../configuration/vrf/index.rst:418 msgid "L3VPN VRFs" msgstr "L3VPN VRFs" @@ -7635,7 +8347,7 @@ msgstr "LLDP performs functions similar to several proprietary protocols, such a msgid "LNS (L2TP Network Server)" msgstr "LNS (L2TP Network Server)" -#: ../../configuration/vpn/l2tp.rst:91 +#: ../../configuration/vpn/l2tp.rst:272 msgid "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." @@ -7647,11 +8359,11 @@ msgstr "Label Distribution Protocol" msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." -#: ../../configuration/service/dhcp-server.rst:593 +#: ../../configuration/service/dhcp-server.rst:599 msgid "Lease time will be left at the default value which is 24 hours" msgstr "Lease time will be left at the default value which is 24 hours" -#: ../../configuration/service/dhcp-server.rst:336 +#: ../../configuration/service/dhcp-server.rst:342 msgid "Lease timeout in seconds (default: 86400)" msgstr "Lease timeout in seconds (default: 86400)" @@ -7699,15 +8411,19 @@ msgstr "Lifetime in days; default is 365" msgid "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" msgstr "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" +#: ../../configuration/vpn/ipsec.rst:535 +msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." +msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." + #: ../../configuration/loadbalancing/reverse-proxy.rst:162 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" -#: ../../configuration/system/login.rst:112 +#: ../../configuration/system/login.rst:116 msgid "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit must be between 1 and 10 attempts." msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit must be between 1 and 10 attempts." -#: ../../configuration/system/login.rst:118 +#: ../../configuration/system/login.rst:122 msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." @@ -7723,7 +8439,7 @@ msgstr "Limiter" msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." -#: ../../configuration/system/login.rst:381 +#: ../../configuration/system/login.rst:385 msgid "Limits" msgstr "Limits" @@ -7767,7 +8483,7 @@ msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-h msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" -#: ../../configuration/policy/route-map.rst:362 +#: ../../configuration/policy/route-map.rst:365 msgid "List of well-known communities" msgstr "List of well-known communities" @@ -7775,7 +8491,7 @@ msgstr "List of well-known communities" msgid "Listen for DHCP requests on interface ``eth1``." msgstr "Listen for DHCP requests on interface ``eth1``." -#: ../../configuration/vrf/index.rst:118 +#: ../../configuration/vrf/index.rst:137 msgid "Lists VRFs that have been created" msgstr "Lists VRFs that have been created" @@ -7787,7 +8503,7 @@ msgstr "Load-balancing" msgid "Load-balancing algorithms to be used for distributind requests among the vailable servers" msgstr "Load-balancing algorithms to be used for distributind requests among the vailable servers" -#: ../../configuration/highavailability/index.rst:347 +#: ../../configuration/highavailability/index.rst:357 msgid "Load-balancing schedule algorithm:" msgstr "Load-balancing schedule algorithm:" @@ -7795,11 +8511,11 @@ msgstr "Load-balancing schedule algorithm:" msgid "Load Balance" msgstr "Load Balance" -#: ../../configuration/service/pppoe-server.rst:243 +#: ../../configuration/service/pppoe-server.rst:317 msgid "Load Balancing" msgstr "Load Balancing" -#: ../../configuration/system/login.rst:422 +#: ../../configuration/system/login.rst:426 msgid "Load the container image in op-mode." msgstr "Load the container image in op-mode." @@ -7848,11 +8564,11 @@ msgstr "Local User Account" msgid "Local path that includes the known hosts file." msgstr "Local path that includes the known hosts file." -#: ../../configuration/protocols/rpki.rst:145 +#: ../../configuration/protocols/rpki.rst:155 msgid "Local path that includes the private key file of the router." msgstr "Local path that includes the private key file of the router." -#: ../../configuration/protocols/rpki.rst:149 +#: ../../configuration/protocols/rpki.rst:159 msgid "Local path that includes the public key file of the router." msgstr "Local path that includes the public key file of the router." @@ -7864,7 +8580,7 @@ msgstr "Local route" msgid "Locally connect to serial port identified by `<device>`." msgstr "Locally connect to serial port identified by `<device>`." -#: ../../configuration/policy/route-map.rst:273 +#: ../../configuration/policy/route-map.rst:276 msgid "Locally significant administrative distance." msgstr "Locally significant administrative distance." @@ -7918,11 +8634,11 @@ msgstr "Logging to a remote host leaves the local logging configuration intact, msgid "Login/User Management" msgstr "Login/User Management" -#: ../../configuration/system/login.rst:363 +#: ../../configuration/system/login.rst:367 msgid "Login Banner" msgstr "Login Banner" -#: ../../configuration/system/login.rst:383 +#: ../../configuration/system/login.rst:387 msgid "Login limits" msgstr "Login limits" @@ -7981,7 +8697,7 @@ msgstr "MACsec options" msgid "MDI power" msgstr "MDI power" -#: ../../configuration/system/login.rst:91 +#: ../../configuration/system/login.rst:95 msgid "MFA/2FA authentication using OTP (one time passwords)" msgstr "MFA/2FA authentication using OTP (one time passwords)" @@ -8024,11 +8740,11 @@ msgstr "Main structure VyOS firewall cli is shown next:" msgid "Main structure is shown next:" msgstr "Main structure is shown next:" -#: ../../configuration/service/pppoe-server.rst:295 +#: ../../configuration/service/pppoe-server.rst:303 msgid "Maintenance mode" msgstr "Maintenance mode" -#: ../../configuration/service/conntrack-sync.rst:107 +#: ../../configuration/service/conntrack-sync.rst:111 msgid "Make sure conntrack is enabled by running and show connection tracking table." msgstr "Make sure conntrack is enabled by running and show connection tracking table." @@ -8048,7 +8764,7 @@ msgstr "Mandatory Settings" msgid "Manual Neighbor Configuration" msgstr "Manual Neighbor Configuration" -#: ../../configuration/pki/index.rst:336 +#: ../../configuration/pki/index.rst:367 msgid "Manually trigger certificate renewal. This will be done twice a day." msgstr "Manually trigger certificate renewal. This will be done twice a day." @@ -8056,15 +8772,19 @@ msgstr "Manually trigger certificate renewal. This will be done twice a day." msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." -#: ../../configuration/vpn/sstp.rst:223 +#: ../../configuration/service/ipoe-server.rst:166 +#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/vpn/l2tp.rst:171 +#: ../../configuration/vpn/pptp.rst:111 +#: ../../configuration/vpn/sstp.rst:144 msgid "Mark RADIUS server as offline for this given `<time>` in seconds." msgstr "Mark RADIUS server as offline for this given `<time>` in seconds." -#: ../../configuration/pki/index.rst:206 +#: ../../configuration/pki/index.rst:208 msgid "Mark the CAs private key as password protected. User is asked for the password when the key is referenced." msgstr "Mark the CAs private key as password protected. User is asked for the password when the key is referenced." -#: ../../configuration/pki/index.rst:244 +#: ../../configuration/pki/index.rst:246 msgid "Mark the private key as password protected. User is asked for the password when the key is referenced." msgstr "Mark the private key as password protected. User is asked for the password when the key is referenced." @@ -8076,7 +8796,7 @@ msgstr "Match BGP large communities." msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." -#: ../../configuration/firewall/ipv4.rst:440 +#: ../../configuration/firewall/ipv4.rst:463 #: ../../configuration/firewall/ipv6.rst:447 msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -8089,17 +8809,21 @@ msgstr "Match RPKI validation result." msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." -#: ../../configuration/firewall/ipv4.rst:773 +#: ../../configuration/firewall/ipv4.rst:796 #: ../../configuration/firewall/ipv6.rst:783 msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:831 +#: ../../configuration/firewall/ipv4.rst:854 #: ../../configuration/firewall/ipv6.rst:840 msgid "Match against the state of a packet." msgstr "Match against the state of a packet." -#: ../../configuration/firewall/ipv4.rst:620 +#: ../../configuration/firewall/ipv4.rst:336 +msgid "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." +msgstr "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." + +#: ../../configuration/firewall/ipv4.rst:643 #: ../../configuration/firewall/ipv6.rst:630 msgid "Match based on dscp value." msgstr "Match based on dscp value." @@ -8108,16 +8832,16 @@ msgstr "Match based on dscp value." msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:631 +#: ../../configuration/firewall/ipv4.rst:654 #: ../../configuration/firewall/ipv6.rst:641 msgid "Match based on fragment criteria." msgstr "Match based on fragment criteria." -#: ../../configuration/firewall/ipv4.rst:642 +#: ../../configuration/firewall/ipv4.rst:665 msgid "Match based on icmp code and type." msgstr "Match based on icmp code and type." -#: ../../configuration/firewall/ipv4.rst:653 +#: ../../configuration/firewall/ipv4.rst:676 msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." @@ -8147,18 +8871,18 @@ msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" #: ../../configuration/firewall/bridge.rst:239 -#: ../../configuration/firewall/ipv4.rst:663 +#: ../../configuration/firewall/ipv4.rst:686 #: ../../configuration/firewall/ipv6.rst:673 msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" #: ../../configuration/firewall/bridge.rst:248 -#: ../../configuration/firewall/ipv4.rst:674 +#: ../../configuration/firewall/ipv4.rst:697 #: ../../configuration/firewall/ipv6.rst:684 msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:707 +#: ../../configuration/firewall/ipv4.rst:730 #: ../../configuration/firewall/ipv6.rst:717 msgid "Match based on ipsec criteria." msgstr "Match based on ipsec criteria." @@ -8168,35 +8892,35 @@ msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" #: ../../configuration/firewall/bridge.rst:256 -#: ../../configuration/firewall/ipv4.rst:684 +#: ../../configuration/firewall/ipv4.rst:707 #: ../../configuration/firewall/ipv6.rst:694 msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" #: ../../configuration/firewall/bridge.rst:265 -#: ../../configuration/firewall/ipv4.rst:695 +#: ../../configuration/firewall/ipv4.rst:718 #: ../../configuration/firewall/ipv6.rst:705 msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:750 +#: ../../configuration/firewall/ipv4.rst:773 #: ../../configuration/firewall/ipv6.rst:760 #: ../../configuration/policy/route.rst:176 msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:762 +#: ../../configuration/firewall/ipv4.rst:785 #: ../../configuration/firewall/ipv6.rst:772 #: ../../configuration/policy/route.rst:184 msgid "Match based on packet type criteria." msgstr "Match based on packet type criteria." -#: ../../configuration/firewall/ipv4.rst:729 +#: ../../configuration/firewall/ipv4.rst:752 #: ../../configuration/firewall/ipv6.rst:739 msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" -#: ../../configuration/firewall/ipv4.rst:718 +#: ../../configuration/firewall/ipv4.rst:741 #: ../../configuration/firewall/ipv6.rst:728 msgid "Match based on the maximum number of packets to allow in excess of rate." msgstr "Match based on the maximum number of packets to allow in excess of rate." @@ -8209,7 +8933,7 @@ msgstr "Match based on vlan ID. Range is also supported." msgid "Match based on vlan priority(pcp). Range is also supported." msgstr "Match based on vlan priority(pcp). Range is also supported." -#: ../../configuration/firewall/ipv4.rst:801 +#: ../../configuration/firewall/ipv4.rst:824 #: ../../configuration/firewall/ipv6.rst:810 msgid "Match bases on recently seen sources." msgstr "Match bases on recently seen sources." @@ -8224,7 +8948,7 @@ msgstr "Match criteria based on connection mark." msgid "Match criteria based on nat connection status." msgstr "Match criteria based on nat connection status." -#: ../../configuration/firewall/ipv4.rst:345 +#: ../../configuration/firewall/ipv4.rst:368 #: ../../configuration/firewall/ipv6.rst:345 msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." @@ -8237,6 +8961,14 @@ msgstr "Match criteria based on source and/or destination mac-address." msgid "Match domain name" msgstr "Match domain name" +#: ../../configuration/service/ipoe-server.rst:382 +#: ../../configuration/service/pppoe-server.rst:571 +#: ../../configuration/vpn/l2tp.rst:506 +#: ../../configuration/vpn/pptp.rst:430 +#: ../../configuration/vpn/sstp.rst:464 +msgid "Match firewall mark value" +msgstr "Match firewall mark value" + #: ../../configuration/firewall/ipv6.rst:894 #: ../../configuration/policy/route.rst:234 msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." @@ -8250,12 +8982,12 @@ msgstr "Match local preference." msgid "Match route metric." msgstr "Match route metric." -#: ../../configuration/firewall/ipv4.rst:885 +#: ../../configuration/firewall/ipv4.rst:908 #: ../../configuration/policy/route.rst:229 msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." -#: ../../configuration/firewall/ipv4.rst:906 +#: ../../configuration/firewall/ipv4.rst:929 #: ../../configuration/firewall/ipv6.rst:915 msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." @@ -8275,11 +9007,24 @@ msgstr "Matching traffic" msgid "Maximum A-MSDU length 3839 (default) or 7935 octets" msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets" +#: ../../configuration/vpn/l2tp.rst:492 +#: ../../configuration/vpn/pptp.rst:416 +msgid "Maximum Transmission Unit (MTU) (default: **1436**)" +msgstr "Maximum Transmission Unit (MTU) (default: **1436**)" + +#: ../../configuration/service/pppoe-server.rst:538 +msgid "Maximum Transmission Unit (MTU) (default: **1492**)" +msgstr "Maximum Transmission Unit (MTU) (default: **1492**)" + +#: ../../configuration/vpn/sstp.rst:450 +msgid "Maximum Transmission Unit (MTU) (default: **1500**)" +msgstr "Maximum Transmission Unit (MTU) (default: **1500**)" + #: ../../configuration/service/dns.rst:108 msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." -#: ../../configuration/vpn/sstp.rst:159 +#: ../../configuration/vpn/sstp.rst:165 msgid "Maximum number of IPv4 nameservers" msgstr "Maximum number of IPv4 nameservers" @@ -8287,6 +9032,14 @@ msgstr "Maximum number of IPv4 nameservers" msgid "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." msgstr "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." +#: ../../configuration/service/ipoe-server.rst:372 +#: ../../configuration/service/pppoe-server.rst:542 +#: ../../configuration/vpn/l2tp.rst:496 +#: ../../configuration/vpn/pptp.rst:420 +#: ../../configuration/vpn/sstp.rst:454 +msgid "Maximum number of concurrent session start attempts" +msgstr "Maximum number of concurrent session start attempts" + #: ../../configuration/interfaces/wireless.rst:77 msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." @@ -8295,7 +9048,11 @@ msgstr "Maximum number of stations allowed in station table. New stations will b msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." -#: ../../configuration/vpn/sstp.rst:250 +#: ../../configuration/service/ipoe-server.rst:190 +#: ../../configuration/service/pppoe-server.rst:152 +#: ../../configuration/vpn/l2tp.rst:195 +#: ../../configuration/vpn/pptp.rst:135 +#: ../../configuration/vpn/sstp.rst:168 msgid "Maximum number of tries to send Access-Request/Accounting-Request queries" msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries" @@ -8323,6 +9080,10 @@ msgstr "Messages generated internally by syslogd" msgid "Metris version, the default is ``2``" msgstr "Metris version, the default is ``2``" +#: ../../configuration/vpn/ipsec.rst:510 +msgid "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." +msgstr "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." + #: ../../configuration/service/router-advert.rst:1 msgid "Min and max intervals between unsolicited multicast RAs" msgstr "Min and max intervals between unsolicited multicast RAs" @@ -8351,7 +9112,12 @@ msgstr "Modify the time that pim will register suppress a FHR will send register msgid "Monitor, the system passively monitors any kind of wireless traffic" msgstr "Monitor, the system passively monitors any kind of wireless traffic" +#: ../../configuration/service/ipoe-server.rst:390 #: ../../configuration/service/monitoring.rst:2 +#: ../../configuration/service/pppoe-server.rst:583 +#: ../../configuration/vpn/l2tp.rst:518 +#: ../../configuration/vpn/pptp.rst:442 +#: ../../configuration/vpn/sstp.rst:538 msgid "Monitoring" msgstr "Monitoring" @@ -8371,7 +9137,7 @@ msgstr "Most operating systems include native client support for IPsec IKEv2 VPN msgid "Mount a volume into the container" msgstr "Mount a volume into the container" -#: ../../configuration/service/dhcp-server.rst:235 +#: ../../configuration/service/dhcp-server.rst:241 msgid "Multi" msgstr "Multi" @@ -8383,7 +9149,7 @@ msgstr "Multi-client server is the most popular OpenVPN mode on routers. It alwa msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." -#: ../../configuration/service/dhcp-server.rst:359 +#: ../../configuration/service/dhcp-server.rst:365 msgid "Multi: can be specified multiple times." msgstr "Multi: can be specified multiple times." @@ -8428,7 +9194,7 @@ msgstr "Multicast receivers will talk MLD to their local router, so, besides hav msgid "Multiple DNS servers can be defined." msgstr "Multiple DNS servers can be defined." -#: ../../configuration/protocols/rpki.rst:121 +#: ../../configuration/protocols/rpki.rst:135 msgid "Multiple RPKI caching instances can be supplied and they need a preference in which their result sets are used." msgstr "Multiple RPKI caching instances can be supplied and they need a preference in which their result sets are used." @@ -8460,16 +9226,16 @@ msgstr "Multiple interfaces may be specified." msgid "Multiple networks/client IP addresses can be configured." msgstr "Multiple networks/client IP addresses can be configured." -#: ../../configuration/system/login.rst:248 -#: ../../configuration/system/login.rst:317 +#: ../../configuration/system/login.rst:252 +#: ../../configuration/system/login.rst:321 msgid "Multiple servers can be specified." msgstr "Multiple servers can be specified." -#: ../../configuration/service/dns.rst:374 +#: ../../configuration/service/dns.rst:380 msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!" -#: ../../configuration/firewall/ipv4.rst:494 +#: ../../configuration/firewall/ipv4.rst:517 #: ../../configuration/firewall/ipv6.rst:500 msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" @@ -8487,22 +9253,22 @@ msgstr "Multiple users can connect to the same serial device but only one is all msgid "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6." msgstr "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6." -#: ../../configuration/service/dhcp-server.rst:241 #: ../../configuration/service/dhcp-server.rst:247 -#: ../../configuration/service/dhcp-server.rst:252 -#: ../../configuration/service/dhcp-server.rst:272 -#: ../../configuration/service/dhcp-server.rst:287 -#: ../../configuration/service/dhcp-server.rst:292 -#: ../../configuration/service/dhcp-server.rst:297 -#: ../../configuration/service/dhcp-server.rst:302 -#: ../../configuration/service/dhcp-server.rst:307 -#: ../../configuration/service/dhcp-server.rst:327 -#: ../../configuration/service/dhcp-server.rst:332 -#: ../../configuration/service/dhcp-server.rst:337 +#: ../../configuration/service/dhcp-server.rst:253 +#: ../../configuration/service/dhcp-server.rst:258 +#: ../../configuration/service/dhcp-server.rst:278 +#: ../../configuration/service/dhcp-server.rst:293 +#: ../../configuration/service/dhcp-server.rst:298 +#: ../../configuration/service/dhcp-server.rst:303 +#: ../../configuration/service/dhcp-server.rst:308 +#: ../../configuration/service/dhcp-server.rst:313 +#: ../../configuration/service/dhcp-server.rst:333 +#: ../../configuration/service/dhcp-server.rst:338 +#: ../../configuration/service/dhcp-server.rst:343 msgid "N" msgstr "N" -#: ../../configuration/highavailability/index.rst:363 +#: ../../configuration/highavailability/index.rst:373 #: ../../configuration/nat/index.rst:5 msgid "NAT" msgstr "NAT" @@ -8523,6 +9289,10 @@ msgstr "NAT64" msgid "NAT64 client configuration:" msgstr "NAT64 client configuration:" +#: ../../configuration/service/router-advert.rst:84 +msgid "NAT64 prefix mask must be one of: /32, /40, /48, /56, /64 or 96." +msgstr "NAT64 prefix mask must be one of: /32, /40, /48, /56, /64 or 96." + #: ../../configuration/nat/nat64.rst:44 msgid "NAT64 server configuration:" msgstr "NAT64 server configuration:" @@ -8587,7 +9357,15 @@ msgstr "NTP supplies a warning of any impending leap second adjustment, but no i msgid "Name Server" msgstr "Name Server" -#: ../../configuration/service/dhcp-server.rst:356 +#: ../../configuration/vpn/sstp.rst:84 +msgid "Name of installed certificate authority certificate." +msgstr "Name of installed certificate authority certificate." + +#: ../../configuration/vpn/sstp.rst:88 +msgid "Name of installed server certificate." +msgstr "Name of installed server certificate." + +#: ../../configuration/service/dhcp-server.rst:362 msgid "Name of static mapping" msgstr "Name of static mapping" @@ -8595,11 +9373,11 @@ msgstr "Name of static mapping" msgid "Name of the single table Only if set group-metrics single-table." msgstr "Name of the single table Only if set group-metrics single-table." -#: ../../configuration/service/dhcp-server.rst:296 +#: ../../configuration/service/dhcp-server.rst:302 msgid "Name or IPv4 address of TFTP server" msgstr "Name or IPv4 address of TFTP server" -#: ../../configuration/service/dhcp-server.rst:281 +#: ../../configuration/service/dhcp-server.rst:287 msgid "NetBIOS over TCP/IP name server" msgstr "NetBIOS over TCP/IP name server" @@ -8677,6 +9455,10 @@ msgstr "Network management station (NMS) - software which runs on the manager" msgid "Network news subsystem" msgstr "Network news subsystem" +#: ../../configuration/service/ids.rst:87 +msgid "Network to be protected: 192.0.2.0/24 (public IPs use by customers)" +msgstr "Network to be protected: 192.0.2.0/24 (public IPs use by customers)" + #: ../../configuration/service/monitoring.rst:47 msgid "Networks allowed to query this server" msgstr "Networks allowed to query this server" @@ -8693,11 +9475,11 @@ msgstr "Next-hop interface for the route" msgid "Next it is necessary to configure 2FA for OpenConnect:" msgstr "Next it is necessary to configure 2FA for OpenConnect:" -#: ../../configuration/policy/route-map.rst:279 +#: ../../configuration/policy/route-map.rst:282 msgid "Nexthop IP address." msgstr "Nexthop IP address." -#: ../../configuration/policy/route-map.rst:298 +#: ../../configuration/policy/route-map.rst:301 msgid "Nexthop IPv6 address." msgstr "Nexthop IPv6 address." @@ -8705,6 +9487,18 @@ msgstr "Nexthop IPv6 address." msgid "Nexthop IPv6 address to match." msgstr "Nexthop IPv6 address to match." +#: ../../configuration/system/ip.rst:47 +#: ../../configuration/system/ipv6.rst:43 +#: ../../configuration/vrf/index.rst:71 +msgid "Nexthop Tracking" +msgstr "Nexthop Tracking" + +#: ../../configuration/system/ip.rst:49 +#: ../../configuration/system/ipv6.rst:45 +#: ../../configuration/vrf/index.rst:73 +msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." +msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." + #: ../../configuration/protocols/rpki.rst:59 msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 80% of the IPv4 prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2020" msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 80% of the IPv4 prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2020" @@ -8713,7 +9507,7 @@ msgstr "No ROA exists which covers that prefix. Unfortunately this is the case f msgid "No VLAN tagging required by your ISP." msgstr "No VLAN tagging required by your ISP." -#: ../../configuration/protocols/bgp.rst:707 +#: ../../configuration/protocols/bgp.rst:729 msgid "No route is suppressed indefinitely. Maximum-suppress-time defines the maximum time a route can be suppressed before it is re-advertised." msgstr "No route is suppressed indefinitely. Maximum-suppress-time defines the maximum time a route can be suppressed before it is re-advertised." @@ -8753,7 +9547,7 @@ msgstr "Note: certificate names don't matter, we use 'openvpn-local' and 'openvp msgid "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." msgstr "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." -#: ../../configuration/vpn/ipsec.rst:294 +#: ../../configuration/vpn/ipsec.rst:298 #: ../../configuration/vpn/rsa-keys.rst:35 msgid "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." msgstr "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." @@ -8762,11 +9556,11 @@ msgstr "Note the command with the public key (set pki key-pair ipsec-RIGHT publi msgid "Notice" msgstr "Notice" -#: ../../configuration/service/conntrack-sync.rst:194 +#: ../../configuration/service/conntrack-sync.rst:198 msgid "Now configure conntrack-sync service on ``router1`` **and** ``router2``" msgstr "Now configure conntrack-sync service on ``router1`` **and** ``router2``" -#: ../../configuration/vpn/ipsec.rst:297 +#: ../../configuration/vpn/ipsec.rst:301 msgid "Now the noted public keys should be entered on the opposite routers." msgstr "Now the noted public keys should be entered on the opposite routers." @@ -8786,7 +9580,7 @@ msgstr "Now when connecting the user will first be asked for the password and th msgid "Now you are ready to setup IPsec. The key points:" msgstr "Now you are ready to setup IPsec. The key points:" -#: ../../configuration/vpn/ipsec.rst:311 +#: ../../configuration/vpn/ipsec.rst:315 msgid "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." msgstr "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." @@ -8794,6 +9588,10 @@ msgstr "Now you are ready to setup IPsec. You'll need to use an ID instead of ad msgid "Number of antennas on this card" msgstr "Number of antennas on this card" +#: ../../configuration/service/dns.rst:166 +msgid "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." +msgstr "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." + #: ../../configuration/system/syslog.rst:231 msgid "Number of lines to be displayed, default 10" msgstr "Number of lines to be displayed, default 10" @@ -8822,7 +9620,7 @@ msgstr "OSPFv2 (IPv4)" msgid "OSPFv3 (IPv6)" msgstr "OSPFv3 (IPv6)" -#: ../../configuration/system/login.rst:141 +#: ../../configuration/system/login.rst:145 msgid "OTP-key generation" msgstr "OTP-key generation" @@ -8830,7 +9628,7 @@ msgstr "OTP-key generation" msgid "Offloading" msgstr "Offloading" -#: ../../configuration/service/dhcp-server.rst:245 +#: ../../configuration/service/dhcp-server.rst:251 msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" @@ -8842,7 +9640,7 @@ msgstr "Often we need to embed one policy into another one. It is possible to do msgid "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." msgstr "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." -#: ../../configuration/service/conntrack-sync.rst:211 +#: ../../configuration/service/conntrack-sync.rst:215 msgid "On active router run:" msgstr "On active router run:" @@ -8858,7 +9656,7 @@ msgstr "On low rates (below 40Mbit) you may want to tune `quantum` down to somet msgid "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." msgstr "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." -#: ../../configuration/service/conntrack-sync.rst:242 +#: ../../configuration/service/conntrack-sync.rst:246 msgid "On standby router run:" msgstr "On standby router run:" @@ -8866,34 +9664,34 @@ msgstr "On standby router run:" msgid "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." msgstr "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." -#: ../../configuration/vpn/ipsec.rst:181 -#: ../../configuration/vpn/ipsec.rst:239 -#: ../../configuration/vpn/ipsec.rst:299 +#: ../../configuration/vpn/ipsec.rst:185 +#: ../../configuration/vpn/ipsec.rst:243 +#: ../../configuration/vpn/ipsec.rst:303 #: ../../configuration/vpn/rsa-keys.rst:40 msgid "On the LEFT:" msgstr "On the LEFT:" -#: ../../configuration/vpn/ipsec.rst:314 +#: ../../configuration/vpn/ipsec.rst:318 #: ../../configuration/vpn/rsa-keys.rst:59 msgid "On the LEFT (static address):" msgstr "On the LEFT (static address):" -#: ../../configuration/vpn/ipsec.rst:221 +#: ../../configuration/vpn/ipsec.rst:225 msgid "On the RIGHT, setup by analogy and swap local and remote addresses." msgstr "On the RIGHT, setup by analogy and swap local and remote addresses." -#: ../../configuration/vpn/ipsec.rst:250 -#: ../../configuration/vpn/ipsec.rst:305 +#: ../../configuration/vpn/ipsec.rst:254 +#: ../../configuration/vpn/ipsec.rst:309 #: ../../configuration/vpn/rsa-keys.rst:46 msgid "On the RIGHT:" msgstr "On the RIGHT:" -#: ../../configuration/vpn/ipsec.rst:339 +#: ../../configuration/vpn/ipsec.rst:343 #: ../../configuration/vpn/rsa-keys.rst:84 msgid "On the RIGHT (dynamic address):" msgstr "On the RIGHT (dynamic address):" -#: ../../configuration/service/conntrack-sync.rst:207 +#: ../../configuration/service/conntrack-sync.rst:211 msgid "On the active router, you should have information in the internal-cache of conntrack-sync. The same current active connections number should be shown in the external-cache of the standby router" msgstr "On the active router, you should have information in the internal-cache of conntrack-sync. The same current active connections number should be shown in the external-cache of the standby router" @@ -8921,7 +9719,7 @@ msgstr "Once a class has a filter configured, you will also have to define what msgid "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols." msgstr "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols." -#: ../../configuration/protocols/bgp.rst:702 +#: ../../configuration/protocols/bgp.rst:724 msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." @@ -8957,6 +9755,10 @@ msgstr "Once the matching rules are set for a class, you can start configuring h msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." +#: ../../configuration/service/pppoe-server.rst:285 +msgid "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." +msgstr "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." + #: ../../configuration/vpn/openconnect.rst:257 msgid "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded." msgstr "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded." @@ -8965,11 +9767,11 @@ msgstr "Once you commit the above changes you can create a config file in the /c msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." -#: ../../configuration/vpn/sstp.rst:307 +#: ../../configuration/vpn/sstp.rst:478 msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." -#: ../../configuration/protocols/rpki.rst:183 +#: ../../configuration/protocols/rpki.rst:193 msgid "Once your routers are configured to reject RPKI-invalid prefixes, you can test whether the configuration is working correctly using the `RIPE Labs RPKI Test`_ experimental tool." msgstr "Once your routers are configured to reject RPKI-invalid prefixes, you can test whether the configuration is working correctly using the `RIPE Labs RPKI Test`_ experimental tool." @@ -9001,7 +9803,7 @@ msgstr "Only VRRP is supported. Required option." msgid "Only allow certain IP addresses or prefixes to access the https webserver." msgstr "Only allow certain IP addresses or prefixes to access the https webserver." -#: ../../configuration/firewall/ipv4.rst:459 +#: ../../configuration/firewall/ipv4.rst:482 #: ../../configuration/firewall/ipv6.rst:466 msgid "Only in the source criteria, you can specify a mac-address." msgstr "Only in the source criteria, you can specify a mac-address." @@ -9022,7 +9824,7 @@ msgstr "Only request an address from the PPPoE server but do not install any def msgid "Only request an address from the SSTP server but do not install any default route." msgstr "Only request an address from the SSTP server but do not install any default route." -#: ../../configuration/system/login.rst:51 +#: ../../configuration/system/login.rst:55 msgid "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference." msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference." @@ -9030,7 +9832,7 @@ msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note t msgid "Only works with a VXLAN device with external flag set." msgstr "Only works with a VXLAN device with external flag set." -#: ../../configuration/highavailability/index.rst:457 +#: ../../configuration/highavailability/index.rst:467 msgid "Op-mode check virtual-server status" msgstr "Op-mode check virtual-server status" @@ -9055,7 +9857,7 @@ msgid "OpenConnect supports a subset of it's configuration options to be applied msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." #: ../../configuration/interfaces/openvpn.rst:7 -#: ../../configuration/pki/index.rst:117 +#: ../../configuration/pki/index.rst:119 msgid "OpenVPN" msgstr "OpenVPN" @@ -9105,23 +9907,23 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/virtual-ethernet.rst:55 #: ../../configuration/interfaces/wireless.rst:416 #: ../../configuration/interfaces/wwan.rst:79 -#: ../../configuration/pki/index.rst:290 +#: ../../configuration/pki/index.rst:321 #: ../../configuration/protocols/igmp-proxy.rst:73 -#: ../../configuration/protocols/static.rst:183 -#: ../../configuration/service/conntrack-sync.rst:103 +#: ../../configuration/protocols/static.rst:216 +#: ../../configuration/service/conntrack-sync.rst:107 #: ../../configuration/service/console-server.rst:76 #: ../../configuration/service/dhcp-relay.rst:124 #: ../../configuration/service/dhcp-relay.rst:201 -#: ../../configuration/service/dns.rst:195 +#: ../../configuration/service/dns.rst:182 #: ../../configuration/service/lldp.rst:71 #: ../../configuration/service/mdns.rst:79 #: ../../configuration/service/ssh.rst:145 #: ../../configuration/service/webproxy.rst:330 #: ../../configuration/system/default-route.rst:25 #: ../../configuration/system/flow-accounting.rst:175 -#: ../../configuration/vrf/index.rst:111 -#: ../../configuration/vrf/index.rst:323 -#: ../../configuration/vrf/index.rst:503 +#: ../../configuration/vrf/index.rst:130 +#: ../../configuration/vrf/index.rst:342 +#: ../../configuration/vrf/index.rst:522 msgid "Operation" msgstr "Operation" @@ -9131,17 +9933,17 @@ msgid "Operation-mode" msgstr "Operation-mode" #: ../../configuration/firewall/bridge.rst:284 -#: ../../configuration/firewall/ipv4.rst:954 +#: ../../configuration/firewall/ipv4.rst:977 #: ../../configuration/firewall/ipv6.rst:962 msgid "Operation-mode Firewall" msgstr "Operation-mode Firewall" -#: ../../configuration/container/index.rst:143 +#: ../../configuration/container/index.rst:179 msgid "Operation Commands" msgstr "Operation Commands" -#: ../../configuration/service/dhcp-server.rst:412 -#: ../../configuration/service/dhcp-server.rst:664 +#: ../../configuration/service/dhcp-server.rst:418 +#: ../../configuration/service/dhcp-server.rst:672 #: ../../configuration/system/acceleration.rst:42 msgid "Operation Mode" msgstr "Operation Mode" @@ -9151,12 +9953,12 @@ msgid "Operation mode of wireless radio." msgstr "Operation mode of wireless radio." #: ../../configuration/interfaces/wireguard.rst:338 -#: ../../configuration/protocols/bfd.rst:94 -#: ../../configuration/protocols/bfd.rst:175 +#: ../../configuration/protocols/bfd.rst:101 +#: ../../configuration/protocols/bfd.rst:182 msgid "Operational Commands" msgstr "Operational Commands" -#: ../../configuration/protocols/bgp.rst:950 +#: ../../configuration/protocols/bgp.rst:972 #: ../../configuration/protocols/mpls.rst:218 #: ../../configuration/protocols/ospf.rst:609 #: ../../configuration/protocols/ospf.rst:1268 @@ -9164,8 +9966,8 @@ msgstr "Operational Commands" msgid "Operational Mode Commands" msgstr "Operational Mode Commands" -#: ../../configuration/system/ip.rst:47 -#: ../../configuration/system/ipv6.rst:43 +#: ../../configuration/system/ip.rst:60 +#: ../../configuration/system/ipv6.rst:56 msgid "Operational commands" msgstr "Operational commands" @@ -9177,11 +9979,11 @@ msgstr "Option" msgid "Option 43 for UniFI" msgstr "Option 43 for UniFI" -#: ../../configuration/service/dhcp-server.rst:234 +#: ../../configuration/service/dhcp-server.rst:240 msgid "Option description" msgstr "Option description" -#: ../../configuration/service/dhcp-server.rst:232 +#: ../../configuration/service/dhcp-server.rst:238 msgid "Option number" msgstr "Option number" @@ -9211,7 +10013,7 @@ msgstr "Optional" msgid "Optional, if you want to enable uploads, else TFTP server will act as a read-only server." msgstr "Optional, if you want to enable uploads, else TFTP server will act as a read-only server." -#: ../../configuration/system/login.rst:107 +#: ../../configuration/system/login.rst:111 msgid "Optional/default settings" msgstr "Optional/default settings" @@ -9231,12 +10033,11 @@ msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. #: ../../configuration/interfaces/openvpn.rst:631 #: ../../configuration/service/dhcp-relay.rst:53 #: ../../configuration/service/dhcp-relay.rst:160 -#: ../../configuration/service/dhcp-server.rst:224 -#: ../../configuration/vpn/sstp.rst:230 +#: ../../configuration/service/dhcp-server.rst:230 msgid "Options" msgstr "Options" -#: ../../configuration/vpn/ipsec.rst:159 +#: ../../configuration/vpn/ipsec.rst:162 msgid "Options (Global IPsec settings) Attributes" msgstr "Options (Global IPsec settings) Attributes" @@ -9256,7 +10057,7 @@ msgstr "Or **binary** prefixes." msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." -#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/service/pppoe-server.rst:312 msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." @@ -9325,15 +10126,15 @@ msgstr "Overview of defined groups. You see the type, the members, and where the msgid "PBR multiple uplinks" msgstr "PBR multiple uplinks" -#: ../../configuration/vrf/index.rst:244 +#: ../../configuration/vrf/index.rst:263 msgid "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" msgstr "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" -#: ../../configuration/vrf/index.rst:245 +#: ../../configuration/vrf/index.rst:264 msgid "PC2 is in VRF ``blue`` which is the development department" msgstr "PC2 is in VRF ``blue`` which is the development department" -#: ../../configuration/vrf/index.rst:246 +#: ../../configuration/vrf/index.rst:265 msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." @@ -9369,7 +10170,7 @@ msgstr "PIM – Protocol Independent Multicast" msgid "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution." msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution." -#: ../../configuration/pki/index.rst:7 +#: ../../configuration/pki/index.rst:9 msgid "PKI" msgstr "PKI" @@ -9377,7 +10178,14 @@ msgstr "PKI" msgid "PPDU" msgstr "PPDU" -#: ../../configuration/vpn/sstp.rst:174 +#: ../../configuration/service/pppoe-server.rst:453 +#: ../../configuration/vpn/l2tp.rst:407 +#: ../../configuration/vpn/pptp.rst:331 +#: ../../configuration/vpn/sstp.rst:365 +msgid "PPP Advanced Options" +msgstr "PPP Advanced Options" + +#: ../../configuration/vpn/sstp.rst:180 msgid "PPP Settings" msgstr "PPP Settings" @@ -9393,7 +10201,7 @@ msgstr "PPPoE Server" msgid "PPPoE options" msgstr "PPPoE options" -#: ../../configuration/vpn/pptp.rst:4 +#: ../../configuration/vpn/pptp.rst:5 msgid "PPTP-Server" msgstr "PPTP-Server" @@ -9409,11 +10217,11 @@ msgstr "Particularly large networks may wish to run their own RPKI certificate a msgid "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs." msgstr "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs." -#: ../../configuration/vpn/sstp.rst:166 +#: ../../configuration/vpn/sstp.rst:172 msgid "Path to `<file>` pointing to the certificate authority certificate." msgstr "Path to `<file>` pointing to the certificate authority certificate." -#: ../../configuration/vpn/sstp.rst:170 +#: ../../configuration/vpn/sstp.rst:176 msgid "Path to `<file>` pointing to the servers certificate (public portion)." msgstr "Path to `<file>` pointing to the servers certificate (public portion)." @@ -9457,11 +10265,11 @@ msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and msgid "Per default every packet is sampled (that is, the sampling rate is 1)." msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." -#: ../../configuration/service/pppoe-server.rst:323 +#: ../../configuration/service/pppoe-server.rst:556 msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." -#: ../../configuration/system/option.rst:78 +#: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Performance" @@ -9469,11 +10277,11 @@ msgstr "Performance" msgid "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." msgstr "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." -#: ../../configuration/vrf/index.rst:197 +#: ../../configuration/vrf/index.rst:216 msgid "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." msgstr "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." -#: ../../configuration/vrf/index.rst:183 +#: ../../configuration/vrf/index.rst:202 msgid "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." msgstr "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." @@ -9497,7 +10305,7 @@ msgstr "Please, refer to appropiate section for more information about firewall msgid "Please, refer to appropriate section for more information about firewall configuration:" msgstr "Please, refer to appropriate section for more information about firewall configuration:" -#: ../../configuration/service/ipoe-server.rst:23 +#: ../../configuration/service/ipoe-server.rst:21 msgid "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective." msgstr "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective." @@ -9513,7 +10321,7 @@ msgstr "Please refer to the :ref:`ipsec` documentation for the individual IPSec msgid "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options." msgstr "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options." -#: ../../configuration/service/dhcp-server.rst:364 +#: ../../configuration/service/dhcp-server.rst:370 msgid "Please see the :ref:`dhcp-dns-quick-start` configuration." msgstr "Please see the :ref:`dhcp-dns-quick-start` configuration." @@ -9571,7 +10379,11 @@ msgstr "Port Groups" msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" -#: ../../configuration/vpn/sstp.rst:242 +#: ../../configuration/service/ipoe-server.rst:182 +#: ../../configuration/service/pppoe-server.rst:144 +#: ../../configuration/vpn/l2tp.rst:187 +#: ../../configuration/vpn/pptp.rst:127 +#: ../../configuration/vpn/sstp.rst:160 msgid "Port for Dynamic Authorization Extension server (DM/CoA)" msgstr "Port for Dynamic Authorization Extension server (DM/CoA)" @@ -9656,7 +10468,7 @@ msgstr "Preference associated with the default router" msgid "Prefix Conversion" msgstr "Prefix Conversion" -#: ../../configuration/service/dhcp-server.rst:564 +#: ../../configuration/service/dhcp-server.rst:570 msgid "Prefix Delegation" msgstr "Prefix Delegation" @@ -9696,11 +10508,11 @@ msgstr "Prefix to match against." msgid "Prefixes" msgstr "Prefixes" -#: ../../configuration/policy/route-map.rst:212 +#: ../../configuration/policy/route-map.rst:215 msgid "Prepend the existing last AS number (the leftmost ASN) to the AS_PATH." msgstr "Prepend the existing last AS number (the leftmost ASN) to the AS_PATH." -#: ../../configuration/policy/route-map.rst:207 +#: ../../configuration/policy/route-map.rst:210 msgid "Prepend the given string of AS numbers to the AS_PATH of the BGP path's NLRI." msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's NLRI." @@ -9708,11 +10520,11 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's msgid "Principle of SNMP Communication" msgstr "Principle of SNMP Communication" -#: ../../configuration/vrf/index.rst:532 +#: ../../configuration/vrf/index.rst:551 msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination." msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination." -#: ../../configuration/vrf/index.rst:511 +#: ../../configuration/vrf/index.rst:530 msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." @@ -9733,6 +10545,10 @@ msgstr "Priority Queue, as other non-shaping policies, is only useful if your ou msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." +#: ../../configuration/vpn/ipsec.rst:544 +msgid "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." +msgstr "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." + #: ../../configuration/service/monitoring.rst:38 msgid "Prometheus-client" msgstr "Prometheus-client" @@ -9841,7 +10657,7 @@ msgstr "Pseudo Ethernet/MACVLAN options" msgid "Publish a port for the container." msgstr "Publish a port for the container." -#: ../../configuration/container/index.rst:147 +#: ../../configuration/container/index.rst:183 msgid "Pull a new image for container" msgstr "Pull a new image for container" @@ -9875,7 +10691,7 @@ msgstr "R1:" msgid "R1 has 192.0.2.1/24 & 2001:db8::1/64" msgstr "R1 has 192.0.2.1/24 & 2001:db8::1/64" -#: ../../configuration/vrf/index.rst:248 +#: ../../configuration/vrf/index.rst:267 msgid "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" msgstr "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" @@ -9887,12 +10703,11 @@ msgstr "R2:" msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64" msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64" -#: ../../configuration/system/login.rst:234 -#: ../../configuration/vpn/sstp.rst:207 +#: ../../configuration/system/login.rst:238 msgid "RADIUS" msgstr "RADIUS" -#: ../../configuration/service/ipoe-server.rst:111 +#: ../../configuration/service/ipoe-server.rst:112 msgid "RADIUS Setup" msgstr "RADIUS Setup" @@ -9900,6 +10715,14 @@ msgstr "RADIUS Setup" msgid "RADIUS advanced features" msgstr "RADIUS advanced features" +#: ../../configuration/service/ipoe-server.rst:158 +#: ../../configuration/service/pppoe-server.rst:120 +#: ../../configuration/vpn/l2tp.rst:163 +#: ../../configuration/vpn/pptp.rst:103 +#: ../../configuration/vpn/sstp.rst:136 +msgid "RADIUS advanced options" +msgstr "RADIUS advanced options" + #: ../../configuration/vpn/l2tp.rst:139 msgid "RADIUS authentication" msgstr "RADIUS authentication" @@ -9916,11 +10739,15 @@ msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Addr msgid "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" msgstr "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" -#: ../../configuration/system/login.rst:266 +#: ../../configuration/system/login.rst:270 msgid "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." msgstr "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." -#: ../../configuration/vpn/l2tp.rst:163 +#: ../../configuration/service/ipoe-server.rst:144 +#: ../../configuration/service/pppoe-server.rst:106 +#: ../../configuration/vpn/l2tp.rst:149 +#: ../../configuration/vpn/pptp.rst:89 +#: ../../configuration/vpn/sstp.rst:122 msgid "RADIUS source address" msgstr "RADIUS source address" @@ -9928,7 +10755,7 @@ msgstr "RADIUS source address" msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." -#: ../../configuration/service/dhcp-server.rst:256 +#: ../../configuration/service/dhcp-server.rst:262 msgid "RFC 868 time server IPv4 address" msgstr "RFC 868 time server IPv4 address" @@ -9970,8 +10797,8 @@ msgstr "Random-Detect could be useful for heavy traffic. One use of this algorit #: ../../configuration/protocols/static.rst:37 #: ../../configuration/protocols/static.rst:57 -#: ../../configuration/protocols/static.rst:84 -#: ../../configuration/protocols/static.rst:104 +#: ../../configuration/protocols/static.rst:107 +#: ../../configuration/protocols/static.rst:127 msgid "Range is 1 to 255, default is 1." msgstr "Range is 1 to 255, default is 1." @@ -10016,15 +10843,15 @@ msgstr "Re-generated the public/private keyportion which SSH uses to secure conn msgid "Reachable Time" msgstr "Reachable Time" -#: ../../configuration/highavailability/index.rst:388 +#: ../../configuration/highavailability/index.rst:398 msgid "Real server" msgstr "Real server" -#: ../../configuration/highavailability/index.rst:389 +#: ../../configuration/highavailability/index.rst:399 msgid "Real server IP address and port" msgstr "Real server IP address and port" -#: ../../configuration/highavailability/index.rst:404 +#: ../../configuration/highavailability/index.rst:414 msgid "Real server is auto-excluded if port check with this server fail." msgstr "Real server is auto-excluded if port check with this server fail." @@ -10032,7 +10859,11 @@ msgstr "Real server is auto-excluded if port check with this server fail." msgid "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." msgstr "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." -#: ../../configuration/vpn/l2tp.rst:205 +#: ../../configuration/service/ipoe-server.rst:227 +#: ../../configuration/service/pppoe-server.rst:189 +#: ../../configuration/vpn/l2tp.rst:232 +#: ../../configuration/vpn/pptp.rst:172 +#: ../../configuration/vpn/sstp.rst:205 msgid "Received RADIUS attributes have a higher priority than parameters defined within the CLI configuration, refer to the explanation below." msgstr "Received RADIUS attributes have a higher priority than parameters defined within the CLI configuration, refer to the explanation below." @@ -10068,7 +10899,7 @@ msgstr "Redistribution Configuration" msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites." msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites." -#: ../../configuration/service/dns.rst:278 +#: ../../configuration/service/dns.rst:262 msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" @@ -10159,7 +10990,10 @@ msgstr "Remote port" msgid "Remote transmission interval will be multiplied by this value" msgstr "Remote transmission interval will be multiplied by this value" -#: ../../configuration/vpn/l2tp.rst:216 +#: ../../configuration/service/pppoe-server.rst:217 +#: ../../configuration/vpn/l2tp.rst:260 +#: ../../configuration/vpn/pptp.rst:200 +#: ../../configuration/vpn/sstp.rst:233 msgid "Renaming clients interfaces by RADIUS" msgstr "Renaming clients interfaces by RADIUS" @@ -10179,7 +11013,10 @@ msgstr "Request only a temporary address and not form an IA_NA (Identity Associa msgid "Requests are forwarded through ``eth2`` as the `upstream interface`" msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`" -#: ../../configuration/vpn/sstp.rst:95 +#: ../../configuration/service/pppoe-server.rst:442 +#: ../../configuration/vpn/l2tp.rst:396 +#: ../../configuration/vpn/pptp.rst:320 +#: ../../configuration/vpn/sstp.rst:354 msgid "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." msgstr "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." @@ -10191,12 +11028,12 @@ msgstr "Requirements" msgid "Requirements:" msgstr "Requirements:" -#: ../../configuration/firewall/ipv4.rst:926 +#: ../../configuration/firewall/ipv4.rst:949 #: ../../configuration/firewall/ipv6.rst:935 msgid "Requirements to enable synproxy:" msgstr "Requirements to enable synproxy:" -#: ../../configuration/protocols/bgp.rst:1064 +#: ../../configuration/protocols/bgp.rst:1086 #: ../../configuration/protocols/mpls.rst:248 msgid "Reset" msgstr "Reset" @@ -10205,11 +11042,11 @@ msgstr "Reset" msgid "Reset OpenVPN" msgstr "Reset OpenVPN" -#: ../../configuration/system/ipv6.rst:150 +#: ../../configuration/system/ipv6.rst:163 msgid "Reset commands" msgstr "Reset commands" -#: ../../configuration/service/dns.rst:199 +#: ../../configuration/service/dns.rst:186 msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain." msgstr "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain." @@ -10225,7 +11062,7 @@ msgstr "Restart DHCP relay service" msgid "Restart DHCPv6 relay agent immediately." msgstr "Restart DHCPv6 relay agent immediately." -#: ../../configuration/container/index.rst:167 +#: ../../configuration/container/index.rst:203 msgid "Restart a given container" msgstr "Restart a given container" @@ -10233,7 +11070,7 @@ msgstr "Restart a given container" msgid "Restart mDNS repeater service." msgstr "Restart mDNS repeater service." -#: ../../configuration/service/dhcp-server.rst:428 +#: ../../configuration/service/dhcp-server.rst:434 msgid "Restart the DHCP server" msgstr "Restart the DHCP server" @@ -10245,7 +11082,7 @@ msgstr "Restart the IGMP proxy process." msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." -#: ../../configuration/service/dns.rst:204 +#: ../../configuration/service/dns.rst:191 msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." @@ -10263,11 +11100,11 @@ msgstr "Results in:" msgid "Retransmit Timer" msgstr "Retransmit Timer" -#: ../../configuration/service/conntrack-sync.rst:140 +#: ../../configuration/service/conntrack-sync.rst:144 msgid "Retrieve current statistics of connection tracking subsystem." msgstr "Retrieve current statistics of connection tracking subsystem." -#: ../../configuration/service/conntrack-sync.rst:173 +#: ../../configuration/service/conntrack-sync.rst:177 msgid "Retrieve current status of connection tracking subsystem." msgstr "Retrieve current status of connection tracking subsystem." @@ -10287,15 +11124,15 @@ msgstr "Round Robin" msgid "Route Aggregation Configuration" msgstr "Route Aggregation Configuration" -#: ../../configuration/protocols/bgp.rst:682 +#: ../../configuration/protocols/bgp.rst:704 msgid "Route Dampening" msgstr "Route Dampening" -#: ../../configuration/protocols/bgp.rst:1189 +#: ../../configuration/protocols/bgp.rst:1211 msgid "Route Filtering" msgstr "Route Filtering" -#: ../../configuration/protocols/bgp.rst:818 +#: ../../configuration/protocols/bgp.rst:840 msgid "Route Filtering Configuration" msgstr "Route Filtering Configuration" @@ -10311,7 +11148,7 @@ msgstr "Route Map Policy" msgid "Route Redistribution" msgstr "Route Redistribution" -#: ../../configuration/protocols/bgp.rst:904 +#: ../../configuration/protocols/bgp.rst:926 msgid "Route Reflector Configuration" msgstr "Route Reflector Configuration" @@ -10319,7 +11156,7 @@ msgstr "Route Reflector Configuration" msgid "Route Selection" msgstr "Route Selection" -#: ../../configuration/protocols/bgp.rst:737 +#: ../../configuration/protocols/bgp.rst:759 msgid "Route Selection Configuration" msgstr "Route Selection Configuration" @@ -10327,11 +11164,11 @@ msgstr "Route Selection Configuration" msgid "Route and Route6 Policy" msgstr "Route and Route6 Policy" -#: ../../configuration/protocols/bgp.rst:690 +#: ../../configuration/protocols/bgp.rst:712 msgid "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold." msgstr "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold." -#: ../../configuration/protocols/bgp.rst:1191 +#: ../../configuration/protocols/bgp.rst:1213 msgid "Route filter can be applied using a route-map:" msgstr "Route filter can be applied using a route-map:" @@ -10363,7 +11200,7 @@ msgstr "Router Lifetime" msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." -#: ../../configuration/vrf/index.rst:425 +#: ../../configuration/vrf/index.rst:444 msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" @@ -10375,7 +11212,7 @@ msgstr "Routes on Node 2:" msgid "Routes that are sent from provider, rs-server, or the peer local-role (or if received by customer, rs-client, or the peer local-role) will be marked with a new Only to Customer (OTC) attribute." msgstr "Routes that are sent from provider, rs-server, or the peer local-role (or if received by customer, rs-client, or the peer local-role) will be marked with a new Only to Customer (OTC) attribute." -#: ../../configuration/protocols/bgp.rst:662 +#: ../../configuration/protocols/bgp.rst:684 #: ../../configuration/protocols/ospf.rst:92 #: ../../configuration/protocols/rip.rst:64 #: ../../configuration/protocols/static.rst:39 @@ -10391,7 +11228,7 @@ msgstr "Routes with this attribute can only be sent to your neighbor if your loc msgid "Routine" msgstr "Routine" -#: ../../configuration/vrf/index.rst:82 +#: ../../configuration/vrf/index.rst:101 msgid "Routing" msgstr "Routing" @@ -10404,7 +11241,7 @@ msgid "Rule-Sets" msgstr "Rule-Sets" #: ../../configuration/firewall/bridge.rst:287 -#: ../../configuration/firewall/ipv4.rst:957 +#: ../../configuration/firewall/ipv4.rst:980 #: ../../configuration/firewall/ipv6.rst:965 msgid "Rule-set overview" msgstr "Rule-set overview" @@ -10447,7 +11284,7 @@ msgstr "Rules allow to control and route incoming traffic to specific backend ba msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`." msgstr "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`." -#: ../../configuration/service/dns.rst:391 +#: ../../configuration/service/dns.rst:399 msgid "Running Behind NAT" msgstr "Running Behind NAT" @@ -10511,7 +11348,7 @@ msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new s msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." -#: ../../configuration/protocols/rpki.rst:127 +#: ../../configuration/protocols/rpki.rst:141 #: ../../configuration/service/ssh.rst:5 msgid "SSH" msgstr "SSH" @@ -10520,11 +11357,11 @@ msgstr "SSH" msgid "SSH :ref:`ssh_key_based_authentication`" msgstr "SSH :ref:`ssh_key_based_authentication`" -#: ../../configuration/system/login.rst:57 +#: ../../configuration/system/login.rst:61 msgid "SSH :ref:`ssh_operation`" msgstr "SSH :ref:`ssh_operation`" -#: ../../configuration/system/option.rst:44 +#: ../../configuration/system/option.rst:74 msgid "SSH client" msgstr "SSH client" @@ -10532,7 +11369,7 @@ msgstr "SSH client" msgid "SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2." msgstr "SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2." -#: ../../configuration/protocols/rpki.rst:137 +#: ../../configuration/protocols/rpki.rst:151 msgid "SSH username to establish an SSH connection to the cache server." msgstr "SSH username to establish an SSH connection to the cache server." @@ -10545,7 +11382,6 @@ msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" #: ../../configuration/vpn/openconnect.rst:24 -#: ../../configuration/vpn/sstp.rst:162 msgid "SSL Certificates" msgstr "SSL Certificates" @@ -10609,7 +11445,44 @@ msgstr "Scanning is not supported on all wireless drivers and wireless hardware. msgid "Script execution" msgstr "Script execution" +#: ../../configuration/service/ipoe-server.rst:299 +#: ../../configuration/service/pppoe-server.rst:417 +#: ../../configuration/vpn/l2tp.rst:361 +#: ../../configuration/vpn/pptp.rst:285 +#: ../../configuration/vpn/sstp.rst:319 +msgid "Script to run before session interface comes up" +msgstr "Script to run before session interface comes up" + +#: ../../configuration/service/ipoe-server.rst:291 +#: ../../configuration/service/pppoe-server.rst:409 +#: ../../configuration/vpn/l2tp.rst:353 +#: ../../configuration/vpn/pptp.rst:277 +#: ../../configuration/vpn/sstp.rst:311 +msgid "Script to run when session interface changed by RADIUS CoA handling" +msgstr "Script to run when session interface changed by RADIUS CoA handling" + +#: ../../configuration/service/ipoe-server.rst:295 +#: ../../configuration/service/pppoe-server.rst:413 +#: ../../configuration/vpn/l2tp.rst:357 +#: ../../configuration/vpn/pptp.rst:281 +#: ../../configuration/vpn/sstp.rst:315 +msgid "Script to run when session interface going to terminate" +msgstr "Script to run when session interface going to terminate" + +#: ../../configuration/service/ipoe-server.rst:303 +#: ../../configuration/service/pppoe-server.rst:421 +#: ../../configuration/vpn/l2tp.rst:365 +#: ../../configuration/vpn/pptp.rst:289 +#: ../../configuration/vpn/sstp.rst:323 +msgid "Script to run when session interface is completely configured and started" +msgstr "Script to run when session interface is completely configured and started" + #: ../../configuration/highavailability/index.rst:299 +#: ../../configuration/service/ipoe-server.rst:287 +#: ../../configuration/service/pppoe-server.rst:405 +#: ../../configuration/vpn/l2tp.rst:349 +#: ../../configuration/vpn/pptp.rst:273 +#: ../../configuration/vpn/sstp.rst:307 msgid "Scripting" msgstr "Scripting" @@ -10617,7 +11490,11 @@ msgstr "Scripting" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." -#: ../../configuration/vpn/sstp.rst:246 +#: ../../configuration/service/ipoe-server.rst:186 +#: ../../configuration/service/pppoe-server.rst:148 +#: ../../configuration/vpn/l2tp.rst:191 +#: ../../configuration/vpn/pptp.rst:131 +#: ../../configuration/vpn/sstp.rst:164 msgid "Secret for Dynamic Authorization Extension server (DM/CoA)" msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)" @@ -10634,7 +11511,7 @@ msgstr "Security/authentication messages" msgid "See :rfc:`7761#section-4.1` for details." msgstr "See :rfc:`7761#section-4.1` for details." -#: ../../configuration/system/ip.rst:52 +#: ../../configuration/system/ip.rst:65 msgid "See below the different parameters available for the IPv4 **show** command:" msgstr "See below the different parameters available for the IPv4 **show** command:" @@ -10670,7 +11547,7 @@ msgstr "Select TLS version used." msgid "Select cipher suite used for cryptographic operations. This setting is mandatory." msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory." -#: ../../configuration/vrf/index.rst:468 +#: ../../configuration/vrf/index.rst:487 msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." @@ -10694,6 +11571,10 @@ msgstr "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<addre msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." +#: ../../configuration/vpn/l2tp.rst:276 +msgid "Sent to the client (LAC) in the Host-Name attribute" +msgstr "Sent to the client (LAC) in the Host-Name attribute" + #: ../../configuration/system/console.rst:5 msgid "Serial Console" msgstr "Serial Console" @@ -10703,7 +11584,6 @@ msgid "Serial interfaces can be any interface which is directly connected to the msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." #: ../../configuration/interfaces/openvpn.rst:325 -#: ../../configuration/vpn/sstp.rst:210 msgid "Server" msgstr "Server" @@ -10711,7 +11591,7 @@ msgstr "Server" msgid "Server:" msgstr "Server:" -#: ../../configuration/pki/index.rst:210 +#: ../../configuration/pki/index.rst:212 msgid "Server Certificate" msgstr "Server Certificate" @@ -10723,7 +11603,7 @@ msgstr "Server Configuration" msgid "Server Side" msgstr "Server Side" -#: ../../configuration/service/ipoe-server.rst:156 +#: ../../configuration/service/ipoe-server.rst:157 msgid "Server configuration" msgstr "Server configuration" @@ -10748,19 +11628,19 @@ msgstr "Set BFD peer IPv4 address or IPv6 address" msgid "Set BGP community-list to exactly match." msgstr "Set BGP community-list to exactly match." -#: ../../configuration/policy/route-map.rst:318 +#: ../../configuration/policy/route-map.rst:321 msgid "Set BGP local preference attribute." msgstr "Set BGP local preference attribute." -#: ../../configuration/policy/route-map.rst:336 +#: ../../configuration/policy/route-map.rst:339 msgid "Set BGP origin code." msgstr "Set BGP origin code." -#: ../../configuration/policy/route-map.rst:341 +#: ../../configuration/policy/route-map.rst:344 msgid "Set BGP originator ID attribute." msgstr "Set BGP originator ID attribute." -#: ../../configuration/policy/route-map.rst:359 +#: ../../configuration/policy/route-map.rst:362 msgid "Set BGP weight attribute" msgstr "Set BGP weight attribute" @@ -10776,7 +11656,7 @@ msgstr "Set IPSec inbound match criterias, where:" msgid "Set IP fragment match, where:" msgstr "Set IP fragment match, where:" -#: ../../configuration/policy/route-map.rst:331 +#: ../../configuration/policy/route-map.rst:334 msgid "Set OSPF external metric-type." msgstr "Set OSPF external metric-type." @@ -10796,12 +11676,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne msgid "Set SSL certeficate <name> for service <name>" msgstr "Set SSL certeficate <name> for service <name>" -#: ../../configuration/firewall/ipv4.rst:918 +#: ../../configuration/firewall/ipv4.rst:941 #: ../../configuration/firewall/ipv6.rst:927 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" -#: ../../configuration/service/dns.rst:280 +#: ../../configuration/service/dns.rst:264 msgid "Set TTL to 300 seconds" msgstr "Set TTL to 300 seconds" @@ -10825,7 +11705,7 @@ msgstr "Set a destination and/or source port. Accepted input:" msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." -#: ../../configuration/system/login.rst:387 +#: ../../configuration/system/login.rst:391 msgid "Set a limit on the maximum number of concurrent logged-in users on the system." msgstr "Set a limit on the maximum number of concurrent logged-in users on the system." @@ -10864,11 +11744,16 @@ msgstr "Set action to take on entries matching this rule." msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." -#: ../../configuration/vpn/sstp.rst:100 +#: ../../configuration/service/ipoe-server.rst:60 +#: ../../configuration/service/ipoe-server.rst:88 +#: ../../configuration/service/pppoe-server.rst:38 +#: ../../configuration/vpn/l2tp.rst:26 +#: ../../configuration/vpn/pptp.rst:27 +#: ../../configuration/vpn/sstp.rst:53 msgid "Set authentication backend. The configured authentication backend is used for all queries." msgstr "Set authentication backend. The configured authentication backend is used for all queries." -#: ../../configuration/container/index.rst:117 +#: ../../configuration/container/index.rst:122 msgid "Set container capabilities or permissions." msgstr "Set container capabilities or permissions." @@ -10880,6 +11765,19 @@ msgstr "Set delay between gratuitous ARP messages sent on an interface." msgid "Set delay for second set of gratuitous ARPs after transition to MASTER." msgstr "Set delay for second set of gratuitous ARPs after transition to MASTER." +#: ../../configuration/service/ipoe-server.rst:356 +#: ../../configuration/service/pppoe-server.rst:522 +#: ../../configuration/vpn/l2tp.rst:476 +#: ../../configuration/vpn/pptp.rst:400 +#: ../../configuration/vpn/sstp.rst:434 +msgid "Set description." +msgstr "Set description." + +#: ../../configuration/service/dns.rst:227 +#: ../../configuration/service/dns.rst:332 +msgid "Set description `<text>` for dynamic DNS service being configured." +msgstr "Set description `<text>` for dynamic DNS service being configured." + #: ../../configuration/policy/as-path-list.rst:21 msgid "Set description for as-path-list policy." msgstr "Set description for as-path-list policy." @@ -10956,7 +11854,7 @@ msgstr "Set eth1 to be the listening interface for the DHCPv6 relay." msgid "Set execution time in common cron_ time format. A cron `<spec>` of ``30 */6 * * *`` would execute the `<task>` at minute 30 past every 6th hour." msgstr "Set execution time in common cron_ time format. A cron `<spec>` of ``30 */6 * * *`` would execute the `<task>` at minute 30 past every 6th hour." -#: ../../configuration/policy/route-map.rst:251 +#: ../../configuration/policy/route-map.rst:254 msgid "Set extcommunity bandwidth" msgstr "Set extcommunity bandwidth" @@ -11025,6 +11923,10 @@ msgstr "Set maximum number of packets to alow in excess of rate." msgid "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." +#: ../../configuration/vpn/l2tp.rst:72 +msgid "Set mode for IPsec authentication between VyOS and L2TP clients." +msgstr "Set mode for IPsec authentication between VyOS and L2TP clients." + #: ../../configuration/highavailability/index.rst:285 msgid "Set number of gratuitous ARP messages to send at a time after transition to MASTER." msgstr "Set number of gratuitous ARP messages to send at a time after transition to MASTER." @@ -11055,7 +11957,11 @@ msgstr "Set packet modifications: Packet Differentiated Services Codepoint (DSCP msgid "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)." msgstr "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)." -#: ../../configuration/policy/route-map.rst:350 +#: ../../configuration/vpn/l2tp.rst:76 +msgid "Set predefined shared secret phrase." +msgstr "Set predefined shared secret phrase." + +#: ../../configuration/policy/route-map.rst:353 msgid "Set prefixes to table." msgstr "Set prefixes to table." @@ -11063,7 +11969,7 @@ msgstr "Set prefixes to table." msgid "Set proxy for all connections initiated by VyOS, including HTTP, HTTPS, and FTP (anonymous ftp)." msgstr "Set proxy for all connections initiated by VyOS, including HTTP, HTTPS, and FTP (anonymous ftp)." -#: ../../configuration/policy/route-map.rst:260 +#: ../../configuration/policy/route-map.rst:263 msgid "Set route target value in format ``<0-65535:0-4294967295>`` or ``<IP:0-65535>``." msgstr "Set route target value in format ``<0-65535:0-4294967295>`` or ``<IP:0-65535>``." @@ -11080,7 +11986,7 @@ msgstr "Set rule action to drop." msgid "Set service to bind on IP address, by default listen on any IPv4 and IPv6" msgstr "Set service to bind on IP address, by default listen on any IPv4 and IPv6" -#: ../../configuration/policy/route-map.rst:265 +#: ../../configuration/policy/route-map.rst:268 msgid "Set site of origin value in format ``<0-65535:0-4294967295>`` or ``<IP:0-65535>``." msgstr "Set site of origin value in format ``<0-65535:0-4294967295>`` or ``<IP:0-65535>``." @@ -11096,7 +12002,7 @@ msgstr "Set some metric to routes learned from a particular neighbor." msgid "Set source-address to your local IP (LAN)." msgstr "Set source-address to your local IP (LAN)." -#: ../../configuration/policy/route-map.rst:346 +#: ../../configuration/policy/route-map.rst:349 msgid "Set source IP/IPv6 address for route." msgstr "Set source IP/IPv6 address for route." @@ -11105,7 +12011,7 @@ msgstr "Set source IP/IPv6 address for route." msgid "Set source address or prefix to match." msgstr "Set source address or prefix to match." -#: ../../configuration/policy/route-map.rst:354 +#: ../../configuration/policy/route-map.rst:357 msgid "Set tag value for routing protocol." msgstr "Set tag value for routing protocol." @@ -11113,8 +12019,8 @@ msgstr "Set tag value for routing protocol." msgid "Set the \"recursion desired\" bit in requests to the upstream nameserver." msgstr "Set the \"recursion desired\" bit in requests to the upstream nameserver." -#: ../../configuration/policy/route-map.rst:290 -#: ../../configuration/policy/route-map.rst:303 +#: ../../configuration/policy/route-map.rst:293 +#: ../../configuration/policy/route-map.rst:306 msgid "Set the BGP nexthop address to the address of the peer. For an incoming route-map this means the ip address of our peer is used. For an outgoing route-map this means the ip address of our self is used to establish the peering with our neighbor." msgstr "Set the BGP nexthop address to the address of the peer. For an incoming route-map this means the ip address of our peer is used. For an outgoing route-map this means the ip address of our self is used to