diff options
Diffstat (limited to 'docs/_locale/de/configuration.pot')
| -rw-r--r-- | docs/_locale/de/configuration.pot | 6791 |
1 files changed, 4805 insertions, 1986 deletions
diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index dc70be5a..fd3396c0 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -48,7 +48,7 @@ msgstr "###################ä############# Flowtables Firewall Configuration ### msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." -#: ../../configuration/system/flow-accounting.rst:102 +#: ../../configuration/system/flow-accounting.rst:106 msgid "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" msgstr "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" @@ -64,11 +64,11 @@ msgstr "**2. Confirm the link type has been set to GRE:**" msgid "**3. Confirm IP connectivity across the tunnel:**" msgstr "**3. Confirm IP connectivity across the tunnel:**" -#: ../../configuration/system/flow-accounting.rst:100 +#: ../../configuration/system/flow-accounting.rst:104 msgid "**5** - Most common version, but restricted to IPv4 flows only" msgstr "**5** - Most common version, but restricted to IPv4 flows only" -#: ../../configuration/system/flow-accounting.rst:101 +#: ../../configuration/system/flow-accounting.rst:105 msgid "**9** - NetFlow version 9 (default)" msgstr "**9** - NetFlow version 9 (default)" @@ -88,24 +88,28 @@ msgstr "**Active-passive**: only ``primary`` server will respond to DHCP request msgid "**Already-selected external check**" msgstr "**Already-selected external check**" -#: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1249 +#: ../../configuration/nat/cgnat.rst:47 +msgid "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." +msgstr "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:597 +#: ../../configuration/trafficpolicy/index.rst:1299 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." -#: ../../configuration/trafficpolicy/index.rst:444 +#: ../../configuration/trafficpolicy/index.rst:494 msgid "**Applies to:** Outbound Traffic." msgstr "**Applies to:** Outbound Traffic." -#: ../../configuration/trafficpolicy/index.rst:355 -#: ../../configuration/trafficpolicy/index.rst:387 -#: ../../configuration/trafficpolicy/index.rst:622 -#: ../../configuration/trafficpolicy/index.rst:691 -#: ../../configuration/trafficpolicy/index.rst:767 -#: ../../configuration/trafficpolicy/index.rst:916 -#: ../../configuration/trafficpolicy/index.rst:961 -#: ../../configuration/trafficpolicy/index.rst:1020 -#: ../../configuration/trafficpolicy/index.rst:1154 +#: ../../configuration/trafficpolicy/index.rst:405 +#: ../../configuration/trafficpolicy/index.rst:437 +#: ../../configuration/trafficpolicy/index.rst:672 +#: ../../configuration/trafficpolicy/index.rst:741 +#: ../../configuration/trafficpolicy/index.rst:817 +#: ../../configuration/trafficpolicy/index.rst:966 +#: ../../configuration/trafficpolicy/index.rst:1011 +#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1204 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -117,10 +121,14 @@ msgstr "**Apply the traffic policy to an interface ingress or egress**." msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." -#: ../../configuration/firewall/index.rst:23 +#: ../../configuration/firewall/index.rst:28 msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +#: ../../configuration/nat/cgnat.rst:66 +msgid "**Calculate the Number of Subscribers per Public IP**:" +msgstr "**Calculate the Number of Subscribers per Public IP**:" + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Cisco IOS Router:**" @@ -141,6 +149,14 @@ msgstr "**Cluster-List length check**" msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +#: ../../configuration/firewall/index.rst:46 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." + +#: ../../configuration/nat/cgnat.rst:40 +msgid "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." +msgstr "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Create a traffic policy**." @@ -156,23 +172,30 @@ msgstr "**DHCP(v6)**" msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**DHCPv6 Prefix Delegation (PD)**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/index.rst:55 msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +#: ../../configuration/firewall/index.rst:58 +msgid "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." + #: ../../configuration/firewall/index.rst:43 msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/index.rst:44 +#: ../../configuration/firewall/index.rst:53 msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/bridge.rst:9 #: ../../configuration/firewall/flowtables.rst:9 msgid "**Documentation under development**" msgstr "**Documentation under development**" +#: ../../configuration/nat/cgnat.rst:62 +msgid "**Estimate Ports Needed per Subscriber**:" +msgstr "**Estimate Ports Needed per Subscriber**:" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocol, destination address or source address)**" @@ -180,8 +203,9 @@ msgstr "**Ethernet (protocol, destination address or source address)**" #: ../../configuration/service/dhcp-server.rst:63 #: ../../configuration/service/dhcp-server.rst:158 #: ../../configuration/service/dhcp-server.rst:256 -#: ../../configuration/service/dhcp-server.rst:646 -#: ../../configuration/service/dhcp-server.rst:687 +#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:675 +#: ../../configuration/service/dhcp-server.rst:717 msgid "**Example:**" msgstr "**Example:**" @@ -189,19 +213,31 @@ msgstr "**Example:**" msgid "**External check**" msgstr "**External check**" +#: ../../configuration/firewall/ipv4.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" + +#: ../../configuration/firewall/ipv6.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" + #: ../../configuration/trafficpolicy/index.rst:175 msgid "**Firewall mark**" msgstr "**Firewall mark**" -#: ../../configuration/firewall/flowtables.rst:51 +#: ../../configuration/firewall/index.rst:42 +msgid "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." +msgstr "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/flowtables.rst:52 msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" -#: ../../configuration/firewall/index.rst:152 +#: ../../configuration/firewall/index.rst:199 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" -#: ../../configuration/firewall/index.rst:58 +#: ../../configuration/firewall/index.rst:72 msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" @@ -213,7 +249,11 @@ msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through th msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" -#: ../../configuration/firewall/flowtables.rst:83 +#: ../../configuration/firewall/index.rst:110 +msgid "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:84 msgid "**Hardware offload:** should be supported by the NICs used." msgstr "**Hardware offload:** should be supported by the NICs used." @@ -221,6 +261,10 @@ msgstr "**Hardware offload:** should be supported by the NICs used." msgid "**IGP cost check**" msgstr "**IGP cost check**" +#: ../../configuration/nat/cgnat.rst:38 +msgid "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." +msgstr "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." + #: ../../configuration/trafficpolicy/index.rst:171 msgid "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" @@ -229,7 +273,7 @@ msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** * msgid "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" -#: ../../configuration/trafficpolicy/index.rst:345 +#: ../../configuration/trafficpolicy/index.rst:395 msgid "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." msgstr "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." @@ -241,14 +285,23 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Wichtiger Hinweis: ** Diese Dokumentation ist nur für VyOS Sagitta vor 1.4-Rolling-YYYYMMDDHHMM gültig" -#: ../../configuration/firewall/ipv4.rst:60 -#: ../../configuration/firewall/ipv6.rst:60 +#: ../../configuration/system/conntrack.rst:148 +msgid "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." +msgstr "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 +msgid "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" #: ../../configuration/firewall/bridge.rst:143 -#: ../../configuration/firewall/ipv4.rst:190 -#: ../../configuration/firewall/ipv6.rst:190 +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." @@ -260,6 +313,15 @@ msgstr "**Wichtiger Hinweis zu Standardaktionen: ** Wenn die Standardaktion für msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." +#: ../../configuration/firewall/bridge.rst:197 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." + +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:20 msgid "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" @@ -272,10 +334,14 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" -#: ../../configuration/firewall/index.rst:49 +#: ../../configuration/firewall/index.rst:63 msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:115 +msgid "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" +msgstr "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Interface name**" @@ -345,6 +411,7 @@ msgstr "**Node 1**" #: ../../configuration/protocols/isis.rst:416 #: ../../configuration/protocols/isis.rst:457 #: ../../configuration/protocols/isis.rst:495 +#: ../../configuration/protocols/openfabric.rst:170 #: ../../configuration/protocols/ospf.rst:948 #: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 @@ -368,6 +435,7 @@ msgstr "**Node 2**" #: ../../configuration/protocols/isis.rst:352 #: ../../configuration/protocols/isis.rst:432 #: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/openfabric.rst:181 #: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 @@ -391,8 +459,16 @@ msgid "**Origin check**" msgstr "**Origin check**" #: ../../configuration/firewall/index.rst:64 -msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" -msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:74 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" #: ../../configuration/firewall/index.rst:65 msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" @@ -402,11 +478,47 @@ msgstr "**Output**: stage where traffic that originates from the router itself c msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:79 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" + +#: ../../configuration/firewall/index.rst:90 +msgid "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." +msgstr "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." + +#: ../../configuration/firewall/ipv4.rst:81 +msgid "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:81 +msgid "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:86 +msgid "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv4.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:120 +msgid "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" +msgstr "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**Peer address**" -#: ../../configuration/firewall/index.rst:38 +#: ../../configuration/nat/cgnat.rst:46 +msgid "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." +msgstr "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." + +#: ../../configuration/firewall/index.rst:52 msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." @@ -414,11 +526,27 @@ msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...` msgid "**Policy definition:**" msgstr "**Policy definition:**" -#: ../../configuration/firewall/index.rst:76 +#: ../../configuration/nat/cgnat.rst:48 +msgid "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." +msgstr "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." + +#: ../../configuration/nat/cgnat.rst:49 +msgid "**Port Control Protocol**: PCP is not implemented." +msgstr "**Port Control Protocol**: PCP is not implemented." + +#: ../../configuration/firewall/index.rst:92 msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" #: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:34 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:29 msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" @@ -426,43 +554,51 @@ msgstr "**Prerouting**: several actions can be done in this stage, and currently msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +#: ../../configuration/firewall/index.rst:97 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" + +#: ../../configuration/firewall/index.rst:102 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" + #: ../../configuration/service/dhcp-server.rst:448 msgid "**Primary**" msgstr "**Primary**" -#: ../../configuration/trafficpolicy/index.rst:443 +#: ../../configuration/trafficpolicy/index.rst:493 msgid "**Queueing discipline** Fair/Flow Queue CoDel." msgstr "**Queueing discipline** Fair/Flow Queue CoDel." -#: ../../configuration/trafficpolicy/index.rst:960 +#: ../../configuration/trafficpolicy/index.rst:1010 msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." -#: ../../configuration/trafficpolicy/index.rst:1153 +#: ../../configuration/trafficpolicy/index.rst:1203 msgid "**Queueing discipline:** Deficit mode." msgstr "**Queueing discipline:** Deficit mode." -#: ../../configuration/trafficpolicy/index.rst:766 +#: ../../configuration/trafficpolicy/index.rst:816 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." -#: ../../configuration/trafficpolicy/index.rst:1019 +#: ../../configuration/trafficpolicy/index.rst:1069 msgid "**Queueing discipline:** Hierarchical Token Bucket." msgstr "**Queueing discipline:** Hierarchical Token Bucket." -#: ../../configuration/trafficpolicy/index.rst:546 +#: ../../configuration/trafficpolicy/index.rst:596 msgid "**Queueing discipline:** Ingress policer." msgstr "**Queueing discipline:** Ingress policer." -#: ../../configuration/trafficpolicy/index.rst:354 +#: ../../configuration/trafficpolicy/index.rst:404 msgid "**Queueing discipline:** PFIFO (Packet First In First Out)." msgstr "**Queueing discipline:** PFIFO (Packet First In First Out)." -#: ../../configuration/trafficpolicy/index.rst:690 +#: ../../configuration/trafficpolicy/index.rst:740 msgid "**Queueing discipline:** PRIO." msgstr "**Queueing discipline:** PRIO." -#: ../../configuration/trafficpolicy/index.rst:386 +#: ../../configuration/trafficpolicy/index.rst:436 msgid "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." @@ -470,24 +606,36 @@ msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgid "**Queueing discipline:** Tocken Bucket Filter." msgstr "**Queueing discipline:** Tocken Bucket Filter." -#: ../../configuration/trafficpolicy/index.rst:621 +#: ../../configuration/trafficpolicy/index.rst:965 +msgid "**Queueing discipline:** Token Bucket Filter." +msgstr "**Queueing discipline:** Token Bucket Filter." + +#: ../../configuration/trafficpolicy/index.rst:671 msgid "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." msgstr "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." -#: ../../configuration/interfaces/bonding.rst:407 +#: ../../configuration/interfaces/bonding.rst:460 #: ../../configuration/interfaces/macsec.rst:159 msgid "**R1**" msgstr "**R1**" +#: ../../configuration/interfaces/macsec.rst:251 +msgid "**R1 MACsec01**" +msgstr "**R1 MACsec01**" + #: ../../configuration/interfaces/macsec.rst:215 msgid "**R1 Static Key**" msgstr "**R1 Static Key**" -#: ../../configuration/interfaces/bonding.rst:425 +#: ../../configuration/interfaces/bonding.rst:478 #: ../../configuration/interfaces/macsec.rst:171 msgid "**R2**" msgstr "**R2**" +#: ../../configuration/interfaces/macsec.rst:269 +msgid "**R2 MACsec02**" +msgstr "**R2 MACsec02**" + #: ../../configuration/interfaces/macsec.rst:228 msgid "**R2 Static Key**" msgstr "**R2 Static Key**" @@ -532,27 +680,31 @@ msgstr "**Routes learned after routing policy applied:**" msgid "**Routes learned before routing policy applied:**" msgstr "**Routes learned before routing policy applied:**" -#: ../../configuration/interfaces/bonding.rst:443 +#: ../../configuration/interfaces/bonding.rst:496 msgid "**SW1**" msgstr "**SW1**" -#: ../../configuration/interfaces/bonding.rst:474 +#: ../../configuration/interfaces/bonding.rst:527 msgid "**SW2**" msgstr "**SW2**" +#: ../../configuration/nat/cgnat.rst:39 +msgid "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." +msgstr "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." + #: ../../configuration/service/dhcp-server.rst:458 msgid "**Secondary**" msgstr "**Secondary**" -#: ../../configuration/vpn/ipsec.rst:265 +#: ../../configuration/vpn/ipsec.rst:285 msgid "**Setting up IPSec**" msgstr "**Setting up IPSec**" -#: ../../configuration/vpn/ipsec.rst:241 +#: ../../configuration/vpn/ipsec.rst:261 msgid "**Setting up the GRE tunnel**" msgstr "**Setting up the GRE tunnel**" -#: ../../configuration/firewall/index.rst:80 +#: ../../configuration/firewall/index.rst:96 msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." @@ -568,6 +720,14 @@ msgstr "**Status**" msgid "**To see the redistributed routes:**" msgstr "**To see the redistributed routes:**" +#: ../../configuration/nat/cgnat.rst:56 +msgid "**Total Ports Available**:" +msgstr "**Total Ports Available**:" + +#: ../../configuration/nat/cgnat.rst:45 +msgid "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." +msgstr "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." + #: ../../configuration/protocols/failover.rst:85 msgid "**Two gateways and different metrics:**" msgstr "**Two gateways and different metrics:**" @@ -585,7 +745,7 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" -#: ../../configuration/trafficpolicy/index.rst:1208 +#: ../../configuration/trafficpolicy/index.rst:1258 msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." @@ -598,25 +758,25 @@ msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 1 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" -#: ../../configuration/service/pppoe-server.rst:474 -#: ../../configuration/vpn/l2tp.rst:428 +#: ../../configuration/service/pppoe-server.rst:499 +#: ../../configuration/vpn/l2tp.rst:431 #: ../../configuration/vpn/pptp.rst:352 -#: ../../configuration/vpn/sstp.rst:386 +#: ../../configuration/vpn/sstp.rst:389 msgid "**allow** - Negotiate IPv4 only if client requests (Default value)" msgstr "**allow** - Negotiate IPv4 only if client requests (Default value)" -#: ../../configuration/service/pppoe-server.rst:349 -#: ../../configuration/vpn/l2tp.rst:293 +#: ../../configuration/service/pppoe-server.rst:369 +#: ../../configuration/vpn/l2tp.rst:296 #: ../../configuration/vpn/pptp.rst:217 -#: ../../configuration/vpn/sstp.rst:251 +#: ../../configuration/vpn/sstp.rst:254 msgid "**allow** - Negotiate IPv6 only if client requests" msgstr "**allow** - Negotiate IPv6 only if client requests" -#: ../../configuration/container/index.rst:38 +#: ../../configuration/container/index.rst:62 msgid "**allow-host-networks** cannot be used with **network**" msgstr "**allow-host-networks** cannot be used with **network**" -#: ../../configuration/container/index.rst:107 +#: ../../configuration/container/index.rst:133 msgid "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" msgstr "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" @@ -644,10 +804,10 @@ msgstr "**broadcast** – broadcast IP addresses distribution. **non-broadcast** msgid "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." msgstr "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." -#: ../../configuration/service/pppoe-server.rst:401 -#: ../../configuration/vpn/l2tp.rst:345 +#: ../../configuration/service/pppoe-server.rst:423 +#: ../../configuration/vpn/l2tp.rst:348 #: ../../configuration/vpn/pptp.rst:269 -#: ../../configuration/vpn/sstp.rst:303 +#: ../../configuration/vpn/sstp.rst:306 msgid "**calling-sid** - Calculate interface identifier from calling-station-id." msgstr "**calling-sid** - Calculate interface identifier from calling-station-id." @@ -667,28 +827,28 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." -#: ../../configuration/service/pppoe-server.rst:566 +#: ../../configuration/service/pppoe-server.rst:591 msgid "**deny**: Deny second session authorization." msgstr "**deny**: Deny second session authorization." -#: ../../configuration/service/pppoe-server.rst:475 -#: ../../configuration/vpn/l2tp.rst:429 +#: ../../configuration/service/pppoe-server.rst:500 +#: ../../configuration/vpn/l2tp.rst:432 #: ../../configuration/vpn/pptp.rst:353 -#: ../../configuration/vpn/sstp.rst:387 +#: ../../configuration/vpn/sstp.rst:390 msgid "**deny** - Do not negotiate IPv4" msgstr "**deny** - Do not negotiate IPv4" -#: ../../configuration/service/pppoe-server.rst:350 -#: ../../configuration/vpn/l2tp.rst:294 +#: ../../configuration/service/pppoe-server.rst:370 +#: ../../configuration/vpn/l2tp.rst:297 #: ../../configuration/vpn/pptp.rst:218 -#: ../../configuration/vpn/sstp.rst:252 +#: ../../configuration/vpn/sstp.rst:255 msgid "**deny** - Do not negotiate IPv6 (default value)" msgstr "**deny** - Do not negotiate IPv6 (default value)" -#: ../../configuration/service/pppoe-server.rst:507 -#: ../../configuration/vpn/l2tp.rst:461 +#: ../../configuration/service/pppoe-server.rst:532 +#: ../../configuration/vpn/l2tp.rst:465 #: ../../configuration/vpn/pptp.rst:385 -#: ../../configuration/vpn/sstp.rst:419 +#: ../../configuration/vpn/sstp.rst:423 msgid "**deny** - deny mppe" msgstr "**deny** - deny mppe" @@ -704,7 +864,7 @@ msgstr "**dhcp** interface address is received by DHCP from a DHCP server on thi msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." -#: ../../configuration/service/pppoe-server.rst:565 +#: ../../configuration/service/pppoe-server.rst:590 msgid "**disable**: Disables session control." msgstr "**disable**: Disables session control." @@ -740,26 +900,30 @@ msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It co msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:400 -#: ../../configuration/vpn/l2tp.rst:344 +#: ../../configuration/service/pppoe-server.rst:422 +#: ../../configuration/vpn/l2tp.rst:347 #: ../../configuration/vpn/pptp.rst:268 -#: ../../configuration/vpn/sstp.rst:302 +#: ../../configuration/vpn/sstp.rst:305 msgid "**ipv4-addr** - Calculate interface identifier from IPv4 address." msgstr "**ipv4-addr** - Calculate interface identifier from IPv4 address." -#: ../../configuration/service/ipoe-server.rst:91 +#: ../../configuration/service/ipoe-server.rst:90 msgid "**l2**: It means that clients are on same network where interface is.**(default)**" msgstr "**l2**: It means that clients are on same network where interface is.