establish the peering with our neighbor." @@ -11175,6 +12081,10 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." +#: ../../configuration/container/index.rst:99 +msgid "Set the User ID or Group ID of the container" +msgstr "Set the User ID or Group ID of the container" + #: ../../configuration/protocols/pim.rst:147 msgid "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment." msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment." @@ -11259,7 +12169,7 @@ msgstr "Set the name of the x509 client keypair used to authenticate against the msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" -#: ../../configuration/policy/route-map.rst:284 +#: ../../configuration/policy/route-map.rst:287 msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value" msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value" @@ -11271,7 +12181,15 @@ msgstr "Set the number of TCP maximum retransmit attempts." msgid "Set the number of health check failures before an interface is marked as unavailable, range for number is 1 to 10, default 1. Or set the number of successful health checks before an interface is added back to the interface pool, range for number is 1 to 10, default 1." msgstr "Set the number of health check failures before an interface is marked as unavailable, range for number is 1 to 10, default 1. Or set the number of successful health checks before an interface is added back to the interface pool, range for number is 1 to 10, default 1." -#: ../../configuration/system/login.rst:84 +#: ../../configuration/protocols/rpki.rst:121 +msgid "Set the number of seconds the router waits until retrying to connect to the cache server." +msgstr "Set the number of seconds the router waits until retrying to connect to the cache server." + +#: ../../configuration/protocols/rpki.rst:114 +msgid "Set the number of seconds the router waits until the router expires the cache." +msgstr "Set the number of seconds the router waits until the router expires the cache." + +#: ../../configuration/system/login.rst:88 msgid "Set the options for this public key. See the ssh ``authorized_keys`` man page for details of what you can specify here. To place a ``\"`` character in the options field, use ``"``, for example ``from="10.0.0.0/24"`` to restrict where the user may connect from when using this key." msgstr "Set the options for this public key. See the ssh ``authorized_keys`` man page for details of what you can specify here. To place a ``\"`` character in the options field, use ``"``, for example ``from="10.0.0.0/24"`` to restrict where the user may connect from when using this key." @@ -11291,11 +12209,11 @@ msgstr "Set the peer's key used to receive (RX) traffic" msgid "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." -#: ../../configuration/container/index.rst:98 +#: ../../configuration/container/index.rst:103 msgid "Set the restart behavior of the container." msgstr "Set the restart behavior of the container." -#: ../../configuration/policy/route-map.rst:323 +#: ../../configuration/policy/route-map.rst:326 msgid "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED." msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED." @@ -11328,12 +12246,12 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule." msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." -#: ../../configuration/firewall/ipv4.rst:922 +#: ../../configuration/firewall/ipv4.rst:945 #: ../../configuration/firewall/ipv6.rst:931 msgid "Set the window scale factor for TCP window scaling" msgstr "Set the window scale factor for TCP window scaling" -#: ../../configuration/system/login.rst:124 +#: ../../configuration/system/login.rst:128 msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." @@ -11357,7 +12275,7 @@ msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates msgid "Setting VRRP group priority" msgstr "Setting VRRP group priority" -#: ../../configuration/service/dhcp-server.rst:231 +#: ../../configuration/service/dhcp-server.rst:237 msgid "Setting name" msgstr "Setting name" @@ -11389,7 +12307,12 @@ msgstr "Setting up certificates:" msgid "Setting up tunnel:" msgstr "Setting up tunnel:" -#: ../../configuration/service/dhcp-server.rst:373 +#: ../../configuration/system/option.rst:42 +#: ../../configuration/system/option.rst:53 +msgid "Setting will only become active with the next reboot!" +msgstr "Setting will only become active with the next reboot!" + +#: ../../configuration/service/dhcp-server.rst:379 msgid "Setup DHCP failover for network 192.0.2.0/24" msgstr "Setup DHCP failover for network 192.0.2.0/24" @@ -11397,15 +12320,19 @@ msgstr "Setup DHCP failover for network 192.0.2.0/24" msgid "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." msgstr "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." -#: ../../configuration/system/login.rst:262 +#: ../../configuration/system/login.rst:266 msgid "Setup the `<timeout>` in seconds when querying the RADIUS server." msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server." -#: ../../configuration/system/login.rst:331 +#: ../../configuration/system/login.rst:335 msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Setup the `<timeout>` in seconds when querying the TACACS server." -#: ../../configuration/service/dns.rst:327 +#: ../../configuration/service/dns.rst:336 +msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service-name>`." +msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service-name>`." + +#: ../../configuration/service/dns.rst:341 msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes." msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes." @@ -11413,11 +12340,11 @@ msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS p msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." -#: ../../configuration/system/option.rst:31 +#: ../../configuration/system/option.rst:61 msgid "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." msgstr "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." -#: ../../configuration/system/option.rst:36 +#: ../../configuration/system/option.rst:66 msgid "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." msgstr "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." @@ -11445,25 +12372,25 @@ msgstr "Short GI capabilities for 20 and 40 MHz" msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." -#: ../../configuration/vrf/index.rst:488 +#: ../../configuration/vrf/index.rst:507 msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." -#: ../../configuration/protocols/bgp.rst:953 +#: ../../configuration/protocols/bgp.rst:975 #: ../../configuration/protocols/mpls.rst:225 msgid "Show" msgstr "Show" -#: ../../configuration/service/dhcp-server.rst:416 +#: ../../configuration/service/dhcp-server.rst:422 msgid "Show DHCP server daemon log file" msgstr "Show DHCP server daemon log file" -#: ../../configuration/service/dhcp-server.rst:668 +#: ../../configuration/service/dhcp-server.rst:676 msgid "Show DHCPv6 server daemon log file" msgstr "Show DHCPv6 server daemon log file" #: ../../configuration/firewall/bridge.rst:306 -#: ../../configuration/firewall/ipv4.rst:1115 +#: ../../configuration/firewall/ipv4.rst:1138 #: ../../configuration/firewall/ipv6.rst:1138 msgid "Show Firewall log" msgstr "Show Firewall log" @@ -11528,23 +12455,23 @@ msgstr "Show WWAN module model." msgid "Show WWAN module signal strength." msgstr "Show WWAN module signal strength." -#: ../../configuration/container/index.rst:163 +#: ../../configuration/container/index.rst:199 msgid "Show a list available container networks" msgstr "Show a list available container networks" -#: ../../configuration/pki/index.rst:297 +#: ../../configuration/pki/index.rst:328 msgid "Show a list of installed :abbr:`CA (Certificate Authority)` certificates." msgstr "Show a list of installed :abbr:`CA (Certificate Authority)` certificates." -#: ../../configuration/pki/index.rst:332 +#: ../../configuration/pki/index.rst:363 msgid "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`." msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`." -#: ../../configuration/pki/index.rst:315 +#: ../../configuration/pki/index.rst:346 msgid "Show a list of installed certificates" msgstr "Show a list of installed certificates" -#: ../../configuration/protocols/bfd.rst:98 +#: ../../configuration/protocols/bfd.rst:105 msgid "Show all BFD peers" msgstr "Show all BFD peers" @@ -11572,7 +12499,7 @@ msgstr "Show bridge `<name>` mdb displays the current multicast group membership msgid "Show brief interface information." msgstr "Show brief interface information." -#: ../../configuration/system/ipv6.rst:46 +#: ../../configuration/system/ipv6.rst:59 msgid "Show commands" msgstr "Show commands" @@ -11584,11 +12511,11 @@ msgstr "Show configured serial ports and their respective interface configuratio msgid "Show connection data of load balanced traffic:" msgstr "Show connection data of load balanced traffic:" -#: ../../configuration/service/conntrack-sync.rst:132 +#: ../../configuration/service/conntrack-sync.rst:136 msgid "Show connection syncing external cache entries" msgstr "Show connection syncing external cache entries" -#: ../../configuration/service/conntrack-sync.rst:136 +#: ../../configuration/service/conntrack-sync.rst:140 msgid "Show connection syncing internal cache entries" msgstr "Show connection syncing internal cache entries" @@ -11654,44 +12581,44 @@ msgstr "Show list of IPs currently blocked by SSH dynamic-protection." msgid "Show logs for mDNS repeater service." msgstr "Show logs for mDNS repeater service." -#: ../../configuration/container/index.rst:159 +#: ../../configuration/container/index.rst:195 msgid "Show logs from a given container" msgstr "Show logs from a given container" -#: ../../configuration/service/dhcp-server.rst:420 +#: ../../configuration/service/dhcp-server.rst:426 msgid "Show logs from all DHCP client processes." msgstr "Show logs from all DHCP client processes." -#: ../../configuration/service/dhcp-server.rst:672 +#: ../../configuration/service/dhcp-server.rst:680 msgid "Show logs from all DHCPv6 client processes." msgstr "Show logs from all DHCPv6 client processes." -#: ../../configuration/service/dhcp-server.rst:424 +#: ../../configuration/service/dhcp-server.rst:430 msgid "Show logs from specific `interface` DHCP client process." msgstr "Show logs from specific `interface` DHCP client process." -#: ../../configuration/service/dhcp-server.rst:676 +#: ../../configuration/service/dhcp-server.rst:684 msgid "Show logs from specific `interface` DHCPv6 client process." msgstr "Show logs from specific `interface` DHCPv6 client process." -#: ../../configuration/pki/index.rst:311 +#: ../../configuration/pki/index.rst:342 msgid "Show only information for specified Certificate Authority." msgstr "Show only information for specified Certificate Authority." -#: ../../configuration/pki/index.rst:328 +#: ../../configuration/pki/index.rst:359 msgid "Show only information for specified certificate." msgstr "Show only information for specified certificate." -#: ../../configuration/service/dhcp-server.rst:478 -#: ../../configuration/service/dhcp-server.rst:699 +#: ../../configuration/service/dhcp-server.rst:484 +#: ../../configuration/service/dhcp-server.rst:707 msgid "Show only leases in the specified pool." msgstr "Show only leases in the specified pool." -#: ../../configuration/service/dhcp-server.rst:708 +#: ../../configuration/service/dhcp-server.rst:716 msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" -#: ../../configuration/service/dhcp-server.rst:496 +#: ../../configuration/service/dhcp-server.rst:502 msgid "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)" msgstr "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)" @@ -11703,23 +12630,23 @@ msgstr "Show routing table entry for the default route." msgid "Show specific MACsec interface information" msgstr "Show specific MACsec interface information" -#: ../../configuration/vpn/site2site_ipsec.rst:221 +#: ../../configuration/vpn/site2site_ipsec.rst:224 msgid "Show status of new setup:" msgstr "Show status of new setup:" -#: ../../configuration/service/dhcp-server.rst:447 +#: ../../configuration/service/dhcp-server.rst:453 msgid "Show statuses of all active leases:" msgstr "Show statuses of all active leases:" -#: ../../configuration/service/dhcp-server.rst:465 +#: ../../configuration/service/dhcp-server.rst:471 msgid "Show statuses of all active leases granted by local (this server) or remote (failover server):" msgstr "Show statuses of all active leases granted by local (this server) or remote (failover server):" -#: ../../configuration/service/dhcp-server.rst:432 +#: ../../configuration/service/dhcp-server.rst:438 msgid "Show the DHCP server statistics:" msgstr "Show the DHCP server statistics:" -#: ../../configuration/service/dhcp-server.rst:443 +#: ../../configuration/service/dhcp-server.rst:449 msgid "Show the DHCP server statistics for the specified pool." msgstr "Show the DHCP server statistics for the specified pool." @@ -11731,11 +12658,11 @@ msgstr "Show the console server log." msgid "Show the full config uploaded to the QAT device." msgstr "Show the full config uploaded to the QAT device." -#: ../../configuration/container/index.rst:151 +#: ../../configuration/container/index.rst:187 msgid "Show the list of all active containers." msgstr "Show the list of all active containers." -#: ../../configuration/container/index.rst:155 +#: ../../configuration/container/index.rst:191 msgid "Show the local container images." msgstr "Show the local container images." @@ -11747,7 +12674,7 @@ msgstr "Show the logs of a specific Rule-Set." msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv4.rst:1125 +#: ../../configuration/firewall/ipv4.rst:1148 msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." @@ -11764,11 +12691,11 @@ msgstr "Show the route" msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" -#: ../../configuration/protocols/bfd.rst:179 +#: ../../configuration/protocols/bfd.rst:186 msgid "Showing BFD monitored static routes" msgstr "Showing BFD monitored static routes" -#: ../../configuration/service/dhcp-server.rst:684 +#: ../../configuration/service/dhcp-server.rst:692 msgid "Shows status of all assigned leases:" msgstr "Shows status of all assigned leases:" @@ -11796,7 +12723,7 @@ msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" -#: ../../configuration/vpn/site2site_ipsec.rst:427 +#: ../../configuration/vpn/site2site_ipsec.rst:430 msgid "Similar combinations are applicable for the dead-peer-detection." msgstr "Similar combinations are applicable for the dead-peer-detection." @@ -11828,6 +12755,14 @@ msgstr "Since it's a HQ and branch offices setup, we will want all clients to ha msgid "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." msgstr "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." +#: ../../configuration/service/ipoe-server.rst:131 +#: ../../configuration/service/pppoe-server.rst:93 +#: ../../configuration/vpn/l2tp.rst:136 +#: ../../configuration/vpn/pptp.rst:76 +#: ../../configuration/vpn/sstp.rst:109 +msgid "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially. For example:" +msgstr "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially. For example:" + #: ../../configuration/service/mdns.rst:13 msgid "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." msgstr "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." @@ -11836,6 +12771,10 @@ msgstr "Since the mDNS protocol sends the AA records in the packet itself, the r msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." +#: ../../configuration/service/ids.rst:98 +msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" +msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" + #: ../../configuration/interfaces/vxlan.rst:157 msgid "Single VXLAN device (SVD)" msgstr "Single VXLAN device (SVD)" @@ -11857,7 +12796,7 @@ msgstr "Site-to-site mode supports x.509 but doesn't require it and can also wor msgid "Site to Site VPN" msgstr "Site to Site VPN" -#: ../../configuration/pki/index.rst:275 +#: ../../configuration/pki/index.rst:306 msgid "Size of the RSA key." msgstr "Size of the RSA key." @@ -11865,6 +12804,10 @@ msgstr "Size of the RSA key." msgid "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below." msgstr "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below." +#: ../../configuration/service/ids.rst:110 +msgid "So, firewall configuration needed for this setup:" +msgstr "So, firewall configuration needed for this setup:" + #: ../../configuration/nat/nat44.rst:554 msgid "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100." msgstr "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100." @@ -11885,7 +12828,14 @@ msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specif msgid "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." msgstr "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." -#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/service/ipoe-server.rst:140 +#: ../../configuration/service/pppoe-server.rst:102 +#: ../../configuration/vpn/pptp.rst:85 +#: ../../configuration/vpn/sstp.rst:118 +msgid "Some RADIUS severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." +msgstr "Some RADIUS severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." + +#: ../../configuration/vpn/l2tp.rst:145 msgid "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." msgstr "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." @@ -11893,6 +12843,10 @@ msgstr "Some RADIUS_ severs use an access control list which allows or denies qu msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." +#: ../../configuration/container/index.rst:171 +msgid "Some container registries require credentials to be used." +msgstr "Some container registries require credentials to be used." + #: ../../configuration/firewall/general-legacy.rst:38 msgid "Some firewall settings are global and have an affect on the whole system." msgstr "Some firewall settings are global and have an affect on the whole system." @@ -11933,11 +12887,11 @@ msgstr "Some users tend to connect their mobile devices using WireGuard to their msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." -#: ../../configuration/service/dhcp-server.rst:703 +#: ../../configuration/service/dhcp-server.rst:711 msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" -#: ../../configuration/service/dhcp-server.rst:491 +#: ../../configuration/service/dhcp-server.rst:497 msgid "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)" msgstr "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)" @@ -11949,7 +12903,16 @@ msgstr "Source Address" msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." -#: ../../configuration/vpn/sstp.rst:268 +#: ../../configuration/service/ipoe-server.rst:152 +#: ../../configuration/service/ipoe-server.rst:208 +#: ../../configuration/service/pppoe-server.rst:114 +#: ../../configuration/service/pppoe-server.rst:170 +#: ../../configuration/vpn/l2tp.rst:157 +#: ../../configuration/vpn/l2tp.rst:213 +#: ../../configuration/vpn/pptp.rst:97 +#: ../../configuration/vpn/pptp.rst:153 +#: ../../configuration/vpn/sstp.rst:130 +#: ../../configuration/vpn/sstp.rst:186 msgid "Source IPv4 address used in all RADIUS server queires." msgstr "Source IPv4 address used in all RADIUS server queires." @@ -11961,11 +12924,11 @@ msgstr "Source NAT rules" msgid "Source Prefix" msgstr "Source Prefix" -#: ../../configuration/system/login.rst:276 +#: ../../configuration/system/login.rst:280 msgid "Source all connections to the RADIUS servers from given VRF `<name>`." msgstr "Source all connections to the RADIUS servers from given VRF `<name>`." -#: ../../configuration/system/login.rst:345 +#: ../../configuration/system/login.rst:349 msgid "Source all connections to the TACACS servers from given VRF `<name>`." msgstr "Source all connections to the TACACS servers from given VRF `<name>`." @@ -11973,7 +12936,7 @@ msgstr "Source all connections to the TACACS servers from given VRF `<name>`." msgid "Source protocol to match." msgstr "Source protocol to match." -#: ../../configuration/vpn/ipsec.rst:225 +#: ../../configuration/vpn/ipsec.rst:229 msgid "Source tunnel from dummy interface" msgstr "Source tunnel from dummy interface" @@ -12001,15 +12964,48 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings" msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." -#: ../../configuration/vpn/sstp.rst:238 +#: ../../configuration/service/ipoe-server.rst:178 +#: ../../configuration/service/pppoe-server.rst:140 +#: ../../configuration/vpn/l2tp.rst:183 +#: ../../configuration/vpn/pptp.rst:123 +#: ../../configuration/vpn/sstp.rst:156 msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/vpn/sstp.rst:194 +#: ../../configuration/service/pppoe-server.rst:470 +#: ../../configuration/vpn/l2tp.rst:424 +#: ../../configuration/vpn/pptp.rst:348 +#: ../../configuration/vpn/sstp.rst:382 +msgid "Specifies IPv4 negotiation preference." +msgstr "Specifies IPv4 negotiation preference." + +#: ../../configuration/service/pppoe-server.rst:345 +#: ../../configuration/vpn/l2tp.rst:289 +#: ../../configuration/vpn/pptp.rst:213 +#: ../../configuration/vpn/sstp.rst:247 +msgid "Specifies IPv6 negotiation preference." +msgstr "Specifies IPv6 negotiation preference." + +#: ../../configuration/service/pppoe-server.rst:552 +msgid "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" +msgstr "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" + +#: ../../configuration/service/pppoe-server.rst:502 +#: ../../configuration/vpn/l2tp.rst:456 +#: ../../configuration/vpn/pptp.rst:380 +#: ../../configuration/vpn/sstp.rst:414 +msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." +msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." + +#: ../../configuration/vpn/sstp.rst:200 msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference." msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference." -#: ../../configuration/vrf/index.rst:477 +#: ../../configuration/service/ipoe-server.rst:81 +msgid "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." +msgstr "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." + +#: ../../configuration/vrf/index.rst:496 msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." @@ -12017,6 +13013,13 @@ msgstr "Specifies an optional route-map to be applied to routes imported or expo msgid "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." msgstr "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." +#: ../../configuration/service/pppoe-server.rst:388 +#: ../../configuration/vpn/l2tp.rst:332 +#: ../../configuration/vpn/pptp.rst:256 +#: ../../configuration/vpn/sstp.rst:290 +msgid "Specifies fixed or random interface identifier for IPv6. By default is fixed." +msgstr "Specifies fixed or random interface identifier for IPv6. By default is fixed." + #: ../../configuration/service/webproxy.rst:173 msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." @@ -12025,15 +13028,36 @@ msgstr "Specifies how long squid assumes an externally validated username:passwo msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." +#: ../../configuration/service/pppoe-server.rst:462 +#: ../../configuration/vpn/l2tp.rst:416 +#: ../../configuration/vpn/pptp.rst:340 +#: ../../configuration/vpn/sstp.rst:374 +msgid "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." +msgstr "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." + #: ../../configuration/interfaces/bonding.rst:40 msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" +#: ../../configuration/service/pppoe-server.rst:396 +#: ../../configuration/vpn/l2tp.rst:340 +#: ../../configuration/vpn/pptp.rst:264 +#: ../../configuration/vpn/sstp.rst:298 +msgid "Specifies peer interface identifier for IPv6. By default is fixed." +msgstr "Specifies peer interface identifier for IPv6. By default is fixed." + #: ../../configuration/service/webproxy.rst:81 msgid "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." msgstr "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." -#: ../../configuration/vpn/sstp.rst:110 +#: ../../configuration/service/ipoe-server.rst:348 +msgid "Specifies relay agent IP addre" +msgstr "Specifies relay agent IP addre" + +#: ../../configuration/service/pppoe-server.rst:70 +#: ../../configuration/vpn/l2tp.rst:52 +#: ../../configuration/vpn/pptp.rst:54 +#: ../../configuration/vpn/sstp.rst:79 msgid "Specifies single `<gateway>` IP address to be used as local address of PPP interfaces." msgstr "Specifies single `<gateway>` IP address to be used as local address of PPP interfaces." @@ -12057,7 +13081,7 @@ msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algori msgid "Specifies the base DN under which the users are located." msgstr "Specifies the base DN under which the users are located." -#: ../../configuration/service/dhcp-server.rst:239 +#: ../../configuration/service/dhcp-server.rst:245 msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." @@ -12094,22 +13118,33 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4 msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." -#: ../../configuration/vrf/index.rst:452 +#: ../../configuration/vrf/index.rst:471 msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." -#: ../../configuration/vrf/index.rst:445 +#: ../../configuration/vrf/index.rst:464 msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." -#: ../../configuration/vpn/sstp.rst:281 +#: ../../configuration/service/ipoe-server.rst:224 +#: ../../configuration/service/pppoe-server.rst:186 +#: ../../configuration/vpn/l2tp.rst:229 +#: ../../configuration/vpn/pptp.rst:169 +#: ../../configuration/vpn/sstp.rst:202 msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." -#: ../../configuration/vpn/sstp.rst:188 +#: ../../configuration/vpn/sstp.rst:194 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." +#: ../../configuration/service/pppoe-server.rst:490 +#: ../../configuration/vpn/l2tp.rst:444 +#: ../../configuration/vpn/pptp.rst:368 +#: ../../configuration/vpn/sstp.rst:402 +msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." +msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." + #: ../../configuration/interfaces/vxlan.rst:77 msgid "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used." msgstr "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used." @@ -12122,28 +13157,47 @@ msgstr "Specifies whether the VXLAN device is capable of vni filtering." msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." -#: ../../configuration/vpn/sstp.rst:272 +#: ../../configuration/service/ipoe-server.rst:212 +#: ../../configuration/vpn/l2tp.rst:217 +#: ../../configuration/vpn/pptp.rst:157 +#: ../../configuration/vpn/sstp.rst:190 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." +#: ../../configuration/service/pppoe-server.rst:174 +msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." +msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." + +#: ../../configuration/service/ipoe-server.rst:344 +msgid "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." +msgstr "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." + #: ../../configuration/service/ssh.rst:45 msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined." msgstr "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined." -#: ../../configuration/firewall/ipv4.rst:401 +#: ../../configuration/service/ids.rst:51 +msgid "Specify IPv4 and/or IPv6 networks that should be protected/monitored." +msgstr "Specify IPv4 and/or IPv6 networks that should be protected/monitored." + +#: ../../configuration/service/ids.rst:38 +msgid "Specify IPv4 and/or IPv6 networks which are going to be excluded." +msgstr "Specify IPv4 and/or IPv6 networks which are going to be excluded." + +#: ../../configuration/firewall/ipv4.rst:424 #: ../../configuration/firewall/ipv6.rst:408 msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." -#: ../../configuration/service/dhcp-server.rst:550 +#: ../../configuration/service/dhcp-server.rst:556 msgid "Specify a NIS+ server address for DHCPv6 clients." msgstr "Specify a NIS+ server address for DHCPv6 clients." -#: ../../configuration/service/dhcp-server.rst:545 +#: ../../configuration/service/dhcp-server.rst:551 msgid "Specify a NIS server address for DHCPv6 clients." msgstr "Specify a NIS server address for DHCPv6 clients." -#: ../../configuration/service/dhcp-server.rst:555 +#: ../../configuration/service/dhcp-server.rst:561 msgid "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients." msgstr "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients." @@ -12167,6 +13221,14 @@ msgstr "Specify an alternate AS for this BGP process when interacting with the s msgid "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." msgstr "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." +#: ../../configuration/service/dns.rst:254 +msgid "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." +msgstr "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." + +#: ../../configuration/service/ipoe-server.rst:339 +msgid "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" +msgstr "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" + #: ../../configuration/service/ntp.rst:84 #: ../../configuration/service/ssh.rst:110 #: ../../configuration/system/syslog.rst:79 @@ -12181,11 +13243,11 @@ msgstr "Specify nexthop on the path to the destination, ``ipv4-address`` can be msgid "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." msgstr "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." -#: ../../configuration/system/login.rst:245 +#: ../../configuration/system/login.rst:249 msgid "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." -#: ../../configuration/system/login.rst:314 +#: ../../configuration/system/login.rst:318 msgid "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." @@ -12225,7 +13287,7 @@ msgstr "Specify the systems `<timezone>` as the Region/Location that best define msgid "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:" msgstr "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:" -#: ../../configuration/service/dns.rst:269 +#: ../../configuration/service/dns.rst:283 msgid "Specify timeout / update interval to check if IP address changed." msgstr "Specify timeout / update interval to check if IP address changed." @@ -12233,6 +13295,10 @@ msgstr "Specify timeout / update interval to check if IP address changed." msgid "Specify timeout interval for keepalive message in seconds." msgstr "Specify timeout interval for keepalive message in seconds." +#: ../../configuration/service/ipoe-server.rst:97 +msgid "Specify where interface is shared by multiple users or it is vlan-per-user." +msgstr "Specify where interface is shared by multiple users or it is vlan-per-user." + #: ../../configuration/interfaces/vxlan.rst:191 msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." @@ -12285,7 +13351,7 @@ msgstr "Starting with VyOS 1.2 a :abbr:`mDNS (Multicast DNS)` repeater functiona msgid "Static" msgstr "Static" -#: ../../configuration/service/dhcp-server.rst:189 +#: ../../configuration/service/dhcp-server.rst:195 msgid "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used." msgstr "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used." @@ -12314,12 +13380,12 @@ msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured man msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." #: ../../configuration/service/dhcp-server.rst:174 -#: ../../configuration/service/dhcp-server.rst:621 +#: ../../configuration/service/dhcp-server.rst:629 msgid "Static mappings" msgstr "Static mappings" -#: ../../configuration/service/dhcp-server.rst:460 -#: ../../configuration/service/dhcp-server.rst:694 +#: ../../configuration/service/dhcp-server.rst:466 +#: ../../configuration/service/dhcp-server.rst:702 msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." @@ -12384,7 +13450,7 @@ msgstr "Supported versions of RIP are:" msgid "Supports as HELPER for configured grace period." msgstr "Supports as HELPER for configured grace period." -#: ../../configuration/vpn/ipsec.rst:178 +#: ../../configuration/vpn/ipsec.rst:182 msgid "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" msgstr "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" @@ -12404,17 +13470,17 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect msgid "Sync groups" msgstr "Sync groups" -#: ../../configuration/firewall/ipv4.rst:911 +#: ../../configuration/firewall/ipv4.rst:934 #: ../../configuration/firewall/ipv6.rst:920 msgid "Synproxy" msgstr "Synproxy" -#: ../../configuration/firewall/ipv4.rst:912 +#: ../../configuration/firewall/ipv4.rst:935 #: ../../configuration/firewall/ipv6.rst:921 msgid "Synproxy connections" msgstr "Synproxy connections" -#: ../../configuration/firewall/ipv4.rst:929 +#: ../../configuration/firewall/ipv4.rst:952 #: ../../configuration/firewall/ipv6.rst:938 msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" @@ -12484,23 +13550,23 @@ msgstr "System identifier: ``1921.6800.1002`` - for system idetifiers we recomme msgid "System is unusable - a panic condition" msgstr "System is unusable - a panic condition" -#: ../../configuration/system/login.rst:299 +#: ../../configuration/system/login.rst:303 msgid "TACACS+" msgstr "TACACS+" -#: ../../configuration/system/login.rst:418 +#: ../../configuration/system/login.rst:422 msgid "TACACS Example" msgstr "TACACS Example" -#: ../../configuration/system/login.rst:305 +#: ../../configuration/system/login.rst:309 msgid "TACACS is defined in :rfc:`8907`." msgstr "TACACS is defined in :rfc:`8907`." -#: ../../configuration/system/login.rst:335 +#: ../../configuration/system/login.rst:339 msgid "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." msgstr "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." -#: ../../configuration/protocols/static.rst:140 +#: ../../configuration/protocols/static.rst:173 #: ../../configuration/system/flow-accounting.rst:83 msgid "TBD" msgstr "TBD" @@ -12553,15 +13619,19 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" -#: ../../configuration/vpn/sstp.rst:227 +#: ../../configuration/service/ipoe-server.rst:170 +#: ../../configuration/service/pppoe-server.rst:132 +#: ../../configuration/vpn/l2tp.rst:175 +#: ../../configuration/vpn/pptp.rst:115 +#: ../../configuration/vpn/sstp.rst:148 msgid "Temporary disable this RADIUS server." msgstr "Temporary disable this RADIUS server." -#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:262 msgid "Temporary disable this RADIUS server. It won't be queried." msgstr "Temporary disable this RADIUS server. It won't be queried." -#: ../../configuration/system/login.rst:327 +#: ../../configuration/system/login.rst:331 msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." @@ -12589,7 +13659,7 @@ msgstr "Test disconnecting given connection-oriented interface. `<interface>` ca msgid "Test from the IPv6 only client:" msgstr "Test from the IPv6 only client:" -#: ../../configuration/vpn/sstp.rst:305 +#: ../../configuration/vpn/sstp.rst:374 msgid "Testing SSTP" msgstr "Testing SSTP" @@ -12621,7 +13691,7 @@ msgstr "The ASP has documented their IPSec requirements:" msgid "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." msgstr "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." -#: ../../configuration/vrf/index.rst:94 +#: ../../configuration/vrf/index.rst:113 msgid "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." msgstr "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." @@ -12661,7 +13731,7 @@ msgstr "The Intel AX200 card does not work out of the box in AP mode, see https: msgid "The OID ``.1.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116``, once called, will contain the output of the extension." msgstr "The OID ``.1.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116``, once called, will contain the output of the extension." -#: ../../configuration/vpn/pptp.rst:6 +#: ../../configuration/vpn/pptp.rst:7 msgid "The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in VyOS only for backwards compatibility. PPTP has many well known security issues and you should use one of the many other new VPN implementations." msgstr "The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in VyOS only for backwards compatibility. PPTP has many well known security issues and you should use one of the many other new VPN implementations." @@ -12701,19 +13771,19 @@ msgstr "The VXLAN specification was originally created by VMware, Arista Network msgid "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server." msgstr "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server." -#: ../../configuration/service/dns.rst:173 +#: ../../configuration/service/dns.rst:160 msgid "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64" msgstr "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64" -#: ../../configuration/service/dns.rst:171 +#: ../../configuration/service/dns.rst:158 msgid "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6" msgstr "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6" -#: ../../configuration/service/dns.rst:175 +#: ../../configuration/service/dns.rst:162 msgid "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server." msgstr "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server." -#: ../../configuration/pki/index.rst:254 +#: ../../configuration/pki/index.rst:285 msgid "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol." msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol." @@ -12770,7 +13840,11 @@ msgstr "The ``https`` service listens on port 443 with backend `bk-default` to h msgid "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." msgstr "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." -#: ../../configuration/vpn/l2tp.rst:176 +#: ../../configuration/service/ipoe-server.rst:154 +#: ../../configuration/service/pppoe-server.rst:116 +#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/vpn/pptp.rst:99 +#: ../../configuration/vpn/sstp.rst:132 msgid "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." msgstr "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." @@ -12787,11 +13861,11 @@ msgstr "The above directory and default-config must be a child directory of /con msgid "The action can be :" msgstr "The action can be :" -#: ../../configuration/pki/index.rst:271 +#: ../../configuration/pki/index.rst:302 msgid "The address the server listens to during http-01 challenge" msgstr "The address the server listens to during http-01 challenge" -#: ../../configuration/protocols/bgp.rst:775 +#: ../../configuration/protocols/bgp.rst:797 msgid "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology." msgstr "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology." @@ -12803,7 +13877,7 @@ msgstr "The allocated address block is 100.64.0.0/10." msgid "The amount of Duplicate Address Detection probes to send." msgstr "The amount of Duplicate Address Detection probes to send." -#: ../../configuration/protocols/bgp.rst:835 +#: ../../configuration/protocols/bgp.rst:857 msgid "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." msgstr "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." @@ -12823,11 +13897,15 @@ msgstr "The bonding interface provides a method for aggregating multiple network msgid "The case of ingress shaping" msgstr "The case of ingress shaping" -#: ../../configuration/service/pppoe-server.rst:385 +#: ../../configuration/service/pppoe-server.rst:644 +msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." +msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." + +#: ../../configuration/service/pppoe-server.rst:644 msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use." msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use." -#: ../../configuration/service/ipoe-server.rst:90 +#: ../../configuration/service/ipoe-server.rst:91 msgid "The clients :abbr:`CPE (Customer Premises Equipment)` can now communicate via IPv4 or IPv6. All devices behind ``2001:db8::a00:27ff:fe2f:d806/64`` can use addresses from ``2001:db8:1::/56`` and can globally communicate without the need of any NAT rules." msgstr "The clients :abbr:`CPE (Customer Premises Equipment)` can now communicate via IPv4 or IPv6. All devices behind ``2001:db8::a00:27ff:fe2f:d806/64`` can use addresses from ``2001:db8:1::/56`` and can globally communicate without the need of any NAT rules." @@ -12839,7 +13917,7 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." -#: ../../configuration/service/pppoe-server.rst:231 +#: ../../configuration/service/pppoe-server.rst:305 msgid "The command below enables it, assuming the RADIUS connection has been setup and is working." msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working." @@ -12855,9 +13933,9 @@ msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote syst msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" -#: ../../configuration/service/dhcp-server.rst:210 -#: ../../configuration/service/dhcp-server.rst:601 -#: ../../configuration/service/dhcp-server.rst:644 +#: ../../configuration/service/dhcp-server.rst:216 +#: ../../configuration/service/dhcp-server.rst:608 +#: ../../configuration/service/dhcp-server.rst:652 msgid "The configuration will look as follows:" msgstr "The configuration will look as follows:" @@ -12881,6 +13959,10 @@ msgstr "The connection tracking table contains one entry for each connection bei msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" +#: ../../configuration/service/pppoe-server.rst:299 +msgid "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" +msgstr "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" + #: ../../configuration/service/ntp.rst:29 msgid "The current protocol is version 4 (NTPv4), which is a proposed standard as documented in :rfc:`5905`. It is backward compatible with version 3, specified in :rfc:`1305`." msgstr "The current protocol is version 4 (NTPv4), which is a proposed standard as documented in :rfc:`5905`. It is backward compatible with version 3, specified in :rfc:`1305`." @@ -12905,7 +13987,7 @@ msgstr "The default hostname used is `vyos`." msgid "The default is 1492." msgstr "The default is 1492." -#: ../../configuration/service/dhcp-server.rst:526 +#: ../../configuration/service/dhcp-server.rst:532 msgid "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds." msgstr "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds." @@ -12937,6 +14019,14 @@ msgstr "The default value is 3." msgid "The default value is 3 packets." msgstr "The default value is 3 packets." +#: ../../configuration/protocols/rpki.rst:124 +msgid "The default value is 600 seconds." +msgstr "The default value is 600 seconds." + +#: ../../configuration/protocols/rpki.rst:117 +msgid "The default value is 7200 seconds." +msgstr "The default value is 7200 seconds." + #: ../../configuration/service/dhcp-server.rst:99 msgid "The default value is 86400 seconds which corresponds to one day." msgstr "The default value is 86400 seconds which corresponds to one day." @@ -12987,15 +14077,19 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." -#: ../../configuration/service/pppoe-server.rst:369 +#: ../../configuration/service/pppoe-server.rst:627 +msgid "The example below covers a dual-stack configuration." +msgstr "The example below covers a dual-stack configuration." + +#: ../../configuration/service/pppoe-server.rst:627 msgid "The example below covers a dual-stack configuration via pppoe-server." msgstr "The example below covers a dual-stack configuration via pppoe-server." -#: ../../configuration/service/pppoe-server.rst:348 +#: ../../configuration/service/pppoe-server.rst:606 msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." -#: ../../configuration/service/ipoe-server.rst:35 +#: ../../configuration/service/ipoe-server.rst:34 msgid "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." msgstr "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." @@ -13023,7 +14117,7 @@ msgstr "The first IP in the container network is reserved by the engine and cann msgid "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." msgstr "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." -#: ../../configuration/vpn/ipsec.rst:174 +#: ../../configuration/vpn/ipsec.rst:178 msgid "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." @@ -13039,14 +14133,18 @@ msgstr "The first ip address is the RP's address and the second value is the mat msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." -#: ../../configuration/vpn/sstp.rst:311 +#: ../../configuration/vpn/sstp.rst:484 msgid "The following PPP configuration tests MSCHAP-v2:" msgstr "The following PPP configuration tests MSCHAP-v2:" -#: ../../configuration/system/login.rst:143 +#: ../../configuration/system/login.rst:147 msgid "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" msgstr "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" +#: ../../configuration/protocols/bgp.rst:664 +msgid "The following command uses the explicit-null label value for all the BGP instances." +msgstr "The following command uses the explicit-null label value for all the BGP instances." + #: ../../configuration/interfaces/openvpn.rst:708 msgid "The following commands let you check tunnel status." msgstr "The following commands let you check tunnel status." @@ -13059,7 +14157,7 @@ msgstr "The following commands let you reset OpenVPN." msgid "The following commands translate to \"--net host\" when the container is created" msgstr "The following commands translate to \"--net host\" when the container is created" -#: ../../configuration/vrf/index.rst:101 +#: ../../configuration/vrf/index.rst:120 msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" @@ -13083,6 +14181,10 @@ msgstr "The following configuration reverse-proxy terminate SSL." msgid "The following configuration will assign a /64 prefix out of a /56 delegation to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64. If you do not know the prefix size delegated to you, start with sla-len 0." msgstr "The following configuration will assign a /64 prefix out of a /56 delegation to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64. If you do not know the prefix size delegated to you, start with sla-len 0." +#: ../../configuration/interfaces/pppoe.rst:383 +msgid "The following configuration will setup a PPPoE session source from eth1 and assign a /64 prefix out of a /56 delegation (requested from the ISP) to eth0. The IPv6 address assigned to eth0 will be <prefix>::1/64. If you do not know the prefix size delegated to you, start with sla-len 0." +msgstr "The following configuration will setup a PPPoE session source from eth1 and assign a /64 prefix out of a /56 delegation (requested from the ISP) to eth0. The IPv6 address assigned to eth0 will be <prefix>::1/64. If you do not know the prefix size delegated to you, start with sla-len 0." + #: ../../configuration/policy/examples.rst:155 msgid "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." msgstr "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." @@ -13095,7 +14197,7 @@ msgstr "The following example creates a WAP. When configuring multiple WAP inter msgid "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." msgstr "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." -#: ../../configuration/vrf/index.rst:237 +#: ../../configuration/vrf/index.rst:256 msgid "The following example topology was built using EVE-NG." msgstr "The following example topology was built using EVE-NG." @@ -13140,7 +14242,7 @@ msgstr "The forwarding delay time is the time spent in each of the listening and msgid "The generated configuration will look like:" msgstr "The generated configuration will look like:" -#: ../../configuration/pki/index.rst:107 +#: ../../configuration/pki/index.rst:109 msgid "The generated parameters are then output to the console." msgstr "The generated parameters are then output to the console." @@ -13168,7 +14270,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w msgid "The hostname or IP address of the master" msgstr "The hostname or IP address of the master" -#: ../../configuration/service/dhcp-server.rst:632 +#: ../../configuration/service/dhcp-server.rst:640 msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." @@ -13212,7 +14314,7 @@ msgstr "The legacy and zone-based firewall configuration options is not longer s msgid "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." msgstr "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." -#: ../../configuration/policy/route-map.rst:255 +#: ../../configuration/policy/route-map.rst:258 msgid "The link bandwidth extended community is encoded as non-transitive" msgstr "The link bandwidth extended community is encoded as non-transitive" @@ -13240,6 +14342,10 @@ msgstr "The main points regarding this packet flow and terminology used in VyOS msgid "The main structure VyOS firewall cli is shown next:" msgstr "The main structure VyOS firewall cli is shown next:" +#: ../../configuration/firewall/index.rst:92 +msgid "The main structure of the VyOS firewall CLI is shown next:" +msgstr "The main structure of the VyOS firewall CLI is shown next:" + #: ../../configuration/interfaces/bonding.rst:271 msgid "The maximum number of targets that can be specified is 16. The default value is no IP address." msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address." @@ -13272,11 +14378,15 @@ msgstr "The multicast-group used by all leaves for this vlan extension. Has to b msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." +#: ../../configuration/service/dns.rst:171 +msgid "The netmask or domain that EDNS Client Subnet should be enabled for in outgoing queries." +msgstr "The netmask or domain that EDNS Client Subnet should be enabled for in outgoing queries." + #: ../../configuration/service/dhcp-server.rst:13 msgid "The network topology is declared by shared-network-name and the subnet declarations. The DHCP service can serve multiple shared networks, with each shared network having 1 or more subnets. Each subnet must be present on an interface. A range can be declared inside a subnet to define a pool of dynamic addresses. Multiple ranges can be defined and can contain holes. Static mappings can be set to assign \"static\" addresses to clients based on their MAC address." msgstr "The network topology is declared by shared-network-name and the subnet declarations. The DHCP service can serve multiple shared networks, with each shared network having 1 or more subnets. Each subnet must be present on an interface. A range can be declared inside a subnet to define a pool of dynamic addresses. Multiple ranges can be defined and can contain holes. Static mappings can be set to assign \"static\" addresses to clients based on their MAC address." -#: ../../configuration/service/conntrack-sync.rst:188 +#: ../../configuration/service/conntrack-sync.rst:192 msgid "The next example is a simple configuration of conntrack-sync." msgstr "The next example is a simple configuration of conntrack-sync." @@ -13324,7 +14434,7 @@ msgstr "The outgoing interface to perform the translation on" msgid "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." msgstr "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." -#: ../../configuration/vpn/ipsec.rst:235 +#: ../../configuration/vpn/ipsec.rst:239 msgid "The peer names RIGHT and LEFT are used as informational text." msgstr "The peer names RIGHT and LEFT are used as informational text." @@ -13332,7 +14442,7 @@ msgstr "The peer names RIGHT and LEFT are used as informational text." msgid "The peer with lower priority will become the key server and start distributing SAKs." msgstr "The peer with lower priority will become the key server and start distributing SAKs." -#: ../../configuration/vrf/index.rst:181 +#: ../../configuration/vrf/index.rst:200 msgid "The ping command is used to test whether a network host is reachable or not." msgstr "The ping command is used to test whether a network host is reachable or not." @@ -13352,7 +14462,7 @@ msgstr "The prefix and ASN that originated it match a signed ROA. These are prob msgid "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements." msgstr "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements." -#: ../../configuration/service/dhcp-server.rst:375 +#: ../../configuration/service/dhcp-server.rst:381 msgid "The primary DHCP server uses address `192.168.189.252`" msgstr "The primary DHCP server uses address `192.168.189.252`" @@ -13368,11 +14478,11 @@ msgstr "The primary option is only valid for active-backup, transmit-load-balanc msgid "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections." msgstr "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections." -#: ../../configuration/service/dhcp-server.rst:539 +#: ../../configuration/service/dhcp-server.rst:545 msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" -#: ../../configuration/vrf/index.rst:222 +#: ../../configuration/vrf/index.rst:241 msgid "The prompt is adjusted to reflect this change in both config and op-mode." msgstr "The prompt is adjusted to reflect this change in both config and op-mode." @@ -13400,7 +14510,7 @@ msgstr "The public IP address of the local side of the VPN will be 198.51.100.10 msgid "The public IP address of the remote side of the VPN will be 203.0.113.11." msgstr "The public IP address of the remote side of the VPN will be 203.0.113.11." -#: ../../configuration/service/ipoe-server.rst:130 +#: ../../configuration/service/ipoe-server.rst:131 #: ../../configuration/vpn/l2tp.rst:120 msgid "The rate-limit is set in kbit/sec." msgstr "The rate-limit is set in kbit/sec." @@ -13421,6 +14531,10 @@ msgstr "The remote site will have a subnet of 10.1.0.0/16." msgid "The remote user will use the openconnect client to connect to the router and will receive an IP address from a VPN pool, allowing full access to the network." msgstr "The remote user will use the openconnect client to connect to the router and will receive an IP address from a VPN pool, allowing full access to the network." +#: ../../configuration/service/dns.rst:161 +msgid "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." +msgstr "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." + #: ../../configuration/interfaces/openvpn.rst:458 msgid "The required config file may look like this:" msgstr "The required config file may look like this:" @@ -13465,7 +14579,7 @@ msgstr "The sFlow accounting based on hsflowd https://sflow.net/" msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." -#: ../../configuration/vpn/ipsec.rst:227 +#: ../../configuration/vpn/ipsec.rst:231 msgid "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." msgstr "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." @@ -13473,7 +14587,7 @@ msgstr "The scheme above doesn't work when one of the routers has a dynamic exte msgid "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`." msgstr "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`." -#: ../../configuration/service/dhcp-server.rst:376 +#: ../../configuration/service/dhcp-server.rst:382 msgid "The secondary DHCP server uses address `192.168.189.253`" msgstr "The secondary DHCP server uses address `192.168.189.253`" @@ -13533,11 +14647,14 @@ msgstr "The type can be the following: asbr-summary, external, network, nssa-ext msgid "The ultimate goal of classifying traffic is to give each class a different treatment." msgstr "The ultimate goal of classifying traffic is to give each class a different treatment." -#: ../../configuration/service/ipoe-server.rst:18 +#: ../../configuration/service/ipoe-server.rst:16 msgid "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." -#: ../../configuration/vpn/l2tp.rst:221 +#: ../../configuration/service/pppoe-server.rst:222 +#: ../../configuration/vpn/l2tp.rst:265 +#: ../../configuration/vpn/pptp.rst:205 +#: ../../configuration/vpn/sstp.rst:238 msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." @@ -13549,7 +14666,11 @@ msgstr "The vendor-class-id option can be used to request a specific class of ve msgid "The veth devices are virtual Ethernet devices. They can act as tunnels between network namespaces to create a bridge to a physical network device in another namespace or VRF, but can also be used as standalone network devices." msgstr "The veth devices are virtual Ethernet devices. They can act as tunnels between network namespaces to create a bridge to a physical network device in another namespace or VRF, but can also be used as standalone network devices." -#: ../../configuration/system/login.rst:138 +#: ../../configuration/service/router-advert.rst:86 +msgid "The well known NAT64 prefix is ``64:ff9b::/96``" +msgstr "The well known NAT64 prefix is ``64:ff9b::/96``" + +#: ../../configuration/system/login.rst:142 msgid "The window size must be between 1 and 21." msgstr "The window size must be between 1 and 21." @@ -13557,6 +14678,10 @@ msgstr "The window size must be between 1 and 21." msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +#: ../../configuration/service/ids.rst:125 +msgid "Then, FastNetMon configuration:" +msgstr "Then, FastNetMon configuration:" + #: ../../configuration/nat/nat44.rst:621 msgid "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE." msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE." @@ -13596,7 +14721,7 @@ msgstr "There are a lot of matching criteria against which the packet can be tes msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." -#: ../../configuration/system/ipv6.rst:92 +#: ../../configuration/system/ipv6.rst:105 msgid "There are different parameters for getting prefix-list information:" msgstr "There are different parameters for getting prefix-list information:" @@ -13612,7 +14737,7 @@ msgstr "There are many parameters you will be able to use in order to match the msgid "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" msgstr "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" -#: ../../configuration/service/ipoe-server.rst:153 +#: ../../configuration/service/ipoe-server.rst:154 msgid "There are rate-limited and non rate-limited users (MACs)" msgstr "There are rate-limited and non rate-limited users (MACs)" @@ -13628,7 +14753,7 @@ msgstr "There are three modes of operation for a wireless interface:" msgid "There are two types of Network Admins who deal with BGP, those who have created an international incident and/or outage, and those who are lying" msgstr "There are two types of Network Admins who deal with BGP, those who have created an international incident and/or outage, and those who are lying" -#: ../../configuration/protocols/bgp.rst:896 +#: ../../configuration/protocols/bgp.rst:918 msgid "There are two ways that help us to mitigate the BGPs full-mesh requirement in a network:" msgstr "There are two ways that help us to mitigate the BGPs full-mesh requirement in a network:" @@ -13757,7 +14882,7 @@ msgstr "This command allows peerings between directly connected eBGP peers using msgid "This command allows sessions to be established with eBGP neighbors when they are multiple hops away. When the neighbor is not directly connected and this knob is not enabled, the session will not establish. The number of hops range is 1 to 255. This command is mutually exclusive with :cfgcmd:`ttl-security hops`." msgstr "This command allows sessions to be established with eBGP neighbors when they are multiple hops away. When the neighbor is not directly connected and this knob is not enabled, the session will not establish. The number of hops range is 1 to 255. This command is mutually exclusive with :cfgcmd:`ttl-security hops`." -#: ../../configuration/protocols/bgp.rst:812 +#: ../../configuration/protocols/bgp.rst:834 msgid "This command allows the router to prefer route to specified prefix learned via IGP through backdoor link instead of a route to the same prefix learned via EBGP." msgstr "This command allows the router to prefer route to specified prefix learned via IGP through backdoor link instead of a route to the same prefix learned via EBGP." @@ -13814,19 +14939,19 @@ msgstr "This command allows you to select a specific access concentrator when yo msgid "This command applies route-map to selectively unsuppress prefixes suppressed by summarisation." msgstr "This command applies route-map to selectively unsuppress prefixes suppressed by summarisation." -#: ../../configuration/protocols/bgp.rst:867 +#: ../../configuration/protocols/bgp.rst:889 msgid "This command applies the AS path access list filters named in <name> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` specify the direction in which the AS path access list are applied." msgstr "This command applies the AS path access list filters named in <name> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` specify the direction in which the AS path access list are applied." -#: ../../configuration/protocols/bgp.rst:843 +#: ../../configuration/protocols/bgp.rst:865 msgid "This command applies the access list filters named in <number> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` specify the direction in which the access list are applied." msgstr "This command applies the access list filters named in <number> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` specify the direction in which the access list are applied." -#: ../../configuration/protocols/bgp.rst:851 +#: ../../configuration/protocols/bgp.rst:873 msgid "This command applies the prfefix list filters named in <name> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` specify the direction in which the prefix list are applied." msgstr "This command applies the prfefix list filters named in <name> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` specify the direction in which the prefix list are applied." -#: ../../configuration/protocols/bgp.rst:859 +#: ../../configuration/protocols/bgp.rst:881 msgid "This command applies the route map named in <name> to the specified BGP neighbor to control and modify routing information that is exchanged between peers. The arguments :cfgcmd:`export` and :cfgcmd:`import` specify the direction in which the route map are applied." msgstr "This command applies the route map named in <name> to the specified BGP neighbor to control and modify routing information that is exchanged between peers. The arguments :cfgcmd:`export` and :cfgcmd:`import` specify the direction in which the route map are applied." @@ -13854,7 +14979,7 @@ msgstr "This command can be used to filter the RIP path using prefix lists. :cfg msgid "This command can be used with previous command to sets default RIP distance to specified value when the route source IP address matches the specified prefix and the specified access-list." msgstr "This command can be used with previous command to sets default RIP distance to specified value when the route source IP address matches the specified prefix and the specified access-list." -#: ../../configuration/protocols/bgp.rst:652 +#: ../../configuration/protocols/bgp.rst:674 msgid "This command change distance value of BGP. The arguments are the distance values for external routes, internal routes and local routes respectively. The distance range is 1 to 255." msgstr "This command change distance value of BGP. The arguments are the distance values for external routes, internal routes and local routes respectively. The distance range is 1 to 255." @@ -13878,7 +15003,7 @@ msgstr "This command change distance value of OSPFv3 globally. The distance rang msgid "This command change the distance value of RIP. The distance range is 1 to 255." msgstr "This command change the distance value of RIP. The distance range is 1 to 255." -#: ../../configuration/protocols/bgp.rst:638 +#: ../../configuration/protocols/bgp.rst:650 msgid "This command changes the eBGP behavior of FRR. By default FRR enables :rfc:`8212` functionality which affects how eBGP routes are advertised, namely no routes are advertised across eBGP sessions without some sort of egress route-map/policy in place. In VyOS however we have this RFC functionality disabled by default so that we can preserve backwards compatibility with older versions of VyOS. With this option one can enable :rfc:`8212` functionality to operate." msgstr "This command changes the eBGP behavior of FRR. By default FRR enables :rfc:`8212` functionality which affects how eBGP routes are advertised, namely no routes are advertised across eBGP sessions without some sort of egress route-map/policy in place. In VyOS however we have this RFC functionality disabled by default so that we can preserve backwards compatibility with older versions of VyOS. With this option one can enable :rfc:`8212` functionality to operate." @@ -13954,23 +15079,23 @@ msgstr "This command defines matching parameters for access list rule. Matching msgid "This command defines the IS-IS router behavior:" msgstr "This command defines the IS-IS router behavior:" -#: ../../configuration/protocols/bgp.rst:720 +#: ../../configuration/protocols/bgp.rst:742 msgid "This command defines the accumulated penalty amount at which the route is re-advertised. The penalty range is 1 to 20000." msgstr "This command defines the accumulated penalty amount at which the route is re-advertised. The penalty range is 1 to 20000." -#: ../../configuration/protocols/bgp.rst:726 +#: ../../configuration/protocols/bgp.rst:748 msgid "This command defines the accumulated penalty amount at which the route is suppressed. The penalty range is 1 to 20000." msgstr "This command defines the accumulated penalty amount at which the route is suppressed. The penalty range is 1 to 20000." -#: ../../configuration/protocols/bgp.rst:713 +#: ../../configuration/protocols/bgp.rst:735 msgid "This command defines the amount of time in minutes after which a penalty is reduced by half. The timer range is 10 to 45 minutes." msgstr "This command defines the amount of time in minutes after which a penalty is reduced by half. The timer range is 10 to 45 minutes." -#: ../../configuration/protocols/bgp.rst:595 +#: ../../configuration/protocols/bgp.rst:601 msgid "This command defines the maximum number of parallel routes that the BGP can support. In order for BGP to use the second path, the following attributes have to match: Weight, Local Preference, AS Path (both AS number and AS path length), Origin code, MED, IGP metric. Also, the next hop address for each path must be different." msgstr "This command defines the maximum number of parallel routes that the BGP can support. In order for BGP to use the second path, the following attributes have to match: Weight, Local Preference, AS Path (both AS number and AS path length), Origin code, MED, IGP metric. Also, the next hop address for each path must be different." -#: ../../configuration/protocols/bgp.rst:732 +#: ../../configuration/protocols/bgp.rst:754 msgid "This command defines the maximum time in minutes that a route is suppressed. The timer range is 1 to 255 minutes." msgstr "This command defines the maximum time in minutes that a route is suppressed. The timer range is 1 to 255 minutes." @@ -13997,7 +15122,7 @@ msgstr "This command disables check of the MTU value in the OSPF DBD packets. Th msgid "This command disables it." msgstr "This command disables it." -#: ../../configuration/protocols/bgp.rst:607 +#: ../../configuration/protocols/bgp.rst:619 msgid "This command disables route reflection between route reflector clients. By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. However, if the clients are fully meshed, route reflection is not required. In this case, use the :cfgcmd:`no-client-to-client-reflection` command to disable client-to-client reflection." msgstr "This command disables route reflection between route reflector clients. By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. However, if the clients are fully meshed, route reflection is not required. In this case, use the :cfgcmd:`no-client-to-client-reflection` command to disable client-to-client reflection." @@ -14009,23 +15134,23 @@ msgstr "This command disables split-horizon on the interface. By default, VyOS d msgid "This command disables the load sharing across multiple LFA backups." msgstr "This command disables the load sharing across multiple LFA backups." -#: ../../configuration/protocols/bgp.rst:1009 +#: ../../configuration/protocols/bgp.rst:1031 msgid "This command displays BGP dampened routes." msgstr "This command displays BGP dampened routes." -#: ../../configuration/protocols/bgp.rst:1032 +#: ../../configuration/protocols/bgp.rst:1054 msgid "This command displays BGP received-routes that are accepted after filtering." msgstr "This command displays BGP received-routes that are accepted after filtering." -#: ../../configuration/protocols/bgp.rst:1022 +#: ../../configuration/protocols/bgp.rst:1044 msgid "This command displays BGP routes advertised to a neighbor." msgstr "This command displays BGP routes advertised to a neighbor." -#: ../../configuration/protocols/bgp.rst:1017 +#: ../../configuration/protocols/bgp.rst:1039 msgid "This command displays BGP routes allowed by the specified AS Path access list." msgstr "This command displays BGP routes allowed by the specified AS Path access list." -#: ../../configuration/protocols/bgp.rst:1026 +#: ../../configuration/protocols/bgp.rst:1048 msgid "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled." msgstr "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled." @@ -14052,11 +15177,11 @@ msgstr "This command displays a summary table with a database contents (LSA)." msgid "This command displays a table of paths to area boundary and autonomous system boundary routers." msgstr "This command displays a table of paths to area boundary and autonomous system boundary routers." -#: ../../configuration/protocols/bgp.rst:957 +#: ../../configuration/protocols/bgp.rst:979 msgid "This command displays all entries in BGP routing table." msgstr "This command displays all entries in BGP routing table." -#: ../../configuration/protocols/bgp.rst:1036 +#: ../../configuration/protocols/bgp.rst:1058 msgid "This command displays dampened routes received from BGP neighbor." msgstr "This command displays dampened routes received from BGP neighbor." @@ -14064,27 +15189,27 @@ msgstr "This command displays dampened routes received from BGP neighbor." msgid "This command displays external information redistributed into OSPFv3" msgstr "This command displays external information redistributed into OSPFv3" -#: ../../configuration/protocols/bgp.rst:1040 +#: ../../configuration/protocols/bgp.rst:1062 msgid "This command displays information about BGP routes whose AS path matches the specified regular expression." msgstr "This command displays information about BGP routes whose AS path matches the specified regular expression." -#: ../../configuration/protocols/bgp.rst:1013 +#: ../../configuration/protocols/bgp.rst:1035 msgid "This command displays information about flapping BGP routes." msgstr "This command displays information about flapping BGP routes." -#: ../../configuration/protocols/bgp.rst:977 +#: ../../configuration/protocols/bgp.rst:999 msgid "This command displays information about the particular entry in the BGP routing table." msgstr "This command displays information about the particular entry in the BGP routing table." -#: ../../configuration/protocols/bgp.rst:1004 +#: ../../configuration/protocols/bgp.rst:1026 msgid "This command displays routes that are permitted by the BGP community list." msgstr "This command displays routes that are permitted by the BGP community list." -#: ../../configuration/protocols/bgp.rst:997 +#: ../../configuration/protocols/bgp.rst:1019 msgid "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise." msgstr "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise." -#: ../../configuration/protocols/bgp.rst:993 +#: ../../configuration/protocols/bgp.rst:1015 msgid "This command displays routes with classless interdomain routing (CIDR)." msgstr "This command displays routes with classless interdomain routing (CIDR)." @@ -14126,7 +15251,7 @@ msgstr "This command displays the neighbors status." msgid "This command displays the neighbors status for a neighbor on the specified interface." msgstr "This command displays the neighbors status for a neighbor on the specified interface." -#: ../../configuration/protocols/bgp.rst:1045 +#: ../../configuration/protocols/bgp.rst:1067 msgid "This command displays the status of all BGP connections." msgstr "This command displays the status of all BGP connections." @@ -14134,7 +15259,7 @@ msgstr "This command displays the status of all BGP connections." msgid "This command enable/disables summarisation for the configured address range." msgstr "This command enable/disables summarisation for the configured address range." -#: ../../configuration/protocols/bgp.rst:603 +#: ../../configuration/protocols/bgp.rst:615 msgid "This command enable logging neighbor up/down changes and reset reason." msgstr "This command enable logging neighbor up/down changes and reset reason." @@ -14174,7 +15299,7 @@ msgstr "This command enables sending timestamps with each Hello and IHU message msgid "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." msgstr "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." -#: ../../configuration/protocols/bgp.rst:875 +#: ../../configuration/protocols/bgp.rst:897 msgid "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." msgstr "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." @@ -14198,7 +15323,7 @@ msgstr "This command generate a default route into the RIP." msgid "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." -#: ../../configuration/protocols/bgp.rst:632 +#: ../../configuration/protocols/bgp.rst:644 msgid "This command goes hand in hand with the listen range command to limit the amount of BGP neighbors that are allowed to connect to the local router. The limit range is 1 to 5000." msgstr "This command goes hand in hand with the listen range command to limit the amount of BGP neighbors that are allowed to connect to the local router. The limit range is 1 to 5000." @@ -14241,7 +15366,7 @@ msgstr "This command is used for advertising IPv4 or IPv6 networks." msgid "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." msgstr "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." -#: ../../configuration/protocols/bgp.rst:620 +#: ../../configuration/protocols/bgp.rst:632 msgid "This command is useful if one desires to loosen the requirement for BGP to have strictly defined neighbors. Specifically what is allowed is for the local router to listen to a range of IPv4 or IPv6 addresses defined by a prefix and to accept BGP open messages. When a TCP connection (and subsequently a BGP open message) from within this range tries to connect the local router then the local router will respond and connect with the parameters that are defined within the peer group. One must define a peer-group for each range that is listed. If no peer-group is defined then an error will keep you from committing the configuration." msgstr "This command is useful if one desires to loosen the requirement for BGP to have strictly defined neighbors. Specifically what is allowed is for the local router to listen to a range of IPv4 or IPv6 addresses defined by a prefix and to accept BGP open messages. When a TCP connection (and subsequently a BGP open message) from within this range tries to connect the local router then the local router will respond and connect with the parameters that are defined within the peer group. One must define a peer-group for each range that is listed. If no peer-group is defined then an error will keep you from committing the configuration." @@ -14253,15 +15378,15 @@ msgstr "This command modifies the default metric (hop count) value for redistrib msgid "This command override AS number of the originating router with the local AS number." msgstr "This command override AS number of the originating router with the local AS number." -#: ../../configuration/protocols/bgp.rst:885 +#: ../../configuration/protocols/bgp.rst:907 msgid "This command prevents from sending back prefixes learned from the neighbor." msgstr "This command prevents from sending back prefixes learned from the neighbor." -#: ../../configuration/protocols/bgp.rst:804 +#: ../../configuration/protocols/bgp.rst:826 msgid "This command provides to compare different MED values that advertised by neighbours in the same AS for routes selection. When this command is enabled, routes from the same autonomous system are grouped together, and the best entries of each group are compared." msgstr "This command provides to compare different MED values that advertised by neighbours in the same AS for routes selection. When this command is enabled, routes from the same autonomous system are grouped together, and the best entries of each group are compared." -#: ../../configuration/protocols/bgp.rst:741 +#: ../../configuration/protocols/bgp.rst:763 msgid "This command provides to compare the MED on routes, even when they were received from different neighbouring ASes. Setting this option makes the order of preference of routes more defined, and should eliminate MED induced oscillations." msgstr "This command provides to compare the MED on routes, even when they were received from different neighbouring ASes. Setting this option makes the order of preference of routes more defined, and should eliminate MED induced oscillations." @@ -14297,19 +15422,19 @@ msgstr "This command redistributes routing information from the given route sour msgid "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers." msgstr "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers." -#: ../../configuration/protocols/bgp.rst:1068 +#: ../../configuration/protocols/bgp.rst:1090 msgid "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered." msgstr "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered." -#: ../../configuration/protocols/bgp.rst:1088 +#: ../../configuration/protocols/bgp.rst:1110 msgid "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered." msgstr "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered." -#: ../../configuration/protocols/bgp.rst:1075 +#: ../../configuration/protocols/bgp.rst:1097 msgid "This command resets all BGP connections of given router." msgstr "This command resets all BGP connections of given router." -#: ../../configuration/protocols/bgp.rst:1084 +#: ../../configuration/protocols/bgp.rst:1106 msgid "This command resets all external BGP peers of given router." msgstr "This command resets all external BGP peers of given router." @@ -14389,7 +15514,7 @@ msgstr "This command sets number of seconds for RxmtInterval timer value. This v msgid "This command sets old-style (ISO 10589) or new style packet formats:" msgstr "This command sets old-style (ISO 10589) or new style packet formats:" -#: ../../configuration/protocols/bgp.rst:944 +#: ../../configuration/protocols/bgp.rst:966 msgid "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." msgstr "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." @@ -14401,7 +15526,7 @@ msgstr "This command sets overload bit to avoid any transit traffic through this msgid "This command sets priority for the interface for :abbr:`DIS (Designated Intermediate System)` election. The priority range is 0 to 127." msgstr "This command sets priority for the interface for :abbr:`DIS (Designated Intermediate System)` election. The priority range is 0 to 127." -#: ../../configuration/protocols/bgp.rst:659 +#: ../../configuration/protocols/bgp.rst:681 msgid "This command sets the administrative distance for a particular route. The distance range is 1 to 255." msgstr "This command sets the administrative distance for a particular route. The distance range is 1 to 255." @@ -14461,7 +15586,7 @@ msgstr "This command should NOT be set normally." msgid "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." -#: ../../configuration/protocols/bgp.rst:938 +#: ../../configuration/protocols/bgp.rst:960 msgid "This command specifies a BGP confederation identifier. <asn> is the number of the autonomous system that internally includes multiple sub-autonomous systems (a confederation)." msgstr "This command specifies a BGP confederation identifier. <asn> is the number of the autonomous system that internally includes multiple sub-autonomous systems (a confederation)." @@ -14517,11 +15642,11 @@ msgstr "This command specifies attributes to be left unchanged for advertisement msgid "This command specifies circuit type for interface:" msgstr "This command specifies circuit type for interface:" -#: ../../configuration/protocols/bgp.rst:920 +#: ../../configuration/protocols/bgp.rst:942 msgid "This command specifies cluster ID which identifies a collection of route reflectors and their clients, and is used by route reflectors to avoid looping. By default cluster ID is set to the BGP router id value, but can be set to an arbitrary 32-bit value." msgstr "This command specifies cluster ID which identifies a collection of route reflectors and their clients, and is used by route reflectors to avoid looping. By default cluster ID is set to the BGP router id value, but can be set to an arbitrary 32-bit value." -#: ../../configuration/protocols/bgp.rst:671 +#: ../../configuration/protocols/bgp.rst:693 msgid "This command specifies hold-time in seconds. The timer range is 4 to 65535. The default value is 180 second. If you set value to 0 VyOS will not hold routes." msgstr "This command specifies hold-time in seconds. The timer range is 4 to 65535. The default value is 180 second. If you set value to 0 VyOS will not hold routes." @@ -14530,7 +15655,7 @@ msgstr "This command specifies hold-time in seconds. The timer range is 4 to 655 msgid "This command specifies interface as passive. Passive interface advertises its address, but does not run the OSPF protocol (adjacencies are not formed and hello packets are not generated)." msgstr "This command specifies interface as passive. Passive interface advertises its address, but does not run the OSPF protocol (adjacencies are not formed and hello packets are not generated)." -#: ../../configuration/protocols/bgp.rst:677 +#: ../../configuration/protocols/bgp.rst:699 msgid "This command specifies keep-alive time in seconds. The timer can range from 4 to 65535. The default value is 60 second." msgstr "This command specifies keep-alive time in seconds. The timer can range from 4 to 65535. The default value is 60 second." @@ -14558,15 +15683,15 @@ msgstr "This command specifies metric type for redistributed routes. Difference msgid "This command specifies network type to Point-to-Point. The default network type is broadcast." msgstr "This command specifies network type to Point-to-Point. The default network type is broadcast." -#: ../../configuration/protocols/bgp.rst:784 +#: ../../configuration/protocols/bgp.rst:806 msgid "This command specifies that BGP considers the MED when comparing routes originated from different sub-ASs within the confederation to which this BGP speaker belongs. The default state, where the MED attribute is not considered." msgstr "This command specifies that BGP considers the MED when comparing routes originated from different sub-ASs within the confederation to which this BGP speaker belongs. The default state, where the MED attribute is not considered." -#: ../../configuration/protocols/bgp.rst:754 +#: ../../configuration/protocols/bgp.rst:776 msgid "This command specifies that BGP decision process should consider paths of equal AS_PATH length candidates for multipath computation. Without the knob, the entire AS_PATH must match for multipath computation." msgstr "This command specifies that BGP decision process should consider paths of equal AS_PATH length candidates for multipath computation. Without the knob, the entire AS_PATH must match for multipath computation." -#: ../../configuration/protocols/bgp.rst:791 +#: ../../configuration/protocols/bgp.rst:813 msgid "This command specifies that a route with a MED is always considered to be better than a route without a MED by causing the missing MED attribute to have a value of infinity. The default state, where the missing MED attribute is considered to have a value of zero." msgstr "This command specifies that a route with a MED is always considered to be better than a route without a MED by causing the missing MED attribute to have a value of infinity. The default state, where the missing MED attribute is considered to have a value of zero." @@ -14582,7 +15707,7 @@ msgstr "This command specifies that simple password authentication should be use msgid "This command specifies that the community attribute should not be sent in route updates to a peer. By default community attribute is sent." msgstr "This command specifies that the community attribute should not be sent in route updates to a peer. By default community attribute is sent." -#: ../../configuration/protocols/bgp.rst:748 +#: ../../configuration/protocols/bgp.rst:770 msgid "This command specifies that the length of confederation path sets and sequences should be taken into account during the BGP best path decision process." msgstr "This command specifies that the length of confederation path sets and sequences should be taken into account during the BGP best path decision process." @@ -14622,7 +15747,7 @@ msgstr "This command specifies the base receive cost for this interface. For wir msgid "This command specifies the decay factor for the exponential moving average of RTT samples, in units of 1/256. Higher values discard old samples faster. The default is 42." msgstr "This command specifies the decay factor for the exponential moving average of RTT samples, in units of 1/256. Higher values discard old samples faster. The default is 42." -#: ../../configuration/protocols/bgp.rst:799 +#: ../../configuration/protocols/bgp.rst:821 msgid "This command specifies the default local preference value. The local preference range is 0 to 4294967295." msgstr "This command specifies the default local preference value. The local preference range is 0 to 4294967295." @@ -14634,7 +15759,7 @@ msgstr "This command specifies the default metric value of redistributed routes. msgid "This command specifies the garbage-collection timer. Upon expiration of the garbage-collection timer, the route is finally removed from the routing table. The time range is 5 to 2147483647. The default value is 120 seconds." msgstr "This command specifies the garbage-collection timer. Upon expiration of the garbage-collection timer, the route is finally removed from the routing table. The time range is 5 to 2147483647. The default value is 120 seconds." -#: ../../configuration/protocols/bgp.rst:916 +#: ../../configuration/protocols/bgp.rst:938 msgid "This command specifies the given neighbor as route reflector client." msgstr "This command specifies the given neighbor as route reflector client." @@ -14658,7 +15783,7 @@ msgstr "This command specifies the minimum RTT, in milliseconds, starting from w msgid "This command specifies the minimum route advertisement interval for the peer. The interval value is 0 to 600 seconds, with the default advertisement interval being 0." msgstr "This command specifies the minimum route advertisement interval for the peer. The interval value is 0 to 600 seconds, with the default advertisement interval being 0." -#: ../../configuration/protocols/bgp.rst:589 +#: ../../configuration/protocols/bgp.rst:595 msgid "This command specifies the router-ID. If router ID is not specified it will use the highest interface IP address." msgstr "This command specifies the router-ID. If router ID is not specified it will use the highest interface IP address." @@ -14714,7 +15839,7 @@ msgstr "This command summarizes intra area paths from specified area into one su msgid "This command to ensure not advertise the summary lsa for the matched external LSAs." msgstr "This command to ensure not advertise the summary lsa for the matched external LSAs." -#: ../../configuration/protocols/bgp.rst:1079 +#: ../../configuration/protocols/bgp.rst:1101 msgid "This command uses to clear BGP route dampening information and to unsuppress suppressed routes." msgstr "This command uses to clear BGP route dampening information and to unsuppress suppressed routes." @@ -14763,7 +15888,7 @@ msgstr "This command will generate a default-route in L2 database." msgid "This command will give an overview of a rule in a single rule-set" msgstr "This command will give an overview of a rule in a single rule-set" -#: ../../configuration/firewall/ipv4.rst:1091 +#: ../../configuration/firewall/ipv4.rst:1114 msgid "This command will give an overview of a rule in a single rule-set, plus information for default action." msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action." @@ -14771,7 +15896,7 @@ msgstr "This command will give an overview of a rule in a single rule-set, plus msgid "This command will give an overview of a rule in a single rule-set." msgstr "This command will give an overview of a rule in a single rule-set." -#: ../../configuration/firewall/ipv4.rst:1072 +#: ../../configuration/firewall/ipv4.rst:1095 #: ../../configuration/firewall/ipv6.rst:1088 msgid "This command will give an overview of a single rule-set." msgstr "This command will give an overview of a single rule-set." @@ -14805,7 +15930,7 @@ msgid "This configuration modifies the behavior of the network statement. If you msgstr "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table." #: ../../configuration/service/dhcp-server.rst:76 -#: ../../configuration/service/dhcp-server.rst:520 +#: ../../configuration/service/dhcp-server.rst:526 msgid "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries." msgstr "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries." @@ -14825,7 +15950,7 @@ msgstr "This creates a route policy called FILTER-WEB with one rule to set the r msgid "This defaults to 10000." msgstr "This defaults to 10000." -#: ../../configuration/system/login.rst:254 +#: ../../configuration/system/login.rst:258 msgid "This defaults to 1812." msgstr "This defaults to 1812." @@ -14833,7 +15958,7 @@ msgstr "This defaults to 1812." msgid "This defaults to 2007." msgstr "This defaults to 2007." -#: ../../configuration/service/dns.rst:271 +#: ../../configuration/service/dns.rst:285 msgid "This defaults to 300 seconds." msgstr "This defaults to 300 seconds." @@ -14841,7 +15966,7 @@ msgstr "This defaults to 300 seconds." msgid "This defaults to 30 seconds." msgstr "This defaults to 30 seconds." -#: ../../configuration/system/login.rst:323 +#: ../../configuration/system/login.rst:327 msgid "This defaults to 49." msgstr "This defaults to 49." @@ -14857,7 +15982,7 @@ msgstr "This defaults to UDP" msgid "This defaults to both 1.2 and 1.3." msgstr "This defaults to both 1.2 and 1.3." -#: ../../configuration/pki/index.rst:283 +#: ../../configuration/pki/index.rst:314 msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory" msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory" @@ -14893,15 +16018,27 @@ msgstr "This establishes our Port Forward rule, but if we created a firewall pol msgid "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." msgstr "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." +#: ../../configuration/vpn/ipsec.rst:392 +msgid "This example uses CACert as certificate authority." +msgstr "This example uses CACert as certificate authority." + +#: ../../configuration/vpn/ipsec.rst:386 +msgid "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." +msgstr "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." + +#: ../../configuration/protocols/bfd.rst:64 +msgid "This feature serves the purpose of thightening the packet validation requirements to avoid receiving BFD control packets from other sessions." +msgstr "This feature serves the purpose of thightening the packet validation requirements to avoid receiving BFD control packets from other sessions." + #: ../../configuration/protocols/ospf.rst:476 msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs." msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs." -#: ../../configuration/service/dns.rst:404 +#: ../../configuration/service/dns.rst:418 msgid "This functionality is controlled by adding the following configuration:" msgstr "This functionality is controlled by adding the following configuration:" -#: ../../configuration/firewall/ipv4.rst:376 +#: ../../configuration/firewall/ipv4.rst:399 #: ../../configuration/firewall/ipv6.rst:378 msgid "This functions for both individual addresses and address groups." msgstr "This functions for both individual addresses and address groups." @@ -14946,13 +16083,13 @@ msgstr "This is a mandatory command. Sets regular expression to match against lo msgid "This is a mandatory command. Sets the full path to the script. The script file must be executable." msgstr "This is a mandatory command. Sets the full path to the script. The script file must be executable." -#: ../../configuration/pki/index.rst:261 -#: ../../configuration/pki/index.rst:267 +#: ../../configuration/pki/index.rst:292 +#: ../../configuration/pki/index.rst:298 msgid "This is a mandatory option" msgstr "This is a mandatory option" -#: ../../configuration/protocols/rpki.rst:117 -#: ../../configuration/protocols/rpki.rst:124 +#: ../../configuration/protocols/rpki.rst:131 +#: ../../configuration/protocols/rpki.rst:138 msgid "This is a mandatory setting." msgstr "This is a mandatory setting." @@ -15019,7 +16156,7 @@ msgstr "This is the LCD model used in your system." msgid "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally." msgstr "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally." -#: ../../configuration/service/dhcp-server.rst:197 +#: ../../configuration/service/dhcp-server.rst:203 msgid "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd." msgstr "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd." @@ -15031,7 +16168,7 @@ msgstr "This is the name of the physical interface used to connect to your LCD d msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" -#: ../../configuration/service/dhcp-server.rst:195 +#: ../../configuration/service/dhcp-server.rst:201 msgid "This is useful, for example, in combination with hostfile update." msgstr "This is useful, for example, in combination with hostfile update." @@ -15088,7 +16225,7 @@ msgstr "This option is used by some DHCP clients as a way for users to specify i msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." -#: ../../configuration/system/login.rst:390 +#: ../../configuration/system/login.rst:394 msgid "This option must be used with ``timeout`` option." msgstr "This option must be used with ``timeout`` option." @@ -15101,7 +16238,7 @@ msgstr "This option only affects 802.3ad mode." msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." -#: ../../configuration/pki/index.rst:277 +#: ../../configuration/pki/index.rst:308 msgid "This options defaults to 2048" msgstr "This options defaults to 2048" @@ -15219,11 +16356,19 @@ msgstr "This the simplest queue possible you can apply to your traffic. Traffic msgid "This topology was built using GNS3." msgstr "This topology was built using GNS3." +#: ../../configuration/system/option.rst:38 +msgid "This will add the following option to the Kernel commandline:" +msgstr "This will add the following option to the Kernel commandline:" + +#: ../../configuration/system/option.rst:48 +msgid "This will add the following two options to the Kernel commandline:" +msgstr "This will add the following two options to the Kernel commandline:" + #: ../../configuration/interfaces/ethernet.rst:9 msgid "This will be the most widely used interface on a router carrying traffic to the real world." msgstr "This will be the most widely used interface on a router carrying traffic to the real world." -#: ../../configuration/protocols/static.rst:171 +#: ../../configuration/protocols/static.rst:204 msgid "This will configure a static ARP entry always resolving `<address>` to `<mac>` for interface `<interface>`." msgstr "This will configure a static ARP entry always resolving `<address>` to `<mac>` for interface `<interface>`." @@ -15239,7 +16384,7 @@ msgstr "This will render the following ddclient_ configuration entry:" msgid "This will show you a basic firewall overview" msgstr "This will show you a basic firewall overview" -#: ../../configuration/firewall/ipv4.rst:961 +#: ../../configuration/firewall/ipv4.rst:984 msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" @@ -15255,12 +16400,12 @@ msgstr "This will show you a basic summary of zones configuration." msgid "This will show you a rule-set statistic since the last boot." msgstr "This will show you a rule-set statistic since the last boot." -#: ../../configuration/firewall/ipv4.rst:1112 +#: ../../configuration/firewall/ipv4.rst:1135 #: ../../configuration/firewall/ipv6.rst:1135 msgid "This will show you a statistic of all rule-sets since the last boot." msgstr "This will show you a statistic of all rule-sets since the last boot." -#: ../../configuration/firewall/ipv4.rst:1016 +#: ../../configuration/firewall/ipv4.rst:1039 #: ../../configuration/firewall/ipv6.rst:1032 msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" @@ -15301,29 +16446,49 @@ msgstr "Time in seconds that the prefix will remain preferred (default 4 hours)" msgid "Time in seconds that the prefix will remain valid (default: 30 days)" msgstr "Time in seconds that the prefix will remain valid (default: 30 days)" +#: ../../configuration/service/router-advert.rst:1 +msgid "Time in seconds that the prefix will remain valid (default: 65528 seconds)" +msgstr "Time in seconds that the prefix will remain valid (default: 65528 seconds)" + #: ../../configuration/service/webproxy.rst:177 msgid "Time is in minutes and defaults to 60." msgstr "Time is in minutes and defaults to 60." -#: ../../configuration/firewall/ipv4.rst:874 +#: ../../configuration/firewall/ipv4.rst:897 #: ../../configuration/firewall/ipv6.rst:883 #: ../../configuration/policy/route.rst:225 msgid "Time to match the defined rule." msgstr "Time to match the defined rule." +#: ../../configuration/service/ipoe-server.rst:368 +#: ../../configuration/service/pppoe-server.rst:534 +#: ../../configuration/vpn/l2tp.rst:488 +#: ../../configuration/vpn/pptp.rst:412 +#: ../../configuration/vpn/sstp.rst:446 +msgid "Timeout in seconds" +msgstr "Timeout in seconds" + #: ../../configuration/protocols/failover.rst:24 msgid "Timeout in seconds between health target checks." msgstr "Timeout in seconds between health target checks." -#: ../../configuration/vpn/sstp.rst:234 +#: ../../configuration/service/ipoe-server.rst:174 +#: ../../configuration/service/pppoe-server.rst:136 +#: ../../configuration/vpn/l2tp.rst:179 +#: ../../configuration/vpn/pptp.rst:119 +#: ../../configuration/vpn/sstp.rst:152 msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" -#: ../../configuration/vpn/sstp.rst:254 +#: ../../configuration/service/ipoe-server.rst:194 +#: ../../configuration/service/pppoe-server.rst:156 +#: ../../configuration/vpn/l2tp.rst:199 +#: ../../configuration/vpn/pptp.rst:139 +#: ../../configuration/vpn/sstp.rst:172 msgid "Timeout to wait response from server (seconds)" msgstr "Timeout to wait response from server (seconds)" -#: ../../configuration/protocols/bgp.rst:667 +#: ../../configuration/protocols/bgp.rst:689 #: ../../configuration/protocols/isis.rst:257 msgid "Timers" msgstr "Timers" @@ -15332,7 +16497,7 @@ msgstr "Timers" msgid "To activate the VLAN aware bridge, you must activate this setting to use VLAN settings for the bridge" msgstr "To activate the VLAN aware bridge, you must activate this setting to use VLAN settings for the bridge" -#: ../../configuration/vpn/l2tp.rst:58 +#: ../../configuration/vpn/l2tp.rst:108 msgid "To allow VPN-clients access via your external address, a NAT rule is required:" msgstr "To allow VPN-clients access via your external address, a NAT rule is required:" @@ -15344,7 +16509,7 @@ msgstr "To allow listing additional custom domain, for example ``openthread.thre msgid "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:" msgstr "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:" -#: ../../configuration/vpn/site2site_ipsec.rst:257 +#: ../../configuration/vpn/site2site_ipsec.rst:260 msgid "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)" msgstr "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)" @@ -15442,11 +16607,11 @@ msgstr "To configure syslog, you need to switch into configuration mode." msgid "To configure your LCD display you must first identify the used hardware, and connectivity of the display to your system. This can be any serial port (`ttySxx`) or serial via USB or even old parallel port interfaces." msgstr "To configure your LCD display you must first identify the used hardware, and connectivity of the display to your system. This can be any serial port (`ttySxx`) or serial via USB or even old parallel port interfaces." -#: ../../configuration/service/ipoe-server.rst:98 +#: ../../configuration/service/ipoe-server.rst:99 msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." -#: ../../configuration/system/login.rst:377 +#: ../../configuration/system/login.rst:381 msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." @@ -15462,11 +16627,11 @@ msgstr "To create routing table 100 and add a new default gateway to be used by msgid "To define a zone setup either one with interfaces or a local zone." msgstr "To define a zone setup either one with interfaces or a local zone." -#: ../../configuration/service/router-advert.rst:75 +#: ../../configuration/service/router-advert.rst:101 msgid "To disable advertisements without deleting the configuration:" msgstr "To disable advertisements without deleting the configuration:" -#: ../../configuration/system/login.rst:190 +#: ../../configuration/system/login.rst:194 msgid "To display the configured OTP user key, use the command:" msgstr "To display the configured OTP user key, use the command:" @@ -15483,7 +16648,11 @@ msgstr "To enable/disable helper support for a specific neighbour, the router-id msgid "To enable MLD reports and query on interfaces `eth0` and `eth1`:" msgstr "To enable MLD reports and query on interfaces `eth0` and `eth1`:" -#: ../../configuration/vpn/l2tp.rst:141 +#: ../../configuration/service/ipoe-server.rst:116 +#: ../../configuration/service/pppoe-server.rst:78 +#: ../../configuration/vpn/l2tp.rst:121 +#: ../../configuration/vpn/pptp.rst:61 +#: ../../configuration/vpn/sstp.rst:94 msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." @@ -15511,6 +16680,10 @@ msgstr "To enable the HTTP security headers in the configuration file, use the c msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" +#: ../../configuration/vpn/l2tp.rst:282 +msgid "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." +msgstr "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." + #: ../../configuration/service/snmp.rst:216 msgid "To extend SNMP agent functionality, custom scripts can be executed every time the agent is being called. This can be achieved by using ``arbitrary extensioncommands``. The first step is to create a functional script of course, then upload it to your VyOS instance via the command ``scp your_script.sh vyos@your_router:/config/user-data``. Once the script is uploaded, it needs to be configured via the command below." msgstr "To extend SNMP agent functionality, custom scripts can be executed every time the agent is being called. This can be achieved by using ``arbitrary extensioncommands``. The first step is to create a functional script of course, then upload it to your VyOS instance via the command ``scp your_script.sh vyos@your_router:/config/user-data``. Once the script is uploaded, it needs to be configured via the command below." @@ -15527,11 +16700,15 @@ msgstr "To generate the CA, the server private key and certificates the followin msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." -#: ../../configuration/service/dhcp-server.rst:566 +#: ../../configuration/service/dhcp-server.rst:572 msgid "To hand out individual prefixes to your clients the following configuration is used:" msgstr "To hand out individual prefixes to your clients the following configuration is used:" -#: ../../configuration/highavailability/index.rst:336 +#: ../../configuration/vpn/ipsec.rst:405 +msgid "To import it from the filesystem use:" +msgstr "To import it from the filesystem use:" + +#: ../../configuration/highavailability/index.rst:346 msgid "To know more about scripting, check the :ref:`command-scripting` section." msgstr "To know more about scripting, check the :ref:`command-scripting` section." @@ -15539,7 +16716,7 @@ msgstr "To know more about scripting, check the :ref:`command-scripting` section msgid "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:" msgstr "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:" -#: ../../configuration/protocols/static.rst:161 +#: ../../configuration/protocols/static.rst:194 msgid "To manipulate or display ARP_ table entries, the following commands are implemented." msgstr "To manipulate or display ARP_ table entries, the following commands are implemented." @@ -15552,7 +16729,7 @@ msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip os msgid "To request a /56 prefix from your ISP use:" msgstr "To request a /56 prefix from your ISP use:" -#: ../../configuration/service/dhcp-server.rst:680 +#: ../../configuration/service/dhcp-server.rst:688 msgid "To restart the DHCPv6 server" msgstr "To restart the DHCPv6 server" @@ -15568,7 +16745,7 @@ msgstr "To setup a destination NAT rule we need to gather:" msgid "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" -#: ../../configuration/service/ipoe-server.rst:113 +#: ../../configuration/service/ipoe-server.rst:114 msgid "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used." msgstr "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used." @@ -15596,6 +16773,10 @@ msgstr "Topology:" msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" +#: ../../configuration/service/ipoe-server.rst:433 +msgid "Toubleshooting" +msgstr "Toubleshooting" + #: ../../configuration/highavailability/index.rst:171 msgid "Track" msgstr "Track" @@ -15644,7 +16825,7 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." -#: ../../configuration/firewall/ipv4.rst:928 +#: ../../configuration/firewall/ipv4.rst:951 #: ../../configuration/firewall/ipv6.rst:937 msgid "Traffic must be symmetric" msgstr "Traffic must be symmetric" @@ -15653,11 +16834,11 @@ msgstr "Traffic must be symmetric" msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" -#: ../../configuration/highavailability/index.rst:322 +#: ../../configuration/highavailability/index.rst:332 msgid "Transition scripts" msgstr "Transition scripts" -#: ../../configuration/highavailability/index.rst:324 +#: ../../configuration/highavailability/index.rst:334 msgid "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" msgstr "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" @@ -15667,6 +16848,8 @@ msgstr "Transparent Proxy" #: ../../configuration/interfaces/openvpn.rst:701 #: ../../configuration/interfaces/tunnel.rst:227 +#: ../../configuration/vpn/pptp.rst:484 +#: ../../configuration/vpn/sstp.rst:580 msgid "Troubleshooting" msgstr "Troubleshooting" @@ -15682,6 +16865,10 @@ msgstr "Tunnel" msgid "Tunnel keys" msgstr "Tunnel keys" +#: ../../configuration/vpn/l2tp.rst:280 +msgid "Tunnel password used to authenticate the client (LAC)" +msgstr "Tunnel password used to authenticate the client (LAC)" + #: ../../configuration/loadbalancing/wan.rst:257 msgid "Two environment variables are available:" msgstr "Two environment variables are available:" @@ -15714,15 +16901,15 @@ msgstr "UDP Broadcast Relay" msgid "UDP mode works better with NAT:" msgstr "UDP mode works better with NAT:" -#: ../../configuration/vpn/l2tp.rst:34 +#: ../../configuration/vpn/l2tp.rst:84 msgid "UDP port 1701 for IPsec" msgstr "UDP port 1701 for IPsec" -#: ../../configuration/vpn/l2tp.rst:39 +#: ../../configuration/vpn/l2tp.rst:89 msgid "UDP port 4500 (NAT-T)" msgstr "UDP port 4500 (NAT-T)" -#: ../../configuration/vpn/l2tp.rst:32 +#: ../../configuration/vpn/l2tp.rst:82 msgid "UDP port 500 (IKE)" msgstr "UDP port 500 (IKE)" @@ -15778,11 +16965,11 @@ msgstr "Up to seven queues -defined as classes_ with different priorities- can b msgid "Update" msgstr "Update" -#: ../../configuration/container/index.rst:171 +#: ../../configuration/container/index.rst:207 msgid "Update container image" msgstr "Update container image" -#: ../../configuration/firewall/ipv4.rst:1175 +#: ../../configuration/firewall/ipv4.rst:1198 #: ../../configuration/firewall/ipv6.rst:1191 msgid "Update geoip database" msgstr "Update geoip database" @@ -15795,10 +16982,17 @@ msgstr "Updates" msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." -#: ../../configuration/vpn/sstp.rst:90 +#: ../../configuration/service/pppoe-server.rst:267 +#: ../../configuration/vpn/l2tp.rst:391 +#: ../../configuration/vpn/pptp.rst:315 +#: ../../configuration/vpn/sstp.rst:349 msgid "Upload bandwidth limit in kbit/s for `<user>`." msgstr "Upload bandwidth limit in kbit/s for `<user>`." +#: ../../configuration/service/ipoe-server.rst:325 +msgid "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." +msgstr "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." + #: ../../configuration/loadbalancing/wan.rst:209 msgid "Upon reception of an incoming packet, when a response is sent, it might be desired to ensure that it leaves from the same interface as the inbound one. This can be achieved by enabling sticky connections in the load balancing:" msgstr "Upon reception of an incoming packet, when a response is sent, it might be desired to ensure that it leaves from the same interface as the inbound one. This can be achieved by enabling sticky connections in the load balancing:" @@ -15816,7 +17010,7 @@ msgstr "Use 802.11n protocol" msgid "Use CA certificate from PKI subsystem" msgstr "Use CA certificate from PKI subsystem" -#: ../../configuration/service/dns.rst:365 +#: ../../configuration/service/dns.rst:379 msgid "Use DynDNS as your preferred provider:" msgstr "Use DynDNS as your preferred provider:" @@ -15848,27 +17042,27 @@ msgstr "Use `delete system conntrack modules` to deactive all modules." msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." -#: ../../configuration/firewall/ipv4.rst:515 +#: ../../configuration/firewall/ipv4.rst:538 #: ../../configuration/firewall/ipv6.rst:525 msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:578 +#: ../../configuration/firewall/ipv4.rst:601 #: ../../configuration/firewall/ipv6.rst:588 msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:599 +#: ../../configuration/firewall/ipv4.rst:622 #: ../../configuration/firewall/ipv6.rst:609 msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:536 +#: ../../configuration/firewall/ipv4.rst:559 #: ../../configuration/firewall/ipv6.rst:546 msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:557 +#: ../../configuration/firewall/ipv4.rst:580 #: ../../configuration/firewall/ipv6.rst:567 msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." @@ -15885,7 +17079,7 @@ msgstr "Use an automatically generated self-signed certificate" msgid "Use any local address, configured on any interface if this is not set." msgstr "Use any local address, configured on any interface if this is not set." -#: ../../configuration/service/dns.rst:279 +#: ../../configuration/service/dns.rst:263 msgid "Use auth key file at ``/config/auth/my.key``" msgstr "Use auth key file at ``/config/auth/my.key``" @@ -15893,10 +17087,14 @@ msgstr "Use auth key file at ``/config/auth/my.key``" msgid "Use certificate from PKI subsystem" msgstr "Use certificate from PKI subsystem" -#: ../../configuration/service/dns.rst:408 +#: ../../configuration/service/dns.rst:410 msgid "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response." msgstr "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response." +#: ../../configuration/service/dns.rst:368 +msgid "Use deSEC (dedyn.io) as your preferred provider:" +msgstr "Use deSEC (dedyn.io) as your preferred provider:" + #: ../../configuration/firewall/general-legacy.rst:478 msgid "Use inverse-match to match anything except the given country-codes." msgstr "Use inverse-match to match anything except the given country-codes." @@ -15905,7 +17103,7 @@ msgstr "Use inverse-match to match anything except the given country-codes." msgid "Use local socket for API" msgstr "Use local socket for API" -#: ../../configuration/vpn/sstp.rst:288 +#: ../../configuration/vpn/sstp.rst:357 msgid "Use local user `foo` with password `bar`" msgstr "Use local user `foo` with password `bar`" @@ -15913,7 +17111,7 @@ msgstr "Use local user `foo` with password `bar`" msgid "Use tab completion to get a list of categories." msgstr "Use tab completion to get a list of categories." -#: ../../configuration/system/option.rst:53 +#: ../../configuration/system/option.rst:83 msgid "Use the address of the specified interface on the local machine as the source address of the connection." msgstr "Use the address of the specified interface on the local machine as the source address of the connection." @@ -15925,7 +17123,7 @@ msgstr "Use the following topology to build a nat66 based isolated network betwe msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." -#: ../../configuration/system/option.rst:48 +#: ../../configuration/system/option.rst:78 msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." @@ -15957,10 +17155,26 @@ msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/vpn/sstp.rst:137 +#: ../../configuration/service/ipoe-server.rst:261 +msgid "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." + +#: ../../configuration/service/pppoe-server.rst:355 +msgid "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." + +#: ../../configuration/vpn/pptp.rst:223 +msgid "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." + +#: ../../configuration/vpn/sstp.rst:257 msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/l2tp.rst:299 +msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." + #: ../../configuration/service/pppoe-server.rst:93 msgid "Use this command for every pool of client IP addresses you want to define. The addresses of this pool will be given to PPPoE clients. You must use CIDR notation." msgstr "Use this command for every pool of client IP addresses you want to define. The addresses of this pool will be given to PPPoE clients. You must use CIDR notation." @@ -16005,7 +17219,7 @@ msgstr "Use this command to check the tunnel status for OpenVPN server interface msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." -#: ../../configuration/system/ipv6.rst:154 +#: ../../configuration/system/ipv6.rst:167 msgid "Use this command to clear Border Gateway Protocol statistics or status." msgstr "Use this command to clear Border Gateway Protocol statistics or status." @@ -16013,16 +17227,32 @@ msgstr "Use this command to clear Border Gateway Protocol statistics or status." msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/vpn/sstp.rst:146 +#: ../../configuration/service/ipoe-server.rst:269 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." + +#: ../../configuration/service/pppoe-server.rst:363 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." + +#: ../../configuration/vpn/pptp.rst:231 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." + +#: ../../configuration/vpn/sstp.rst:265 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/l2tp.rst:307 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." + #: ../../configuration/service/pppoe-server.rst:120 msgid "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters." msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters." -#: ../../configuration/protocols/static.rst:112 -#: ../../configuration/protocols/static.rst:125 +#: ../../configuration/protocols/static.rst:146 +#: ../../configuration/protocols/static.rst:159 msgid "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." msgstr "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." @@ -16226,6 +17456,10 @@ msgstr "Use this command to control the maximum number of equal cost paths to re msgid "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." msgstr "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." +#: ../../configuration/vpn/l2tp.rst:68 +msgid "Use this command to define IPsec interface." +msgstr "Use this command to define IPsec interface." + #: ../../configuration/trafficpolicy/index.rst:425 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." @@ -16234,8 +17468,19 @@ msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." -#: ../../configuration/service/pppoe-server.rst:81 -#: ../../configuration/vpn/sstp.rst:132 +#: ../../configuration/service/ipoe-server.rst:277 +#: ../../configuration/service/pppoe-server.rst:371 +#: ../../configuration/vpn/l2tp.rst:315 +#: ../../configuration/vpn/pptp.rst:239 +#: ../../configuration/vpn/sstp.rst:273 +msgid "Use this command to define default IPv6 address pool name." +msgstr "Use this command to define default IPv6 address pool name." + +#: ../../configuration/service/ipoe-server.rst:77 +#: ../../configuration/service/pppoe-server.rst:61 +#: ../../configuration/vpn/l2tp.rst:48 +#: ../../configuration/vpn/pptp.rst:50 +#: ../../configuration/vpn/sstp.rst:75 msgid "Use this command to define default address pool name." msgstr "Use this command to define default address pool name." @@ -16255,15 +17500,31 @@ msgstr "Use this command to define in the selected interface whether you choose msgid "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." msgstr "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." +#: ../../configuration/service/ipoe-server.rst:70 +msgid "Use this command to define the first IP address of a pool of addresses to be given to IPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." +msgstr "Use this command to define the first IP address of a pool of addresses to be given to IPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." + #: ../../configuration/service/pppoe-server.rst:73 msgid "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." msgstr "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." -#: ../../configuration/vpn/sstp.rst:121 +#: ../../configuration/vpn/pptp.rst:43 +msgid "Use this command to define the first IP address of a pool of addresses to be given to PPTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." +msgstr "Use this command to define the first IP address of a pool of addresses to be given to PPTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." + +#: ../../configuration/vpn/sstp.rst:68 msgid "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." msgstr "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." -#: ../../configuration/service/pppoe-server.rst:42 +#: ../../configuration/vpn/l2tp.rst:41 +msgid "Use this command to define the first IP address of a pool of addresses to be given to l2tp clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." +msgstr "Use this command to define the first IP address of a pool of addresses to be given to l2tp clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." + +#: ../../configuration/service/pppoe-server.rst:54 +msgid "Use this command to define the first IP address of a pool of addresses to be given to pppoe clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." +msgstr "Use this command to define the first IP address of a pool of addresses to be given to pppoe clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." + +#: ../../configuration/service/pppoe-server.rst:65 msgid "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients." msgstr "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients." @@ -16283,8 +17544,11 @@ msgstr "Use this command to define the maximum number of entries to keep in the msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." -#: ../../configuration/service/pppoe-server.rst:77 -#: ../../configuration/vpn/sstp.rst:128 +#: ../../configuration/service/ipoe-server.rst:332 +#: ../../configuration/service/pppoe-server.rst:450 +#: ../../configuration/vpn/l2tp.rst:404 +#: ../../configuration/vpn/pptp.rst:328 +#: ../../configuration/vpn/sstp.rst:362 msgid "Use this command to define the next address pool name." msgstr "Use this command to define the next address pool name." @@ -16352,7 +17616,7 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." -#: ../../configuration/service/pppoe-server.rst:236 +#: ../../configuration/service/pppoe-server.rst:310 msgid "Use this command to enable bandwidth shaping via RADIUS." msgstr "Use this command to enable bandwidth shaping via RADIUS." @@ -16364,7 +17628,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." -#: ../../configuration/service/pppoe-server.rst:249 +#: ../../configuration/service/pppoe-server.rst:323 msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." @@ -16386,7 +17650,7 @@ msgstr "Use this command to enable the logging of the default action on custom c msgid "Use this command to enable the logging of the default action on the specified chain." msgstr "Use this command to enable the logging of the default action on the specified chain." -#: ../../configuration/system/ipv6.rst:165 +#: ../../configuration/system/ipv6.rst:178 msgid "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route." msgstr "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route." @@ -16394,11 +17658,11 @@ msgstr "Use this command to flush the kernel IPv6 route cache. An address can be msgid "Use this command to get an overview of a zone." msgstr "Use this command to get an overview of a zone." -#: ../../configuration/system/ipv6.rst:120 +#: ../../configuration/system/ipv6.rst:133 msgid "Use this command to get information about OSPFv3." msgstr "Use this command to get information about OSPFv3." -#: ../../configuration/system/ipv6.rst:142 +#: ../../configuration/system/ipv6.rst:155 msgid "Use this command to get information about the RIPNG protocol" msgstr "Use this command to get information about the RIPNG protocol" @@ -16410,10 +17674,22 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." -#: ../../configuration/service/pppoe-server.rst:311 +#: ../../configuration/service/ipoe-server.rst:394 +msgid "Use this command to locally check the active sessions in the IPoE server." +msgstr "Use this command to locally check the active sessions in the IPoE server." + +#: ../../configuration/service/pppoe-server.rst:587 msgid "Use this command to locally check the active sessions in the PPPoE server." msgstr "Use this command to locally check the active sessions in the PPPoE server." +#: ../../configuration/vpn/pptp.rst:446 +msgid "Use this command to locally check the active sessions in the PPTP server." +msgstr "Use this command to locally check the active sessions in the PPTP server." + +#: ../../configuration/vpn/sstp.rst:542 +msgid "Use this command to locally check the active sessions in the SSTP server." +msgstr "Use this command to locally check the active sessions in the SSTP server." + #: ../../configuration/protocols/igmp.rst:104 msgid "Use this command to manually configure a Rendezvous Point for PIM so that join messages can be sent there. Set the Rendevouz Point address and the matching prefix of group ranges covered. These values must be shared with every router participating in the PIM network." msgstr "Use this command to manually configure a Rendezvous Point for PIM so that join messages can be sent there. Set the Rendevouz Point address and the matching prefix of group ranges covered. These values must be shared with every router participating in the PIM network." @@ -16427,7 +17703,7 @@ msgstr "Use this command to not install advertised DNS nameservers into the loca msgid "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface." msgstr "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface." -#: ../../configuration/system/ipv6.rst:160 +#: ../../configuration/system/ipv6.rst:173 msgid "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface." msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface." @@ -16467,7 +17743,7 @@ msgstr "Use this command to see discovery hello information" msgid "Use this command to see the Label Information Base." msgstr "Use this command to see the Label Information Base." -#: ../../configuration/service/pppoe-server.rst:26 +#: ../../configuration/service/pppoe-server.rst:33 msgid "Use this command to set a name for this PPPoE-server access concentrator." msgstr "Use this command to set a name for this PPPoE-server access concentrator." @@ -16511,31 +17787,31 @@ msgstr "Use this command to set the username for authenticating with a remote PP msgid "Use this command to show IPv6 Border Gateway Protocol information." msgstr "Use this command to show IPv6 Border Gateway Protocol information." -#: ../../configuration/system/ipv6.rst:50 +#: ../../configuration/system/ipv6.rst:63 msgid "Use this command to show IPv6 Neighbor Discovery Protocol information." msgstr "Use this command to show IPv6 Neighbor Discovery Protocol information." -#: ../../configuration/system/ipv6.rst:58 +#: ../../configuration/system/ipv6.rst:71 msgid "Use this command to show IPv6 forwarding status." msgstr "Use this command to show IPv6 forwarding status." -#: ../../configuration/system/ipv6.rst:54 +#: ../../configuration/system/ipv6.rst:67 msgid "Use this command to show IPv6 multicast group membership." msgstr "Use this command to show IPv6 multicast group membership." -#: ../../configuration/system/ipv6.rst:62 +#: ../../configuration/system/ipv6.rst:75 msgid "Use this command to show IPv6 routes." msgstr "Use this command to show IPv6 routes." -#: ../../configuration/system/ipv6.rst:105 +#: ../../configuration/system/ipv6.rst:118 msgid "Use this command to show all IPv6 access lists" msgstr "Use this command to show all IPv6 access lists" -#: ../../configuration/system/ipv6.rst:90 +#: ../../configuration/system/ipv6.rst:103 msgid "Use this command to show all IPv6 prefix lists" msgstr "Use this command to show all IPv6 prefix lists" -#: ../../configuration/system/ipv6.rst:146 +#: ../../configuration/system/ipv6.rst:159 msgid "Use this command to show the status of the RIPNG protocol" msgstr "Use this command to show the status of the RIPNG protocol" @@ -16595,6 +17871,14 @@ msgstr "Used to block specific domains by the Proxy. Specifying \"vyos.net\" wil msgid "User-level messages" msgstr "User-level messages" +#: ../../configuration/service/ipoe-server.rst:250 +#: ../../configuration/service/pppoe-server.rst:212 +#: ../../configuration/vpn/l2tp.rst:255 +#: ../../configuration/vpn/pptp.rst:195 +#: ../../configuration/vpn/sstp.rst:228 +msgid "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." +msgstr "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." + #: ../../configuration/policy/examples.rst:18 msgid "Using 'soft-reconfiguration' we get the policy update without bouncing the neighbor." msgstr "Using 'soft-reconfiguration' we get the policy update without bouncing the neighbor." @@ -16603,11 +17887,11 @@ msgstr "Using 'soft-reconfiguration' we get the policy update without bouncing t msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." -#: ../../configuration/protocols/bgp.rst:900 +#: ../../configuration/protocols/bgp.rst:922 msgid "Using BGP confederation" msgstr "Using BGP confederation" -#: ../../configuration/protocols/bgp.rst:899 +#: ../../configuration/protocols/bgp.rst:921 msgid "Using BGP route-reflectors" msgstr "Using BGP route-reflectors" @@ -16615,6 +17899,10 @@ msgstr "Using BGP route-reflectors" msgid "Using VLAN aware Bridge" msgstr "Using VLAN aware Bridge" +#: ../../configuration/vpn/sstp.rst:29 +msgid "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" +msgstr "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" + #: ../../configuration/interfaces/bridge.rst:266 msgid "Using the operation mode command to view Bridge Information" msgstr "Using the operation mode command to view Bridge Information" @@ -16652,6 +17940,10 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the msgid "VLAN" msgstr "VLAN" +#: ../../configuration/service/pppoe-server.rst:232 +msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." +msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." + #: ../../configuration/service/pppoe-server.rst:163 msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." @@ -16668,6 +17960,10 @@ msgstr "VLAN Example" msgid "VLAN Options" msgstr "VLAN Options" +#: ../../configuration/service/ipoe-server.rst:315 +msgid "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" +msgstr "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" + #: ../../configuration/service/lldp.rst:28 msgid "VLAN name" msgstr "VLAN name" @@ -16688,32 +17984,32 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN msgid "VRF" msgstr "VRF" -#: ../../configuration/vrf/index.rst:411 +#: ../../configuration/vrf/index.rst:430 msgid "VRF Route Leaking" msgstr "VRF Route Leaking" -#: ../../configuration/vrf/index.rst:283 +#: ../../configuration/vrf/index.rst:302 msgid "VRF and NAT" msgstr "VRF and NAT" -#: ../../configuration/vrf/index.rst:380 +#: ../../configuration/vrf/index.rst:399 msgid "VRF blue routing table" msgstr "VRF blue routing table" -#: ../../configuration/vrf/index.rst:347 +#: ../../configuration/vrf/index.rst:366 msgid "VRF default routing table" msgstr "VRF default routing table" -#: ../../configuration/vrf/index.rst:363 +#: ../../configuration/vrf/index.rst:382 msgid "VRF red routing table" msgstr "VRF red routing table" -#: ../../configuration/vrf/index.rst:235 -#: ../../configuration/vrf/index.rst:242 +#: ../../configuration/vrf/index.rst:254 +#: ../../configuration/vrf/index.rst:261 msgid "VRF route leaking" msgstr "VRF route leaking" -#: ../../configuration/vrf/index.rst:242 +#: ../../configuration/vrf/index.rst:261 msgid "VRF topology example" msgstr "VRF topology example" @@ -16769,11 +18065,19 @@ msgstr "Valid values are 0..255." msgid "Value" msgstr "Value" -#: ../../configuration/vpn/sstp.rst:263 +#: ../../configuration/service/ipoe-server.rst:203 +#: ../../configuration/service/pppoe-server.rst:165 +#: ../../configuration/vpn/l2tp.rst:208 +#: ../../configuration/vpn/pptp.rst:148 +#: ../../configuration/vpn/sstp.rst:181 msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." -#: ../../configuration/vpn/sstp.rst:258 +#: ../../configuration/service/ipoe-server.rst:198 +#: ../../configuration/service/pppoe-server.rst:160 +#: ../../configuration/vpn/l2tp.rst:203 +#: ../../configuration/vpn/pptp.rst:143 +#: ../../configuration/vpn/sstp.rst:176 msgid "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests." msgstr "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests." @@ -16795,11 +18099,11 @@ msgstr "Verify that connections are hitting the rule on both sides:" msgid "Version" msgstr "Version" -#: ../../configuration/highavailability/index.rst:339 +#: ../../configuration/highavailability/index.rst:349 msgid "Virtual-server" msgstr "Virtual-server" -#: ../../configuration/highavailability/index.rst:398 +#: ../../configuration/highavailability/index.rst:408 msgid "Virtual-server can be configured with VRRP virtual address or without VRRP." msgstr "Virtual-server can be configured with VRRP virtual address or without VRRP." @@ -16807,7 +18111,7 @@ msgstr "Virtual-server can be configured with VRRP virtual address or without VR msgid "Virtual Ethernet" msgstr "Virtual Ethernet" -#: ../../configuration/highavailability/index.rst:342 +#: ../../configuration/highavailability/index.rst:352 msgid "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." msgstr "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." @@ -16823,11 +18127,11 @@ msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." -#: ../../configuration/vrf/index.rst:84 +#: ../../configuration/vrf/index.rst:103 msgid "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." msgstr "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." -#: ../../configuration/pki/index.rst:9 +#: ../../configuration/pki/index.rst:11 msgid "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." @@ -16839,7 +18143,7 @@ msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no msgid "VyOS Arista EOS setup" msgstr "VyOS Arista EOS setup" -#: ../../configuration/vpn/ipsec.rst:120 +#: ../../configuration/vpn/ipsec.rst:123 msgid "VyOS ESP group has the next options:" msgstr "VyOS ESP group has the next options:" @@ -16883,10 +18187,14 @@ msgstr "VyOS SNMP supports both IPv4 and IPv6." msgid "VyOS also comes with a build in SSTP server, see :ref:`sstp`." msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`." -#: ../../configuration/service/dhcp-server.rst:504 +#: ../../configuration/service/dhcp-server.rst:510 msgid "VyOS also provides DHCPv6 server functionality which is described in this section." msgstr "VyOS also provides DHCPv6 server functionality which is described in this section." +#: ../../configuration/vpn/ipsec.rst:474 +msgid "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." +msgstr "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:127 msgid "VyOS also supports two different modes of authentication, local and RADIUS. To create a new local user named \"vyos\" with a password of \"vyos\" use the following commands." msgstr "VyOS also supports two different modes of authentication, local and RADIUS. To create a new local user named \"vyos\" with a password of \"vyos\" use the following commands." @@ -16928,7 +18236,11 @@ msgstr "VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**, **IGMP* msgid "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**." msgstr "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**." -#: ../../configuration/service/dns.rst:214 +#: ../../configuration/service/ids.rst:17 +msgid "VyOS includes the FastNetMon Community Edition." +msgstr "VyOS includes the FastNetMon Community Edition." + +#: ../../configuration/service/dns.rst:201 msgid "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose." msgstr "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose." @@ -16952,15 +18264,15 @@ msgstr "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet msgid "VyOS makes use of :abbr:`FRR (Free Range Routing)` and we would like to thank them for their effort!" msgstr "VyOS makes use of :abbr:`FRR (Free Range Routing)` and we would like to thank them for their effort!" -#: ../../configuration/pki/index.rst:21 +#: ../../configuration/pki/index.rst:23 msgid "VyOS not only can now manage certificates issued by 3rd party Certificate Authorities, it can also act as a CA on its own. You can create your own root CA and sign keys with it by making use of some simple op-mode commands." msgstr "VyOS not only can now manage certificates issued by 3rd party Certificate Authorities, it can also act as a CA on its own. You can create your own root CA and sign keys with it by making use of some simple op-mode commands." -#: ../../configuration/pki/index.rst:35 +#: ../../configuration/pki/index.rst:37 msgid "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command." msgstr "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command." -#: ../../configuration/pki/index.rst:292 +#: ../../configuration/pki/index.rst:323 msgid "VyOS operational mode commands are not only available for generating keys but also to display them." msgstr "VyOS operational mode commands are not only available for generating keys but also to display them." @@ -17000,6 +18312,10 @@ msgstr "VyOS provides some operational commands on OpenVPN." msgid "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements." msgstr "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements." +#: ../../configuration/pki/index.rst:255 +msgid "VyOS provides this utility to import existing certificates/key files directly into PKI from op-mode. Previous to VyOS 1.4, certificates were stored under the /config folder permanently and will be retained post upgrade." +msgstr "VyOS provides this utility to import existing certificates/key files directly into PKI from op-mode. Previous to VyOS 1.4, certificates were stored under the /config folder permanently and will be retained post upgrade." + #: ../../configuration/loadbalancing/reverse-proxy.rst:8 msgid "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." msgstr "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." @@ -17020,6 +18336,10 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." +#: ../../configuration/vpn/ipsec.rst:452 +msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." + #: ../../configuration/system/updates.rst:5 msgid "VyOS supports online checking for updates" msgstr "VyOS supports online checking for updates" @@ -17060,11 +18380,11 @@ msgstr "VyOS uses the `mirror` option to configure port mirroring. The configura msgid "VyOS utilizes `accel-ppp`_ to provide PPPoE server functionality. It can be used with local authentication or a connected RADIUS server." msgstr "VyOS utilizes `accel-ppp`_ to provide PPPoE server functionality. It can be used with local authentication or a connected RADIUS server." -#: ../../configuration/service/ipoe-server.rst:9 +#: ../../configuration/service/ipoe-server.rst:7 msgid "VyOS utilizes `accel-ppp`_ to provide :abbr:`IPoE (Internet Protocol over Ethernet)` server functionality. It can be used with local authentication (mac-address) or a connected RADIUS server." msgstr "VyOS utilizes `accel-ppp`_ to provide :abbr:`IPoE (Internet Protocol over Ethernet)` server functionality. It can be used with local authentication (mac-address) or a connected RADIUS server." -#: ../../configuration/vpn/l2tp.rst:6 +#: ../../configuration/vpn/l2tp.rst:7 msgid "VyOS utilizes accel-ppp_ to provide L2TP server functionality. It can be used with local authentication or a connected RADIUS server." msgstr "VyOS utilizes accel-ppp_ to provide L2TP server functionality. It can be used with local authentication or a connected RADIUS server." @@ -17076,7 +18396,7 @@ msgstr "VyOS utilizes accel-ppp_ to provide SSTP server functionality. We suppor msgid "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols." msgstr "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols." -#: ../../configuration/vpn/site2site_ipsec.rst:164 +#: ../../configuration/vpn/site2site_ipsec.rst:167 msgid "WAN interface on `eth1`" msgstr "WAN interface on `eth1`" @@ -17117,7 +18437,7 @@ msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." -#: ../../configuration/vpn/ipsec.rst:232 +#: ../../configuration/vpn/ipsec.rst:236 msgid "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." msgstr "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." @@ -17129,11 +18449,15 @@ msgstr "We can't support all displays from the beginning. If your display type i msgid "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." msgstr "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." -#: ../../configuration/protocols/rpki.rst:158 +#: ../../configuration/protocols/rpki.rst:168 msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" -#: ../../configuration/protocols/bgp.rst:1249 +#: ../../configuration/vpn/ipsec.rst:456 +msgid "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." +msgstr "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." + +#: ../../configuration/protocols/bgp.rst:1271 msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny." msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny." @@ -17145,6 +18469,10 @@ msgstr "We do not have CLI nodes for every single OpenVPN option. If an option i msgid "We don't recomend to use arguments. Using environments is more preffereble." msgstr "We don't recomend to use arguments. Using environments is more preffereble." +#: ../../configuration/vpn/ipsec.rst:506 +msgid "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." +msgstr "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." + #: ../../configuration/interfaces/wireguard.rst:148 msgid "We listen on port 51820" msgstr "We listen on port 51820" @@ -17153,7 +18481,7 @@ msgstr "We listen on port 51820" msgid "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" msgstr "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" -#: ../../configuration/system/option.rst:85 +#: ../../configuration/system/option.rst:115 msgid "We now utilize `tuned` for dynamic resource balancing based on profiles." msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles." @@ -17169,7 +18497,7 @@ msgstr "We only need a single step for this interface:" msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" -#: ../../configuration/system/login.rst:420 +#: ../../configuration/system/login.rst:424 msgid "We use a vontainer providing the TACACS serve rin this example." msgstr "We use a vontainer providing the TACACS serve rin this example." @@ -17177,7 +18505,7 @@ msgstr "We use a vontainer providing the TACACS serve rin this example." msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." -#: ../../configuration/service/dhcp-server.rst:331 +#: ../../configuration/service/dhcp-server.rst:337 msgid "Web Proxy Autodiscovery (WPAD) URL" msgstr "Web Proxy Autodiscovery (WPAD) URL" @@ -17201,15 +18529,19 @@ msgstr "When LDP is working, you will be able to see label information in the ou msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." -#: ../../configuration/vrf/index.rst:73 +#: ../../configuration/vrf/index.rst:92 msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." -#: ../../configuration/service/dns.rst:354 +#: ../../configuration/service/dns.rst:351 +msgid "When a ``custom`` DynDNS provider is used, the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper when entering above command for available protocols." +msgstr "When a ``custom`` DynDNS provider is used, the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper when entering above command for available protocols." + +#: ../../configuration/service/dns.rst:357 msgid "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified." msgstr "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified." -#: ../../configuration/service/dns.rst:347 +#: ../../configuration/service/dns.rst:361 msgid "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols." msgstr "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols." @@ -17225,7 +18557,11 @@ msgstr "When a link is reconnected or a new slave joins the bond the receive tra msgid "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." msgstr "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." -#: ../../configuration/protocols/bgp.rst:684 +#: ../../configuration/protocols/bgp.rst:589 +msgid "When a peer receives a martian nexthop as part of the NLRI for a route permit the nexthop to be used as such, instead of rejecting and resetting the connection." +msgstr "When a peer receives a martian nexthop as part of the NLRI for a route permit the nexthop to be used as such, instead of rejecting and resetting the connection." + +#: ../../configuration/protocols/bgp.rst:706 msgid "When a route fails, a routing update is sent to withdraw the route from the network's routing tables. When the route is re-enabled, the change in availability is also advertised. A route that continually fails and returns requires a great deal of network traffic to update the network about the route's status." msgstr "When a route fails, a routing update is sent to withdraw the route from the network's routing tables. When the route is re-enabled, the change in availability is also advertised. A route that continually fails and returns requires a great deal of network traffic to update the network about the route's status." @@ -17237,7 +18573,7 @@ msgstr "When adding IPv6 routing information exchange feature to BGP. There were msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." -#: ../../configuration/service/pppoe-server.rst:169 +#: ../../configuration/service/pppoe-server.rst:238 msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." @@ -17271,17 +18607,21 @@ msgstr "When dequeuing, each hash-bucket with data is queried in a round robin f msgid "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." msgstr "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." -#: ../../configuration/vrf/index.rst:188 +#: ../../configuration/vrf/index.rst:207 msgid "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." msgstr "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." -#: ../../configuration/pki/index.rst:176 -#: ../../configuration/pki/index.rst:219 +#: ../../configuration/vpn/ipsec.rst:529 +msgid "When first connecting to the new VPN the user is prompted to enter proper credentials." +msgstr "When first connecting to the new VPN the user is prompted to enter proper credentials." + +#: ../../configuration/pki/index.rst:178 +#: ../../configuration/pki/index.rst:221 msgid "When loading the certificate you need to manually strip the ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" msgstr "When loading the certificate you need to manually strip the ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" -#: ../../configuration/pki/index.rst:197 -#: ../../configuration/pki/index.rst:235 +#: ../../configuration/pki/index.rst:199 +#: ../../configuration/pki/index.rst:237 msgid "When loading the certificate you need to manually strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" msgstr "When loading the certificate you need to manually strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" @@ -17325,7 +18665,7 @@ msgstr "When set the interface is enabled for \"dial-on-demand\"." msgid "When specified, this should be the only keyword for the interface." msgstr "When specified, this should be the only keyword for the interface." -#: ../../configuration/system/option.rst:60 +#: ../../configuration/system/option.rst:90 msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." @@ -17334,7 +18674,7 @@ msgstr "When starting a VyOS live system (the installation CD) the configured ke msgid "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address." msgstr "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address." -#: ../../configuration/vpn/site2site_ipsec.rst:416 +#: ../../configuration/vpn/site2site_ipsec.rst:419 msgid "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization." msgstr "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization." @@ -17346,6 +18686,10 @@ msgstr "When the command above is set, VyOS will answer every ICMP echo request msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." +#: ../../configuration/highavailability/index.rst:321 +msgid "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" +msgstr "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" + #: ../../_include/interface-address-with-dhcp.txt:14 msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" @@ -17366,6 +18710,10 @@ msgstr "When using NAT for a large number of host systems it recommended that a msgid "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options." msgstr "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options." +#: ../../configuration/protocols/rpki.rst:161 +msgid "When using SSH, private-key-file and public-key-file are mandatory options." +msgstr "When using SSH, private-key-file and public-key-file are mandatory options." + #: ../../configuration/vpn/openconnect.rst:222 msgid "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP" msgstr "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP" @@ -17450,12 +18798,23 @@ msgstr "Will be recorded only packets/flows on **incoming** direction in configu msgid "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" msgstr "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" +#: ../../configuration/vpn/ipsec.rst:501 +msgid "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." +msgstr "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." + +#: ../../configuration/service/pppoe-server.rst:579 +#: ../../configuration/vpn/l2tp.rst:514 +#: ../../configuration/vpn/pptp.rst:438 +#: ../../configuration/vpn/sstp.rst:472 +msgid "Windows Internet Name Service (WINS) servers propagated to client" +msgstr "Windows Internet Name Service (WINS) servers propagated to client" + #: ../../configuration/vpn/remoteaccess_ipsec.rst:147 msgid "Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." #: ../../configuration/interfaces/wireguard.rst:7 -#: ../../configuration/pki/index.rst:132 +#: ../../configuration/pki/index.rst:134 msgid "WireGuard" msgstr "WireGuard" @@ -17524,17 +18883,17 @@ msgstr "With this command, you can specify how the URL path should be matched ag msgid "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." msgstr "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." -#: ../../configuration/service/dhcp-server.rst:257 -#: ../../configuration/service/dhcp-server.rst:262 -#: ../../configuration/service/dhcp-server.rst:267 -#: ../../configuration/service/dhcp-server.rst:277 -#: ../../configuration/service/dhcp-server.rst:282 -#: ../../configuration/service/dhcp-server.rst:312 -#: ../../configuration/service/dhcp-server.rst:317 -#: ../../configuration/service/dhcp-server.rst:322 -#: ../../configuration/service/dhcp-server.rst:342 -#: ../../configuration/service/dhcp-server.rst:347 -#: ../../configuration/service/dhcp-server.rst:357 +#: ../../configuration/service/dhcp-server.rst:263 +#: ../../configuration/service/dhcp-server.rst:268 +#: ../../configuration/service/dhcp-server.rst:273 +#: ../../configuration/service/dhcp-server.rst:283 +#: ../../configuration/service/dhcp-server.rst:288 +#: ../../configuration/service/dhcp-server.rst:318 +#: ../../configuration/service/dhcp-server.rst:323 +#: ../../configuration/service/dhcp-server.rst:328 +#: ../../configuration/service/dhcp-server.rst:348 +#: ../../configuration/service/dhcp-server.rst:353 +#: ../../configuration/service/dhcp-server.rst:363 msgid "Y" msgstr "Y" @@ -17542,7 +18901,7 @@ msgstr "Y" msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." -#: ../../configuration/system/login.rst:365 +#: ../../configuration/system/login.rst:369 msgid "You are able to set post-login or pre-login banner messages to display certain information for this system." msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system." @@ -17562,7 +18921,11 @@ msgstr "You can also define custom timeout values to apply to a specific subset msgid "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``" msgstr "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``" -#: ../../configuration/system/ipv6.rst:107 +#: ../../configuration/service/router-advert.rst:58 +msgid "You can also opt for using `::/64` as prefix for your :abbr:`RAs (Router Advertisements)`. This will take the IPv6 GUA prefix assigned to the interface, which comes in handy when using DHCPv6-PD." +msgstr "You can also opt for using `::/64` as prefix for your :abbr:`RAs (Router Advertisements)`. This will take the IPv6 GUA prefix assigned to the interface, which comes in handy when using DHCPv6-PD." + +#: ../../configuration/system/ipv6.rst:120 msgid "You can also specify which IPv6 access-list should be shown:" msgstr "You can also specify which IPv6 access-list should be shown:" @@ -17578,7 +18941,7 @@ msgstr "You can also use another attributes for identify client for disconnect, msgid "You can also write a description for a filter:" msgstr "You can also write a description for a filter:" -#: ../../configuration/system/login.rst:78 +#: ../../configuration/system/login.rst:82 msgid "You can assign multiple keys to the same user by using a unique identifier per SSH key." msgstr "You can assign multiple keys to the same user by using a unique identifier per SSH key." @@ -17614,7 +18977,7 @@ msgstr "You can create multiple VLAN interfaces on a physical interface. The VLA msgid "You can disable a VRRP group with ``disable`` option:" msgstr "You can disable a VRRP group with ``disable`` option:" -#: ../../configuration/system/ipv6.rst:122 +#: ../../configuration/system/ipv6.rst:135 msgid "You can get more specific OSPFv3 information by using the parameters shown below:" msgstr "You can get more specific OSPFv3 information by using the parameters shown below:" @@ -17626,11 +18989,11 @@ msgstr "You can not assign the same allowed-ips statement to multiple WireGuard msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" -#: ../../configuration/vpn/sstp.rst:332 +#: ../../configuration/vpn/sstp.rst:505 msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." -#: ../../configuration/system/login.rst:443 +#: ../../configuration/system/login.rst:447 msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." @@ -17718,6 +19081,10 @@ msgstr "You will also need the public key of your peer as well as the network(s) msgid "Your ISPs modem is connected to port ``eth0`` of your VyOS box." msgstr "Your ISPs modem is connected to port ``eth0`` of your VyOS box." +#: ../../configuration/service/router-advert.rst:110 +msgid "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" +msgstr "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" + #: ../../configuration/system/ip.rst:31 #: ../../configuration/system/ipv6.rst:27 #: ../../configuration/vrf/index.rst:44 @@ -17758,7 +19125,7 @@ msgstr "(This can be useful when a called service has many and/or often changing msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." -#: ../../configuration/protocols/static.rst:152 +#: ../../configuration/protocols/static.rst:185 msgid ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." msgstr ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." @@ -17818,7 +19185,7 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." -#: ../../configuration/vrf/index.rst:401 +#: ../../configuration/vrf/index.rst:420 msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." @@ -18010,43 +19377,43 @@ msgstr ":lastproofread:2021-07-12" msgid ":opcmd:`generate pki wireguard key-pair`." msgstr ":opcmd:`generate pki wireguard key-pair`." -#: ../../configuration/vrf/index.rst:88 +#: ../../configuration/vrf/index.rst:107 msgid ":ref:`routing-bgp`" msgstr ":ref:`routing-bgp`" -#: ../../configuration/vrf/index.rst:104 +#: ../../configuration/vrf/index.rst:123 msgid ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" msgstr ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" -#: ../../configuration/vrf/index.rst:89 +#: ../../configuration/vrf/index.rst:108 msgid ":ref:`routing-isis`" msgstr ":ref:`routing-isis`" -#: ../../configuration/vrf/index.rst:105 +#: ../../configuration/vrf/index.rst:124 msgid ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" msgstr ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" -#: ../../configuration/vrf/index.rst:90 +#: ../../configuration/vrf/index.rst:109 msgid ":ref:`routing-ospf`" msgstr ":ref:`routing-ospf`" -#: ../../configuration/vrf/index.rst:106 +#: ../../configuration/vrf/index.rst:125 msgid ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" msgstr ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" -#: ../../configuration/vrf/index.rst:91 +#: ../../configuration/vrf/index.rst:110 msgid ":ref:`routing-ospfv3`" msgstr ":ref:`routing-ospfv3`" -#: ../../configuration/vrf/index.rst:107 +#: ../../configuration/vrf/index.rst:126 msgid ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" msgstr ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" -#: ../../configuration/vrf/index.rst:92 +#: ../../configuration/vrf/index.rst:111 msgid ":ref:`routing-static`" msgstr ":ref:`routing-static`" -#: ../../configuration/vrf/index.rst:108 +#: ../../configuration/vrf/index.rst:127 msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" @@ -18054,7 +19421,7 @@ msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgid ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client." msgstr ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client." -#: ../../configuration/service/dns.rst:230 +#: ../../configuration/service/dns.rst:217 msgid ":rfc:`2136` Based" msgstr ":rfc:`2136` Based" @@ -18062,7 +19429,7 @@ msgstr ":rfc:`2136` Based" msgid ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." msgstr ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." -#: ../../configuration/pki/index.rst:15 +#: ../../configuration/pki/index.rst:17 msgid ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." msgstr ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." @@ -18086,19 +19453,19 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" -#: ../../configuration/pki/index.rst:202 +#: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" -#: ../../configuration/pki/index.rst:181 +#: ../../configuration/pki/index.rst:183 msgid "``$ tail -n +2 ca.pem | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.pem | head -n -1 | tr -d '\\n'``" -#: ../../configuration/pki/index.rst:240 +#: ../../configuration/pki/index.rst:242 msgid "``$ tail -n +2 cert.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 cert.key | head -n -1 | tr -d '\\n'``" -#: ../../configuration/pki/index.rst:224 +#: ../../configuration/pki/index.rst:226 msgid "``$ tail -n +2 cert.pem | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 cert.pem | head -n -1 | tr -d '\\n'``" @@ -18202,7 +19569,7 @@ msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation msgid "``9600`` - 9600 bps" msgstr "``9600`` - 9600 bps" -#: ../../configuration/vpn/ipsec.rst:149 +#: ../../configuration/vpn/ipsec.rst:152 msgid "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgstr "``< dh-group >`` defines a Diffie-Hellman group for PFS;" @@ -18210,6 +19577,14 @@ msgstr "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgid "``Known limitations:``" msgstr "``Known limitations:``" +#: ../../configuration/service/ipoe-server.rst:247 +#: ../../configuration/service/pppoe-server.rst:209 +#: ../../configuration/vpn/l2tp.rst:252 +#: ../../configuration/vpn/pptp.rst:192 +#: ../../configuration/vpn/sstp.rst:225 +msgid "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." +msgstr "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." + #: ../../configuration/loadbalancing/wan.rst:259 msgid "``WLB_INTERFACE_NAME=[interfacename]``: Interface to be monitored" msgstr "``WLB_INTERFACE_NAME=[interfacename]``: Interface to be monitored" @@ -18226,11 +19601,11 @@ msgstr "``a`` - 802.11a - 54 Mbits/sec" msgid "``ac`` - 802.11ac - 1300 Mbits/sec" msgstr "``ac`` - 802.11ac - 1300 Mbits/sec" -#: ../../configuration/policy/route-map.rst:375 +#: ../../configuration/policy/route-map.rst:378 msgid "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008" msgstr "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008" -#: ../../configuration/policy/route-map.rst:368 +#: ../../configuration/policy/route-map.rst:371 msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" @@ -18256,7 +19631,7 @@ msgstr "``active-backup`` - Active-backup policy: Only one slave in the bond is msgid "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." msgstr "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." -#: ../../configuration/vpn/ipsec.rst:96 +#: ../../configuration/vpn/ipsec.rst:98 msgid "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" @@ -18268,11 +19643,15 @@ msgstr "``all-available`` all checking target addresses must be available to pas msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``any-available`` any of the checking target addresses must be available to pass this check" -#: ../../configuration/vpn/site2site_ipsec.rst:385 +#: ../../configuration/vpn/site2site_ipsec.rst:388 msgid "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device." msgstr "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device." #: ../../configuration/vpn/site2site_ipsec.rst:18 +msgid "``authentication`` - configure authentication between VyOS and a remote peer. If pre-shared-secret mode is used, the secret key must be defined in ``set vpn ipsec authentication`` and suboptions:" +msgstr "``authentication`` - configure authentication between VyOS and a remote peer. If pre-shared-secret mode is used, the secret key must be defined in ``set vpn ipsec authentication`` and suboptions:" + +#: ../../configuration/vpn/site2site_ipsec.rst:18 msgid "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" msgstr "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" @@ -18292,11 +19671,11 @@ msgstr "``begin`` Matches the beginning of the URL path" msgid "``bgp`` - Border Gateway Protocol (BGP)" msgstr "``bgp`` - Border Gateway Protocol (BGP)" -#: ../../configuration/vpn/site2site_ipsec.rst:147 +#: ../../configuration/vpn/site2site_ipsec.rst:150 msgid "``bind`` - select a VTI interface to bind to this peer;" msgstr "``bind`` - select a VTI interface to bind to this peer;" -#: ../../configuration/policy/route-map.rst:376 +#: ../../configuration/policy/route-map.rst:379 msgid "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A" msgstr "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A" @@ -18312,6 +19691,10 @@ msgstr "``burst``: Number of packets allowed to overshoot the limit within ``per msgid "``ca-cert-file`` - CA certificate file. Using for authenticating remote peer;" msgstr "``ca-cert-file`` - CA certificate file. Using for authenticating remote peer;" +#: ../../configuration/vpn/site2site_ipsec.rst:61 +msgid "``ca-certificate`` - CA certificate in PKI configuration. Using for authenticating remote peer;" +msgstr "``ca-certificate`` - CA certificate in PKI configuration. Using for authenticating remote peer;" + #: ../../configuration/service/lldp.rst:65 msgid "``cdp`` - Listen for CDP for Cisco routers/switches" msgstr "``cdp`` - Listen for CDP for Cisco routers/switches" @@ -18320,6 +19703,14 @@ msgstr "``cdp`` - Listen for CDP for Cisco routers/switches" msgid "``cert-file`` - certificate file, which will be used for authenticating local router on remote peer;" msgstr "``cert-file`` - certificate file, which will be used for authenticating local router on remote peer;" +#: ../../configuration/vpn/site2site_ipsec.rst:64 +msgid "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" +msgstr "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" + +#: ../../configuration/vpn/ipsec.rst:66 +msgid "``clear`` closes the CHILD_SA and does not take further action (default);" +msgstr "``clear`` closes the CHILD_SA and does not take further action (default);" + #: ../../configuration/vpn/ipsec.rst:65 msgid "``clear`` set action to clear;" msgstr "``clear`` set action to clear;" @@ -18328,11 +19719,15 @@ msgstr "``clear`` set action to clear;" msgid "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." msgstr "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." +#: ../../configuration/vpn/site2site_ipsec.rst:414 +msgid "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." +msgstr "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." + #: ../../configuration/vpn/ipsec.rst:47 msgid "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" msgstr "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" -#: ../../configuration/vpn/ipsec.rst:122 +#: ../../configuration/vpn/ipsec.rst:125 msgid "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." msgstr "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." @@ -18344,7 +19739,7 @@ msgstr "``compression`` whether IPComp compression of content is proposed on the msgid "``connected`` - Connected routes (directly attached subnet or host)" msgstr "``connected`` - Connected routes (directly attached subnet or host)" -#: ../../configuration/vpn/site2site_ipsec.rst:72 +#: ../../configuration/vpn/site2site_ipsec.rst:69 msgid "``connection-type`` - how to handle this connection process. Possible variants:" msgstr "``connection-type`` - how to handle this connection process. Possible variants:" @@ -18366,39 +19761,43 @@ msgstr "``d`` - Execution interval in days" msgid "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." +#: ../../configuration/vpn/site2site_ipsec.rst:403 +msgid "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." +msgstr "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." + #: ../../configuration/vpn/ipsec.rst:56 msgid "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" msgstr "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" -#: ../../configuration/vpn/site2site_ipsec.rst:88 +#: ../../configuration/vpn/site2site_ipsec.rst:85 msgid "``default-esp-group`` - ESP group to use by default for traffic encryption. Might be overwritten by individual settings for tunnel or VTI interface binding;" msgstr "``default-esp-group`` - ESP group to use by default for traffic encryption. Might be overwritten by individual settings for tunnel or VTI interface binding;" -#: ../../configuration/vpn/site2site_ipsec.rst:92 +#: ../../configuration/vpn/site2site_ipsec.rst:89 msgid "``description`` - description for this peer;" msgstr "``description`` - description for this peer;" -#: ../../configuration/vpn/ipsec.rst:101 +#: ../../configuration/vpn/ipsec.rst:103 msgid "``dh-group`` dh-group;" msgstr "``dh-group`` dh-group;" -#: ../../configuration/vpn/site2site_ipsec.rst:23 +#: ../../configuration/vpn/site2site_ipsec.rst:24 msgid "``dhcp-interface`` - ID for authentication generated from DHCP address dynamically;" msgstr "``dhcp-interface`` - ID for authentication generated from DHCP address dynamically;" -#: ../../configuration/vpn/site2site_ipsec.rst:94 +#: ../../configuration/vpn/site2site_ipsec.rst:91 msgid "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" -#: ../../configuration/vpn/ipsec.rst:88 +#: ../../configuration/vpn/ipsec.rst:90 msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." -#: ../../configuration/vpn/site2site_ipsec.rst:396 +#: ../../configuration/vpn/site2site_ipsec.rst:399 msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." -#: ../../configuration/vpn/ipsec.rst:162 +#: ../../configuration/vpn/ipsec.rst:166 msgid "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" @@ -18406,7 +19805,7 @@ msgstr "``disable-route-autoinstall`` Do not automatically install routes to rem msgid "``disable`` - disable this tunnel;" msgstr "``disable`` - disable this tunnel;" -#: ../../configuration/vpn/ipsec.rst:147 +#: ../../configuration/vpn/ipsec.rst:150 msgid "``disable`` Disable PFS;" msgstr "``disable`` Disable PFS;" @@ -18424,15 +19823,15 @@ msgstr "``disable`` disable MOBIKE;" msgid "``drop``: drop the packet." msgstr "``drop``: drop the packet." -#: ../../configuration/system/login.rst:71 +#: ../../configuration/system/login.rst:75 msgid "``ecdsa-sha2-nistp256``" msgstr "``ecdsa-sha2-nistp256``" -#: ../../configuration/system/login.rst:72 +#: ../../configuration/system/login.rst:76 msgid "``ecdsa-sha2-nistp384``" msgstr "``ecdsa-sha2-nistp384``" -#: ../../configuration/system/login.rst:73 +#: ../../configuration/system/login.rst:77 msgid "``ecdsa-sha2-nistp521``" msgstr "``ecdsa-sha2-nistp521``" @@ -18440,7 +19839,7 @@ msgstr "``ecdsa-sha2-nistp521``" msgid "``edp`` - Listen for EDP for Extreme routers/switches" msgstr "``edp`` - Listen for EDP for Extreme routers/switches" -#: ../../configuration/vpn/ipsec.rst:145 +#: ../../configuration/vpn/ipsec.rst:148 msgid "``enable`` Inherit Diffie-Hellman group from IKE group (default);" msgstr "``enable`` Inherit Diffie-Hellman group from IKE group (default);" @@ -18452,11 +19851,11 @@ msgstr "``enable`` enable IPComp compression;" msgid "``enable`` enable MOBIKE (default for IKEv2);" msgstr "``enable`` enable MOBIKE (default for IKEv2);" -#: ../../configuration/vpn/ipsec.rst:103 +#: ../../configuration/vpn/ipsec.rst:105 msgid "``encryption`` encryption algorithm;" msgstr "``encryption`` encryption algorithm;" -#: ../../configuration/vpn/ipsec.rst:153 +#: ../../configuration/vpn/ipsec.rst:156 msgid "``encryption`` encryption algorithm (default 128 bit AES-CBC);" msgstr "``encryption`` encryption algorithm (default 128 bit AES-CBC);" @@ -18468,7 +19867,7 @@ msgstr "``end`` Matches the end of the URL path." msgid "``esp-group`` - define ESP group for encrypt traffic, defined by this tunnel;" msgstr "``esp-group`` - define ESP group for encrypt traffic, defined by this tunnel;" -#: ../../configuration/vpn/site2site_ipsec.rst:149 +#: ../../configuration/vpn/site2site_ipsec.rst:152 msgid "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." msgstr "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." @@ -18488,11 +19887,11 @@ msgstr "``file`` - path to the key file;" msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" -#: ../../configuration/vpn/ipsec.rst:164 +#: ../../configuration/vpn/ipsec.rst:168 msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" -#: ../../configuration/vpn/site2site_ipsec.rst:97 +#: ../../configuration/vpn/site2site_ipsec.rst:94 msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" @@ -18500,7 +19899,7 @@ msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagr msgid "``g`` - 802.11g - 54 Mbits/sec (default)" msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" -#: ../../configuration/policy/route-map.rst:367 +#: ../../configuration/policy/route-map.rst:370 msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" @@ -18508,11 +19907,11 @@ msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL msgid "``h`` - Execution interval in hours" msgstr "``h`` - Execution interval in hours" -#: ../../configuration/vpn/ipsec.rst:105 +#: ../../configuration/vpn/ipsec.rst:107 msgid "``hash`` hash algorithm." msgstr "``hash`` hash algorithm." -#: ../../configuration/vpn/ipsec.rst:155 +#: ../../configuration/vpn/ipsec.rst:158 msgid "``hash`` hash algorithm (default sha1)." msgstr "``hash`` hash algorithm (default sha1)." @@ -18536,23 +19935,23 @@ msgstr "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the prim msgid "``hvc0`` - Xen console" msgstr "``hvc0`` - Xen console" -#: ../../configuration/vpn/site2site_ipsec.rst:25 +#: ../../configuration/vpn/site2site_ipsec.rst:26 msgid "``id`` - static ID's for authentication. In general local and remote address ``<x.x.x.x>``, ``<h:h:h:h:h:h:h:h>`` or ``%any``;" msgstr "``id`` - static ID's for authentication. In general local and remote address ``<x.x.x.x>``, ``<h:h:h:h:h:h:h:h>`` or ``%any``;" -#: ../../configuration/vpn/site2site_ipsec.rst:101 +#: ../../configuration/vpn/site2site_ipsec.rst:98 msgid "``ike-group`` - IKE group to use for key exchanges;" msgstr "``ike-group`` - IKE group to use for key exchanges;" -#: ../../configuration/vpn/ipsec.rst:82 +#: ../../configuration/vpn/ipsec.rst:84 msgid "``ikev1`` use IKEv1 for Key Exchange;" msgstr "``ikev1`` use IKEv1 for Key Exchange;" -#: ../../configuration/vpn/site2site_ipsec.rst:103 +#: ../../configuration/vpn/site2site_ipsec.rst:100 msgid "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" msgstr "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" -#: ../../configuration/vpn/ipsec.rst:73 +#: ../../configuration/vpn/ipsec.rst:75 msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." @@ -18560,7 +19959,7 @@ msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticat msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" -#: ../../configuration/vpn/ipsec.rst:84 +#: ../../configuration/vpn/ipsec.rst:86 msgid "``ikev2`` use IKEv2 for Key Exchange;" msgstr "``ikev2`` use IKEv2 for Key Exchange;" @@ -18568,23 +19967,27 @@ msgstr "``ikev2`` use IKEv2 for Key Exchange;" msgid "``in``: Ruleset for forwarded packets on an inbound interface" msgstr "``in``: Ruleset for forwarded packets on an inbound interface" -#: ../../configuration/vpn/site2site_ipsec.rst:75 +#: ../../configuration/vpn/site2site_ipsec.rst:72 msgid "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" msgstr "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" -#: ../../configuration/vpn/ipsec.rst:166 +#: ../../configuration/system/option.rst:50 +msgid "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" +msgstr "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" + +#: ../../configuration/vpn/ipsec.rst:170 msgid "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" msgstr "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" -#: ../../configuration/pki/index.rst:148 +#: ../../configuration/pki/index.rst:150 msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." -#: ../../configuration/policy/route-map.rst:366 +#: ../../configuration/policy/route-map.rst:369 msgid "``internet`` - Well-known communities value 0" msgstr "``internet`` - Well-known communities value 0" -#: ../../configuration/vpn/ipsec.rst:69 +#: ../../configuration/vpn/ipsec.rst:71 msgid "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" @@ -18602,7 +20005,7 @@ msgstr "``jump``: jump to another custom chain." msgid "``kernel`` - Kernel routes" msgstr "``kernel`` - Kernel routes" -#: ../../configuration/vpn/ipsec.rst:78 +#: ../../configuration/vpn/ipsec.rst:80 msgid "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" msgstr "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" @@ -18610,7 +20013,7 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" -#: ../../configuration/system/option.rst:107 +#: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." @@ -18622,19 +20025,19 @@ msgstr "``least-connection`` Distributes requests to the server with the fewest msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -#: ../../configuration/vpn/ipsec.rst:125 +#: ../../configuration/vpn/ipsec.rst:128 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:128 +#: ../../configuration/vpn/ipsec.rst:131 msgid "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" msgstr "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:131 +#: ../../configuration/vpn/ipsec.rst:134 msgid "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" msgstr "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" -#: ../../configuration/vpn/ipsec.rst:86 +#: ../../configuration/vpn/ipsec.rst:88 msgid "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" @@ -18642,22 +20045,26 @@ msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgid "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);" -#: ../../configuration/policy/route-map.rst:373 +#: ../../configuration/policy/route-map.rst:376 msgid "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006" msgstr "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006" -#: ../../configuration/vpn/site2site_ipsec.rst:107 +#: ../../configuration/vpn/site2site_ipsec.rst:104 msgid "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;" msgstr "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;" -#: ../../configuration/policy/route-map.rst:363 +#: ../../configuration/policy/route-map.rst:366 msgid "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03" msgstr "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03" -#: ../../configuration/vpn/site2site_ipsec.rst:31 +#: ../../configuration/vpn/site2site_ipsec.rst:32 msgid "``local-id`` - ID for the local VyOS router. If defined, during the authentication it will be send to remote peer;" msgstr "``local-id`` - ID for the local VyOS router. If defined, during the authentication it will be send to remote peer;" +#: ../../configuration/vpn/site2site_ipsec.rst:50 +msgid "``local-key`` - name of PKI key-pair with local private key" +msgstr "``local-key`` - name of PKI key-pair with local private key" + #: ../../configuration/firewall/general-legacy.rst:753 msgid "``local``: Ruleset for packets destined for this router" msgstr "``local``: Ruleset for packets destined for this router" @@ -18674,7 +20081,7 @@ msgstr "``m`` - Execution interval in minutes" msgid "``main`` Routing table used by VyOS and other interfaces not participating in PBR" msgstr "``main`` Routing table used by VyOS and other interfaces not participating in PBR" -#: ../../configuration/vpn/ipsec.rst:93 +#: ../../configuration/vpn/ipsec.rst:95 msgid "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" msgstr "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" @@ -18682,19 +20089,23 @@ msgstr "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommen msgid "``message``: Full message that has triggered the script." msgstr "``message``: Full message that has triggered the script." +#: ../../configuration/system/option.rst:40 +msgid "``mitigations=off``" +msgstr "``mitigations=off``" + #: ../../configuration/vpn/ipsec.rst:92 msgid "``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:" msgstr "``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:" -#: ../../configuration/vpn/site2site_ipsec.rst:35 +#: ../../configuration/vpn/site2site_ipsec.rst:36 msgid "``mode`` - mode for authentication between VyOS and remote peer:" msgstr "``mode`` - mode for authentication between VyOS and remote peer:" -#: ../../configuration/vpn/ipsec.rst:91 +#: ../../configuration/vpn/ipsec.rst:93 msgid "``mode`` IKEv1 Phase 1 Mode Selection:" msgstr "``mode`` IKEv1 Phase 1 Mode Selection:" -#: ../../configuration/vpn/ipsec.rst:136 +#: ../../configuration/vpn/ipsec.rst:139 msgid "``mode`` the type of the connection:" msgstr "``mode`` the type of the connection:" @@ -18758,19 +20169,19 @@ msgstr "``net.ipv6.conf.all.accept_redirects``" msgid "``net.ipv6.conf.all.accept_source_route``" msgstr "``net.ipv6.conf.all.accept_source_route``" -#: ../../configuration/policy/route-map.rst:364 +#: ../../configuration/policy/route-map.rst:367 msgid "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02" msgstr "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02" -#: ../../configuration/policy/route-map.rst:365 +#: ../../configuration/policy/route-map.rst:368 msgid "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01" msgstr "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01" -#: ../../configuration/policy/route-map.rst:374 +#: ../../configuration/policy/route-map.rst:377 msgid "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007" msgstr "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007" -#: ../../configuration/policy/route-map.rst:377 +#: ../../configuration/policy/route-map.rst:380 msgid "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04" msgstr "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04" @@ -18782,7 +20193,7 @@ msgstr "``no`` disable remote host re-authenticaton during an IKE rekey;" msgid "``none`` - Execution interval in minutes" msgstr "``none`` - Execution interval in minutes" -#: ../../configuration/vpn/site2site_ipsec.rst:85 +#: ../../configuration/vpn/site2site_ipsec.rst:82 msgid "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." msgstr "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." @@ -18798,7 +20209,7 @@ msgstr "``noselect`` marks the server as unused, except for display purposes. Th msgid "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" msgstr "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" -#: ../../configuration/vpn/ipsec.rst:160 +#: ../../configuration/vpn/ipsec.rst:164 msgid "``options``" msgstr "``options``" @@ -18814,11 +20225,19 @@ msgstr "``ospfv3`` - Open Shortest Path First (IPv6) (OSPFv3)" msgid "``out``: Ruleset for forwarded packets on an outbound interface" msgstr "``out``: Ruleset for forwarded packets on an outbound interface" +#: ../../configuration/vpn/site2site_ipsec.rst:54 +msgid "``passphrase`` - local private key passphrase" +msgstr "``passphrase`` - local private key passphrase" + +#: ../../configuration/vpn/site2site_ipsec.rst:67 +msgid "``passphrase`` - private key passphrase, if needed." +msgstr "``passphrase`` - private key passphrase, if needed." + #: ../../configuration/vpn/site2site_ipsec.rst:70 msgid "``password`` - passphrase private key, if needed." msgstr "``password`` - passphrase private key, if needed." -#: ../../configuration/pki/index.rst:163 +#: ../../configuration/pki/index.rst:165 msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." @@ -18826,7 +20245,7 @@ msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer msgid "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." msgstr "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." -#: ../../configuration/vpn/ipsec.rst:142 +#: ../../configuration/vpn/ipsec.rst:145 msgid "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" msgstr "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" @@ -18835,11 +20254,11 @@ msgid "``pool`` mobilizes persistent client mode association with a number of re msgstr "``pool`` mobilizes persistent client mode association with a number of remote servers." #: ../../configuration/vpn/site2site_ipsec.rst:126 -#: ../../configuration/vpn/site2site_ipsec.rst:136 +#: ../../configuration/vpn/site2site_ipsec.rst:139 msgid "``port`` - define port. Have effect only when used together with ``prefix``;" msgstr "``port`` - define port. Have effect only when used together with ``prefix``;" -#: ../../configuration/vpn/site2site_ipsec.rst:37 +#: ../../configuration/vpn/site2site_ipsec.rst:38 msgid "``pre-shared-secret`` - use predefined shared secret phrase;" msgstr "``pre-shared-secret`` - use predefined shared secret phrase;" @@ -18851,27 +20270,35 @@ msgstr "``prefer`` marks the server as preferred. All other things being equal, msgid "``prefix`` - IP network at local side." msgstr "``prefix`` - IP network at local side." -#: ../../configuration/vpn/site2site_ipsec.rst:138 +#: ../../configuration/vpn/site2site_ipsec.rst:141 msgid "``prefix`` - IP network at remote side." msgstr "``prefix`` - IP network at remote side." -#: ../../configuration/vpn/ipsec.rst:107 +#: ../../configuration/vpn/ipsec.rst:109 msgid "``prf`` pseudo-random function." msgstr "``prf`` pseudo-random function." -#: ../../configuration/vpn/ipsec.rst:151 +#: ../../configuration/vpn/site2site_ipsec.rst:130 +msgid "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" +msgstr "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" + +#: ../../configuration/system/option.rst:51 +msgid "``processor.max_cstate=1`` Limit processor to maximum C-state 1" +msgstr "``processor.max_cstate=1`` Limit processor to maximum C-state 1" + +#: ../../configuration/vpn/ipsec.rst:154 msgid "``proposal`` ESP-group proposal with number <1-65535>:" msgstr "``proposal`` ESP-group proposal with number <1-65535>:" -#: ../../configuration/vpn/ipsec.rst:99 +#: ../../configuration/vpn/ipsec.rst:101 msgid "``proposal`` the list of proposals and their parameters:" msgstr "``proposal`` the list of proposals and their parameters:" -#: ../../configuration/vpn/site2site_ipsec.rst:130 +#: ../../configuration/vpn/site2site_ipsec.rst:133 msgid "``protocol`` - define the protocol for match traffic, which should be encrypted and send to this peer;" msgstr "``protocol`` - define the protocol for match traffic, which should be encrypted and send to this peer;" -#: ../../configuration/vpn/site2site_ipsec.rst:21 +#: ../../configuration/vpn/site2site_ipsec.rst:22 msgid "``psk`` - Preshared secret key name:" msgstr "``psk`` - Preshared secret key name:" @@ -18890,7 +20317,7 @@ msgstr "``rate``: Number of packets. Default 5." msgid "``reject``: reject the packet." msgstr "``reject``: reject the packet." -#: ../../configuration/vpn/site2site_ipsec.rst:111 +#: ../../configuration/vpn/site2site_ipsec.rst:108 msgid "``remote-address`` - remote IP address or hostname for IPSec connection. IPv4 or IPv6 address is used when a peer has a public static IP address. Hostname is a DNS name which could be used when a peer has a public IP address and DNS name, but an IP address could be changed from time to time." msgstr "``remote-address`` - remote IP address or hostname for IPSec connection. IPv4 or IPv6 address is used when a peer has a public static IP address. Hostname is a DNS name which could be used when a peer has a public IP address and DNS name, but an IP address could be changed from time to time." @@ -18898,10 +20325,18 @@ msgstr "``remote-address`` - remote IP address or hostname for IPSec connection. msgid "``remote-id`` - define an ID for remote peer, instead of using peer name or address. Useful in case if the remote peer is behind NAT or if ``mode x509`` is used;" msgstr "``remote-id`` - define an ID for remote peer, instead of using peer name or address. Useful in case if the remote peer is behind NAT or if ``mode x509`` is used;" -#: ../../configuration/vpn/site2site_ipsec.rst:133 +#: ../../configuration/vpn/site2site_ipsec.rst:52 +msgid "``remote-key`` - name of PKI key-pair with remote public key" +msgstr "``remote-key`` - name of PKI key-pair with remote public key" + +#: ../../configuration/vpn/site2site_ipsec.rst:136 msgid "``remote`` - define the remote destination for match traffic, which should be encrypted and send to this peer:" msgstr "``remote`` - define the remote destination for match traffic, which should be encrypted and send to this peer:" +#: ../../configuration/vpn/site2site_ipsec.rst:113 +msgid "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" +msgstr "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" + #: ../../configuration/loadbalancing/reverse-proxy.rst:64 msgid "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" msgstr "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" @@ -18910,10 +20345,14 @@ msgstr "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" msgid "``resp-time``: the maximum response time for ping in seconds. Range 1...30, default 5" msgstr "``resp-time``: the maximum response time for ping in seconds. Range 1...30, default 5" -#: ../../configuration/vpn/site2site_ipsec.rst:80 +#: ../../configuration/vpn/site2site_ipsec.rst:77 msgid "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." msgstr "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." +#: ../../configuration/vpn/ipsec.rst:68 +msgid "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" +msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" + #: ../../configuration/vpn/ipsec.rst:54 #: ../../configuration/vpn/ipsec.rst:67 msgid "``restart`` set action to restart;" @@ -18941,19 +20380,19 @@ msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential ord msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" -#: ../../configuration/policy/route-map.rst:369 +#: ../../configuration/policy/route-map.rst:372 msgid "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002" msgstr "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002" -#: ../../configuration/policy/route-map.rst:371 +#: ../../configuration/policy/route-map.rst:374 msgid "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004" msgstr "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004" -#: ../../configuration/policy/route-map.rst:370 +#: ../../configuration/policy/route-map.rst:373 msgid "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003" msgstr "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003" -#: ../../configuration/policy/route-map.rst:372 +#: ../../configuration/policy/route-map.rst:375 msgid "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005" msgstr "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005" @@ -18961,11 +20400,19 @@ msgstr "``route-filter-v6`` - Well-known communities value ROUTE_FI msgid "``rsa-key-name`` - shared RSA key for authentication. The key must be defined in the ``set vpn rsa-keys`` section;" msgstr "``rsa-key-name`` - shared RSA key for authentication. The key must be defined in the ``set vpn rsa-keys`` section;" +#: ../../configuration/vpn/site2site_ipsec.rst:48 +msgid "``rsa`` - options for RSA authentication mode:" +msgstr "``rsa`` - options for RSA authentication mode:" + +#: ../../configuration/vpn/site2site_ipsec.rst:40 +msgid "``rsa`` - use simple shared RSA key." +msgstr "``rsa`` - use simple shared RSA key." + #: ../../configuration/vpn/site2site_ipsec.rst:39 msgid "``rsa`` - use simple shared RSA key. The key must be defined in the ``set vpn rsa-keys`` section;" msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``set vpn rsa-keys`` section;" -#: ../../configuration/vpn/site2site_ipsec.rst:27 +#: ../../configuration/vpn/site2site_ipsec.rst:28 msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" @@ -18978,10 +20425,13 @@ msgid "``set firewall ipv4 forward filter ...``." msgstr "``set firewall ipv4 forward filter ...``." #: ../../configuration/firewall/index.rst:54 -#: ../../configuration/firewall/index.rst:72 msgid "``set firewall ipv4 input filter ...``." msgstr "``set firewall ipv4 input filter ...``." +#: ../../configuration/firewall/index.rst:72 +msgid "``set firewall ipv4 output filter ...``." +msgstr "``set firewall ipv4 output filter ...``." + #: ../../configuration/firewall/index.rst:63 msgid "``set firewall ipv6 forward filter ...``." msgstr "``set firewall ipv6 forward filter ...``." @@ -19010,19 +20460,19 @@ msgstr "``sonmp`` - Listen for SONMP for Nortel routers/switches" msgid "``source-address`` Distributes requests based on the source IP address of the client" msgstr "``source-address`` Distributes requests based on the source IP address of the client" -#: ../../configuration/system/login.rst:74 +#: ../../configuration/system/login.rst:78 msgid "``ssh-dss``" msgstr "``ssh-dss``" -#: ../../configuration/system/login.rst:75 +#: ../../configuration/system/login.rst:79 msgid "``ssh-ed25519``" msgstr "``ssh-ed25519``" -#: ../../configuration/system/login.rst:49 +#: ../../configuration/system/login.rst:53 msgid "``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com``" msgstr "``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com``" -#: ../../configuration/system/login.rst:76 +#: ../../configuration/system/login.rst:80 msgid "``ssh-rsa``" msgstr "``ssh-rsa``" @@ -19034,6 +20484,10 @@ msgstr "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" msgid "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" msgstr "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" +#: ../../configuration/vpn/ipsec.rst:54 +msgid "``start`` tries to immediately re-create the CHILD_SA;" +msgstr "``start`` tries to immediately re-create the CHILD_SA;" + #: ../../configuration/policy/route-map.rst:173 msgid "``static`` - Statically configured routes" msgstr "``static`` - Statically configured routes" @@ -19083,11 +20537,11 @@ msgstr "``test-script``: A user defined script must return 0 to be considered su msgid "``threshold``: ``below`` or ``above`` the specified rate limit." msgstr "``threshold``: ``below`` or ``above`` the specified rate limit." -#: ../../configuration/system/option.rst:97 +#: ../../configuration/system/option.rst:127 msgid "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." msgstr "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." -#: ../../configuration/vpn/ipsec.rst:71 +#: ../../configuration/vpn/ipsec.rst:73 msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" @@ -19095,10 +20549,18 @@ msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." -#: ../../configuration/vpn/ipsec.rst:140 +#: ../../configuration/vpn/ipsec.rst:143 msgid "``transport`` transport mode;" msgstr "``transport`` transport mode;" +#: ../../configuration/vpn/ipsec.rst:63 +msgid "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" +msgstr "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" + +#: ../../configuration/vpn/ipsec.rst:52 +msgid "``trap`` installs a trap policy for the CHILD_SA;" +msgstr "``trap`` installs a trap policy for the CHILD_SA;" + #: ../../configuration/loadbalancing/wan.rst:179 msgid "``ttl-limit``: For the UDP TTL limit test the hop count limit must be specified. The limit must be shorter than the path length, an ICMP time expired message is needed to be returned for a successful test. default 1" msgstr "``ttl-limit``: For the UDP TTL limit test the hop count limit must be specified. The limit must be shorter than the path length, an ICMP time expired message is needed to be returned for a successful test. default 1" @@ -19115,7 +20577,7 @@ msgstr "``ttyUSBX`` - USB Serial device name" msgid "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" msgstr "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" -#: ../../configuration/vpn/ipsec.rst:138 +#: ../../configuration/vpn/ipsec.rst:141 msgid "``tunnel`` tunnel mode (default);" msgstr "``tunnel`` tunnel mode (default);" @@ -19123,11 +20585,11 @@ msgstr "``tunnel`` tunnel mode (default);" msgid "``type``: Specify the type of test. type can be ping, ttl or a user defined script" msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defined script" -#: ../../configuration/vpn/site2site_ipsec.rst:51 +#: ../../configuration/vpn/site2site_ipsec.rst:56 msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" -#: ../../configuration/vpn/site2site_ipsec.rst:152 +#: ../../configuration/vpn/site2site_ipsec.rst:155 msgid "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder." msgstr "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder." @@ -19135,7 +20597,7 @@ msgstr "``virtual-address`` - Defines a virtual IP address which is requested by msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." -#: ../../configuration/vpn/ipsec.rst:168 +#: ../../configuration/vpn/ipsec.rst:172 msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." @@ -19143,11 +20605,11 @@ msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated l msgid "``vnc`` - Virtual Network Control (VNC)" msgstr "``vnc`` - Virtual Network Control (VNC)" -#: ../../configuration/vpn/site2site_ipsec.rst:140 +#: ../../configuration/vpn/site2site_ipsec.rst:143 msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" -#: ../../configuration/vpn/site2site_ipsec.rst:54 +#: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - options for x509 authentication mode:" @@ -19163,10 +20625,26 @@ msgstr "``xor-hash`` - XOR policy: Transmit based on the selected transmit hash msgid "``yes`` enable remote host re-authentication during an IKE rekey;" msgstr "``yes`` enable remote host re-authentication during an IKE rekey;" -#: ../../configuration/system/option.rst:39 +#: ../../configuration/service/ntp.rst:90 +msgid "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." +msgstr "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." + +#: ../../configuration/service/ntp.rst:94 +msgid "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." +msgstr "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." + +#: ../../configuration/system/option.rst:69 msgid "`source-address` and `source-interface` can not be used at the same time." msgstr "`source-address` and `source-interface` can not be used at the same time." +#: ../../configuration/service/ntp.rst:102 +msgid "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." +msgstr "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." + +#: ../../configuration/service/ntp.rst:107 +msgid "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" +msgstr "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" + #: ../../configuration/protocols/rpki.rst:12 msgid "`tweet by EvilMog`_, 2020-02-21" msgstr "`tweet by EvilMog`_, 2020-02-21" @@ -19194,7 +20672,7 @@ msgstr "alert" msgid "all" msgstr "all" -#: ../../configuration/vrf/index.rst:428 +#: ../../configuration/vrf/index.rst:447 msgid "an RD / RTLIST" msgstr "an RD / RTLIST" @@ -19234,23 +20712,23 @@ msgstr "bgpd" msgid "bonding" msgstr "bonding" -#: ../../configuration/service/dhcp-server.rst:305 +#: ../../configuration/service/dhcp-server.rst:311 msgid "boot-size" msgstr "boot-size" -#: ../../configuration/service/dhcp-server.rst:298 +#: ../../configuration/service/dhcp-server.rst:304 msgid "bootfile-name" msgstr "bootfile-name" -#: ../../configuration/service/dhcp-server.rst:300 +#: ../../configuration/service/dhcp-server.rst:306 msgid "bootfile-name, filename" msgstr "bootfile-name, filename" -#: ../../configuration/service/dhcp-server.rst:288 +#: ../../configuration/service/dhcp-server.rst:294 msgid "bootfile-server" msgstr "bootfile-server" -#: ../../configuration/service/dhcp-server.rst:303 +#: ../../configuration/service/dhcp-server.rst:309 msgid "bootfile-size" msgstr "bootfile-size" @@ -19258,7 +20736,7 @@ msgstr "bootfile-size" msgid "bridge" msgstr "bridge" -#: ../../configuration/service/dhcp-server.rst:236 +#: ../../configuration/service/dhcp-server.rst:242 msgid "client-prefix-length" msgstr "client-prefix-length" @@ -19286,15 +20764,19 @@ msgstr "cron" msgid "daemon" msgstr "daemon" -#: ../../configuration/service/dns.rst:384 +#: ../../configuration/service/dns.rst:405 msgid "ddclient_ has another way to determine the WAN IP address. This is controlled by:" msgstr "ddclient_ has another way to determine the WAN IP address. This is controlled by:" -#: ../../configuration/service/dns.rst:218 +#: ../../configuration/service/dns.rst:232 msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." -#: ../../configuration/service/dns.rst:413 +#: ../../configuration/service/dns.rst:205 +msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other such service provider. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." +msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other such service provider. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." + +#: ../../configuration/service/dns.rst:415 msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ will skip any address located before the string set in `<pattern>`." @@ -19306,7 +20788,7 @@ msgstr "debug" msgid "decrement-lifetime" msgstr "decrement-lifetime" -#: ../../configuration/service/dhcp-server.rst:335 +#: ../../configuration/service/dhcp-server.rst:341 msgid "default-lease-time, max-lease-time" msgstr "default-lease-time, max-lease-time" @@ -19318,7 +20800,7 @@ msgstr "default-lifetime" msgid "default-preference" msgstr "default-preference" -#: ../../configuration/service/dhcp-server.rst:248 +#: ../../configuration/service/dhcp-server.rst:254 msgid "default-router" msgstr "default-router" @@ -19330,15 +20812,15 @@ msgstr "default min-threshold" msgid "deprecate-prefix" msgstr "deprecate-prefix" -#: ../../configuration/highavailability/index.rst:354 +#: ../../configuration/highavailability/index.rst:364 msgid "destination-hashing" msgstr "destination-hashing" -#: ../../configuration/service/dhcp-server.rst:285 +#: ../../configuration/service/dhcp-server.rst:291 msgid "dhcp-server-identifier" msgstr "dhcp-server-identifier" -#: ../../configuration/highavailability/index.rst:364 +#: ../../configuration/highavailability/index.rst:374 msgid "direct" msgstr "direct" @@ -19356,17 +20838,17 @@ msgstr "disable: No source validation" msgid "dnssl" msgstr "dnssl" -#: ../../configuration/service/dhcp-server.rst:263 -#: ../../configuration/service/dhcp-server.rst:265 +#: ../../configuration/service/dhcp-server.rst:269 +#: ../../configuration/service/dhcp-server.rst:271 msgid "domain-name" msgstr "domain-name" -#: ../../configuration/service/dhcp-server.rst:260 +#: ../../configuration/service/dhcp-server.rst:266 msgid "domain-name-servers" msgstr "domain-name-servers" -#: ../../configuration/service/dhcp-server.rst:318 -#: ../../configuration/service/dhcp-server.rst:320 +#: ../../configuration/service/dhcp-server.rst:324 +#: ../../configuration/service/dhcp-server.rst:326 msgid "domain-search" msgstr "domain-search" @@ -19402,11 +20884,11 @@ msgstr "ethernet" msgid "exact-match: exact match of the network prefixes." msgstr "exact-match: exact match of the network prefixes." -#: ../../configuration/service/dhcp-server.rst:343 +#: ../../configuration/service/dhcp-server.rst:349 msgid "exclude" msgstr "exclude" -#: ../../configuration/service/dhcp-server.rst:348 +#: ../../configuration/service/dhcp-server.rst:354 msgid "failover" msgstr "failover" @@ -19418,8 +20900,8 @@ msgstr "fast: Request partner to transmit LACPDUs every 1 second" msgid "file <file name>" msgstr "file <file name>" -#: ../../configuration/protocols/bgp.rst:826 -#: ../../configuration/protocols/bgp.rst:832 +#: ../../configuration/protocols/bgp.rst:848 +#: ../../configuration/protocols/bgp.rst:854 msgid "filter-list" msgstr "filter-list" @@ -19431,6 +20913,10 @@ msgstr "ftp" msgid "full - always use full-duplex" msgstr "full - always use full-duplex" +#: ../../configuration/service/router-advert.rst:16 +msgid "geneve" +msgstr "geneve" + #: ../../configuration/interfaces/ethernet.rst:32 msgid "half - always use half-duplex" msgstr "half - always use half-duplex" @@ -19443,7 +20929,7 @@ msgstr "hop-limit" msgid "host: single host IP address to match." msgstr "host: single host IP address to match." -#: ../../configuration/system/option.rst:89 +#: ../../configuration/system/option.rst:119 msgid "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" msgstr "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" @@ -19475,8 +20961,8 @@ msgstr "invalid" msgid "inverse-match: network/netmask to match (requires network be defined)." msgstr "inverse-match: network/netmask to match (requires network be defined)." -#: ../../configuration/service/dhcp-server.rst:268 -#: ../../configuration/service/dhcp-server.rst:270 +#: ../../configuration/service/dhcp-server.rst:274 +#: ../../configuration/service/dhcp-server.rst:276 msgid "ip-forwarding" msgstr "ip-forwarding" @@ -19496,7 +20982,7 @@ msgstr "it does not increase hardware device interrupt rate (although it does in msgid "kern" msgstr "kern" -#: ../../configuration/service/router-advert.rst:16 +#: ../../configuration/service/router-advert.rst:17 msgid "l2tpv3" msgstr "l2tpv3" @@ -19504,27 +20990,27 @@ msgstr "l2tpv3" msgid "ldpd" msgstr "ldpd" -#: ../../configuration/service/dhcp-server.rst:333 +#: ../../configuration/service/dhcp-server.rst:339 msgid "lease" msgstr "lease" -#: ../../configuration/highavailability/index.rst:351 +#: ../../configuration/highavailability/index.rst:361 msgid "least-connection" msgstr "least-connection" -#: ../../configuration/vpn/site2site_ipsec.rst:275 +#: ../../configuration/vpn/site2site_ipsec.rst:278 msgid "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device" msgstr "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device" -#: ../../configuration/vpn/site2site_ipsec.rst:167 +#: ../../configuration/vpn/site2site_ipsec.rst:170 msgid "left local_ip: `198.51.100.3` # server side WAN IP" msgstr "left local_ip: `198.51.100.3` # server side WAN IP" -#: ../../configuration/vpn/site2site_ipsec.rst:276 +#: ../../configuration/vpn/site2site_ipsec.rst:279 msgid "left public_ip:172.18.201.10" msgstr "left public_ip:172.18.201.10" -#: ../../configuration/vpn/site2site_ipsec.rst:165 +#: ../../configuration/vpn/site2site_ipsec.rst:168 msgid "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)" msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)" @@ -19592,7 +21078,7 @@ msgstr "local use 5 (local5)" msgid "local use 7 (local7)" msgstr "local use 7 (local7)" -#: ../../configuration/highavailability/index.rst:355 +#: ../../configuration/highavailability/index.rst:365 msgid "locality-based-least-connection" msgstr "locality-based-least-connection" @@ -19666,12 +21152,12 @@ msgstr "more information related IGP - :ref:`routing-isis`" msgid "more information related IGP - :ref:`routing-ospf`" msgstr "more information related IGP - :ref:`routing-ospf`" -#: ../../configuration/service/dhcp-server.rst:258 +#: ../../configuration/service/dhcp-server.rst:264 #: ../../configuration/service/router-advert.rst:1 msgid "name-server" msgstr "name-server" -#: ../../configuration/service/dhcp-server.rst:280 +#: ../../configuration/service/dhcp-server.rst:286 msgid "netbios-name-servers" msgstr "netbios-name-servers" @@ -19687,7 +21173,7 @@ msgstr "network: network/netmask to match (requires inverse-match be defined) BU msgid "news" msgstr "news" -#: ../../configuration/service/dhcp-server.rst:290 +#: ../../configuration/service/dhcp-server.rst:296 msgid "next-server" msgstr "next-server" @@ -19711,11 +21197,11 @@ msgstr "notice" msgid "ntp" msgstr "ntp" -#: ../../configuration/service/dhcp-server.rst:273 +#: ../../configuration/service/dhcp-server.rst:279 msgid "ntp-server" msgstr "ntp-server" -#: ../../configuration/service/dhcp-server.rst:275 +#: ../../configuration/service/dhcp-server.rst:281 msgid "ntp-servers" msgstr "ntp-servers" @@ -19723,7 +21209,7 @@ msgstr "ntp-servers" msgid "one rule with a LAN (inbound-interface) and the WAN (interface)." msgstr "one rule with a LAN (inbound-interface) and the WAN (interface)." -#: ../../configuration/service/router-advert.rst:17 +#: ../../configuration/service/router-advert.rst:18 msgid "openvpn" msgstr "openvpn" @@ -19763,8 +21249,8 @@ msgstr "policy extcommunity-list" msgid "policy large-community-list" msgstr "policy large-community-list" -#: ../../configuration/service/dhcp-server.rst:313 -#: ../../configuration/service/dhcp-server.rst:315 +#: ../../configuration/service/dhcp-server.rst:319 +#: ../../configuration/service/dhcp-server.rst:321 msgid "pop-server" msgstr "pop-server" @@ -19772,17 +21258,17 @@ msgstr "pop-server" msgid "preferred-lifetime" msgstr "preferred-lifetime" -#: ../../configuration/protocols/bgp.rst:827 -#: ../../configuration/protocols/bgp.rst:831 +#: ../../configuration/protocols/bgp.rst:849 +#: ../../configuration/protocols/bgp.rst:853 msgid "prefix-list, distribute-list" msgstr "prefix-list, distribute-list" -#: ../../configuration/service/router-advert.rst:18 +#: ../../configuration/service/router-advert.rst:19 msgid "pseudo-ethernet" msgstr "pseudo-ethernet" -#: ../../configuration/service/dhcp-server.rst:338 -#: ../../configuration/service/dhcp-server.rst:340 +#: ../../configuration/service/dhcp-server.rst:344 +#: ../../configuration/service/dhcp-server.rst:346 msgid "range" msgstr "range" @@ -19790,7 +21276,7 @@ msgstr "range" msgid "reachable-time" msgstr "reachable-time" -#: ../../configuration/system/ip.rst:82 +#: ../../configuration/system/ip.rst:95 msgid "reset commands" msgstr "reset commands" @@ -19798,7 +21284,7 @@ msgstr "reset commands" msgid "retrans-timer" msgstr "retrans-timer" -#: ../../configuration/service/dhcp-server.rst:325 +#: ../../configuration/service/dhcp-server.rst:331 msgid "rfc3442-static-route, windows-static-route" msgstr "rfc3442-static-route, windows-static-route" @@ -19806,15 +21292,15 @@ msgstr "rfc3442-static-route, windows-static-route" msgid "rfc3768-compatibility" msgstr "rfc3768-compatibility" -#: ../../configuration/vpn/site2site_ipsec.rst:277 +#: ../../configuration/vpn/site2site_ipsec.rst:280 msgid "right local_ip: 172.18.202.10 # right side WAN IP" msgstr "right local_ip: 172.18.202.10 # right side WAN IP" -#: ../../configuration/vpn/site2site_ipsec.rst:169 +#: ../../configuration/vpn/site2site_ipsec.rst:172 msgid "right local_ip: `203.0.113.2` # remote office side WAN IP" msgstr "right local_ip: `203.0.113.2` # remote office side WAN IP" -#: ../../configuration/vpn/site2site_ipsec.rst:168 +#: ../../configuration/vpn/site2site_ipsec.rst:171 msgid "right subnet: `10.0.0.0/24` site2,remote office side" msgstr "right subnet: `10.0.0.0/24` site2,remote office side" @@ -19822,16 +21308,16 @@ msgstr "right subnet: `10.0.0.0/24` site2,remote office side" msgid "ripd" msgstr "ripd" -#: ../../configuration/highavailability/index.rst:349 +#: ../../configuration/highavailability/index.rst:359 msgid "round-robin" msgstr "round-robin" -#: ../../configuration/protocols/bgp.rst:825 -#: ../../configuration/protocols/bgp.rst:833 +#: ../../configuration/protocols/bgp.rst:847 +#: ../../configuration/protocols/bgp.rst:855 msgid "route-map" msgstr "route-map" -#: ../../configuration/service/dhcp-server.rst:250 +#: ../../configuration/service/dhcp-server.rst:256 msgid "routers" msgstr "routers" @@ -19848,7 +21334,7 @@ msgstr "sFlow is a technology that enables monitoring of network traffic by send msgid "security" msgstr "security" -#: ../../configuration/service/dhcp-server.rst:283 +#: ../../configuration/service/dhcp-server.rst:289 msgid "server-identifier" msgstr "server-identifier" @@ -19865,11 +21351,11 @@ msgstr "set a destination and/or source address. Accepted input:" msgid "sha256 Hashes" msgstr "sha256 Hashes" -#: ../../configuration/system/ip.rst:50 +#: ../../configuration/system/ip.rst:63 msgid "show commands" msgstr "show commands" -#: ../../configuration/service/dhcp-server.rst:289 +#: ../../configuration/service/dhcp-server.rst:295 msgid "siaddr" msgstr "siaddr" @@ -19877,8 +21363,8 @@ msgstr "siaddr" msgid "slow: Request partner to transmit LACPDUs every 30 seconds" msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" -#: ../../configuration/service/dhcp-server.rst:308 -#: ../../configuration/service/dhcp-server.rst:310 +#: ../../configuration/service/dhcp-server.rst:314 +#: ../../configuration/service/dhcp-server.rst:316 msgid "smtp-server" msgstr "smtp-server" @@ -19886,7 +21372,7 @@ msgstr "smtp-server" msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," -#: ../../configuration/highavailability/index.rst:353 +#: ../../configuration/highavailability/index.rst:363 msgid "source-hashing" msgstr "source-hashing" @@ -19898,11 +21384,11 @@ msgstr "spoke01-spoke04" msgid "spoke05" msgstr "spoke05" -#: ../../configuration/service/dhcp-server.rst:353 +#: ../../configuration/service/dhcp-server.rst:359 msgid "static-mapping" msgstr "static-mapping" -#: ../../configuration/service/dhcp-server.rst:323 +#: ../../configuration/service/dhcp-server.rst:329 msgid "static-route" msgstr "static-route" @@ -19912,7 +21398,7 @@ msgstr "static-route" msgid "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded." msgstr "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded." -#: ../../configuration/service/dhcp-server.rst:238 +#: ../../configuration/service/dhcp-server.rst:244 msgid "subnet-mask" msgstr "subnet-mask" @@ -19928,8 +21414,8 @@ msgstr "tail" msgid "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend." msgstr "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend." -#: ../../configuration/service/dhcp-server.rst:293 -#: ../../configuration/service/dhcp-server.rst:295 +#: ../../configuration/service/dhcp-server.rst:299 +#: ../../configuration/service/dhcp-server.rst:301 msgid "tftp-server-name" msgstr "tftp-server-name" @@ -19938,21 +21424,21 @@ msgstr "tftp-server-name" msgid "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs." msgstr "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs." -#: ../../configuration/service/dhcp-server.rst:242 -#: ../../configuration/service/dhcp-server.rst:244 +#: ../../configuration/service/dhcp-server.rst:248 +#: ../../configuration/service/dhcp-server.rst:250 msgid "time-offset" msgstr "time-offset" -#: ../../configuration/service/dhcp-server.rst:253 +#: ../../configuration/service/dhcp-server.rst:259 msgid "time-server" msgstr "time-server" -#: ../../configuration/service/dhcp-server.rst:255 +#: ../../configuration/service/dhcp-server.rst:261 msgid "time-servers" msgstr "time-servers" -#: ../../configuration/highavailability/index.rst:365 -#: ../../configuration/service/router-advert.rst:19 +#: ../../configuration/highavailability/index.rst:375 +#: ../../configuration/service/router-advert.rst:20 msgid "tunnel" msgstr "tunnel" @@ -19984,7 +21470,7 @@ msgstr "valid-lifetime" msgid "veth interfaces need to be created in pairs - it's called the peer name" msgstr "veth interfaces need to be created in pairs - it's called the peer name" -#: ../../configuration/service/router-advert.rst:20 +#: ../../configuration/service/router-advert.rst:21 msgid "vxlan" msgstr "vxlan" @@ -19996,11 +21482,11 @@ msgstr "warning" msgid "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." msgstr "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." -#: ../../configuration/highavailability/index.rst:352 +#: ../../configuration/highavailability/index.rst:362 msgid "weighted-least-connection" msgstr "weighted-least-connection" -#: ../../configuration/highavailability/index.rst:350 +#: ../../configuration/highavailability/index.rst:360 msgid "weighted-round-robin" msgstr "weighted-round-robin" @@ -20008,15 +21494,15 @@ msgstr "weighted-round-robin" msgid "while a *byte* is written as a single **b**." msgstr "while a *byte* is written as a single **b**." -#: ../../configuration/service/dhcp-server.rst:278 +#: ../../configuration/service/dhcp-server.rst:284 msgid "wins-server" msgstr "wins-server" -#: ../../configuration/service/router-advert.rst:21 +#: ../../configuration/service/router-advert.rst:22 msgid "wireguard" msgstr "wireguard" -#: ../../configuration/service/router-advert.rst:22 +#: ../../configuration/service/router-advert.rst:23 msgid "wireless" msgstr "wireless" @@ -20024,15 +21510,15 @@ msgstr "wireless" msgid "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases." msgstr "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases." -#: ../../configuration/service/dhcp-server.rst:328 +#: ../../configuration/service/dhcp-server.rst:334 msgid "wpad-url" msgstr "wpad-url" -#: ../../configuration/service/dhcp-server.rst:330 +#: ../../configuration/service/dhcp-server.rst:336 msgid "wpad-url, wpad-url code 252 = text" msgstr "wpad-url, wpad-url code 252 = text" -#: ../../configuration/service/router-advert.rst:23 +#: ../../configuration/service/router-advert.rst:24 msgid "wwan" msgstr "wwan" |