**(default)**" -#: ../../configuration/interfaces/bonding.rst:161 +#: ../../configuration/service/ipoe-server.rst:92 +msgid "**l3**: It means that client are behind some router." +msgstr "**l3**: It means that client are behind some router." + +#: ../../configuration/interfaces/bonding.rst:166 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" -#: ../../configuration/interfaces/bonding.rst:174 +#: ../../configuration/interfaces/bonding.rst:179 msgid "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" msgstr "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" -#: ../../configuration/interfaces/bonding.rst:200 +#: ../../configuration/interfaces/bonding.rst:205 msgid "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." msgstr "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." @@ -792,7 +956,7 @@ msgid "**level-2-only** - Level-2 only adjacencies are formed" msgstr "**level-2-only** - Level-2 only adjacencies are formed" #: ../../configuration/service/ipoe-server.rst:65 -#: ../../configuration/service/pppoe-server.rst:43 +#: ../../configuration/service/pppoe-server.rst:42 #: ../../configuration/vpn/l2tp.rst:31 #: ../../configuration/vpn/pptp.rst:32 #: ../../configuration/vpn/sstp.rst:58 @@ -823,19 +987,19 @@ msgstr "**lookup-srv** S flag." msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**narrow** - Use old style of TLVs with narrow metric." -#: ../../configuration/container/index.rst:124 +#: ../../configuration/container/index.rst:162 msgid "**net-admin**: Network operations (interface, firewall, routing tables)" msgstr "**net-admin**: Network operations (interface, firewall, routing tables)" -#: ../../configuration/container/index.rst:125 +#: ../../configuration/container/index.rst:163 msgid "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" msgstr "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" -#: ../../configuration/container/index.rst:126 +#: ../../configuration/container/index.rst:165 msgid "**net-raw**: Permission to create raw network sockets" msgstr "**net-raw**: Permission to create raw network sockets" -#: ../../configuration/container/index.rst:105 +#: ../../configuration/container/index.rst:130 msgid "**no**: Do not restart containers on exit" msgstr "**no**: Do not restart containers on exit" @@ -843,7 +1007,7 @@ msgstr "**no**: Do not restart containers on exit" msgid "**noauth**: Authentication disabled" msgstr "**noauth**: Authentication disabled" -#: ../../configuration/service/pppoe-server.rst:44 +#: ../../configuration/service/pppoe-server.rst:43 #: ../../configuration/vpn/pptp.rst:33 msgid "**noauth**: Authentication disabled." msgstr "**noauth**: Authentication disabled." @@ -852,7 +1016,7 @@ msgstr "**noauth**: Authentication disabled." msgid "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." msgstr "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." -#: ../../configuration/container/index.rst:106 +#: ../../configuration/container/index.rst:131 msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" @@ -868,17 +1032,17 @@ msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It config msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:473 -#: ../../configuration/vpn/l2tp.rst:427 +#: ../../configuration/service/pppoe-server.rst:498 +#: ../../configuration/vpn/l2tp.rst:430 #: ../../configuration/vpn/pptp.rst:351 -#: ../../configuration/vpn/sstp.rst:385 +#: ../../configuration/vpn/sstp.rst:388 msgid "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" -#: ../../configuration/service/pppoe-server.rst:348 -#: ../../configuration/vpn/l2tp.rst:292 +#: ../../configuration/service/pppoe-server.rst:368 +#: ../../configuration/vpn/l2tp.rst:295 #: ../../configuration/vpn/pptp.rst:216 -#: ../../configuration/vpn/sstp.rst:250 +#: ../../configuration/vpn/sstp.rst:253 msgid "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" @@ -886,10 +1050,10 @@ msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - ask client for mppe, if it rejects don't fail" -#: ../../configuration/service/pppoe-server.rst:506 -#: ../../configuration/vpn/l2tp.rst:460 +#: ../../configuration/service/pppoe-server.rst:531 +#: ../../configuration/vpn/l2tp.rst:464 #: ../../configuration/vpn/pptp.rst:384 -#: ../../configuration/vpn/sstp.rst:418 +#: ../../configuration/vpn/sstp.rst:422 msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" @@ -914,21 +1078,21 @@ msgid "**protocol-specific** P flag." msgstr "**protocol-specific** P flag." #: ../../configuration/service/ipoe-server.rst:63 -#: ../../configuration/service/pppoe-server.rst:41 +#: ../../configuration/service/pppoe-server.rst:40 #: ../../configuration/vpn/l2tp.rst:29 #: ../../configuration/vpn/pptp.rst:30 #: ../../configuration/vpn/sstp.rst:56 msgid "**radius**: All authentication queries are handled by a configured RADIUS server." msgstr "**radius**: All authentication queries are handled by a configured RADIUS server." -#: ../../configuration/service/pppoe-server.rst:391 -#: ../../configuration/service/pppoe-server.rst:398 -#: ../../configuration/vpn/l2tp.rst:335 -#: ../../configuration/vpn/l2tp.rst:342 +#: ../../configuration/service/pppoe-server.rst:412 +#: ../../configuration/service/pppoe-server.rst:420 +#: ../../configuration/vpn/l2tp.rst:338 +#: ../../configuration/vpn/l2tp.rst:345 #: ../../configuration/vpn/pptp.rst:259 #: ../../configuration/vpn/pptp.rst:266 -#: ../../configuration/vpn/sstp.rst:293 -#: ../../configuration/vpn/sstp.rst:300 +#: ../../configuration/vpn/sstp.rst:296 +#: ../../configuration/vpn/sstp.rst:303 msgid "**random** - Random interface identifier for IPv6" msgstr "**random** - Random interface identifier for IPv6" @@ -940,7 +1104,7 @@ msgstr "**regexp** Regular expression. Requires `<value>`." msgid "**remote side - commands**" msgstr "**remote side - commands**" -#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/service/pppoe-server.rst:592 msgid "**replace**: Terminate first session when second is authorized **(default)**" msgstr "**replace**: Terminate first session when second is authorized **(default)**" @@ -952,24 +1116,24 @@ msgstr "**replace:** Relay information already present in a packet is stripped a msgid "**replacement** Replacement DNS name." msgstr "**replacement** Replacement DNS name." -#: ../../configuration/service/pppoe-server.rst:472 -#: ../../configuration/vpn/l2tp.rst:426 +#: ../../configuration/service/pppoe-server.rst:497 +#: ../../configuration/vpn/l2tp.rst:429 #: ../../configuration/vpn/pptp.rst:350 -#: ../../configuration/vpn/sstp.rst:384 +#: ../../configuration/vpn/sstp.rst:387 msgid "**require** - Require IPv4 negotiation" msgstr "**require** - Require IPv4 negotiation" -#: ../../configuration/service/pppoe-server.rst:347 -#: ../../configuration/vpn/l2tp.rst:291 +#: ../../configuration/service/pppoe-server.rst:367 +#: ../../configuration/vpn/l2tp.rst:294 #: ../../configuration/vpn/pptp.rst:215 -#: ../../configuration/vpn/sstp.rst:249 +#: ../../configuration/vpn/sstp.rst:252 msgid "**require** - Require IPv6 negotiation" msgstr "**require** - Require IPv6 negotiation" -#: ../../configuration/service/pppoe-server.rst:505 -#: ../../configuration/vpn/l2tp.rst:459 +#: ../../configuration/service/pppoe-server.rst:530 +#: ../../configuration/vpn/l2tp.rst:463 #: ../../configuration/vpn/pptp.rst:383 -#: ../../configuration/vpn/sstp.rst:417 +#: ../../configuration/vpn/sstp.rst:421 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" @@ -985,11 +1149,11 @@ msgstr "**right**" msgid "**service** Service type. Requires `<value>`." msgstr "**service** Service type. Requires `<value>`." -#: ../../configuration/container/index.rst:127 +#: ../../configuration/container/index.rst:166 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" -#: ../../configuration/service/ipoe-server.rst:99 +#: ../../configuration/service/ipoe-server.rst:98 msgid "**shared**: Multiple clients share the same network. **(default)**" msgstr "**shared**: Multiple clients share the same network. **(default)**" @@ -1001,7 +1165,11 @@ msgstr "**source** - specifies which packets the NAT translation rule applies to msgid "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" msgstr "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" -#: ../../configuration/container/index.rst:129 +#: ../../configuration/container/index.rst:167 +msgid "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" +msgstr "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" + +#: ../../configuration/container/index.rst:169 msgid "**sys-time**: Permission to set system clock" msgstr "**sys-time**: Permission to set system clock" @@ -1017,7 +1185,7 @@ msgstr "**upstream:** The upstream network interface is the outgoing interface w msgid "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." msgstr "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." -#: ../../configuration/service/ipoe-server.rst:100 +#: ../../configuration/service/ipoe-server.rst:99 msgid "**vlan**: One VLAN per client." msgstr "**vlan**: One VLAN per client." @@ -1025,14 +1193,14 @@ msgstr "**vlan**: One VLAN per client." msgid "**wide** - Use new style of TLVs to carry wider metric." msgstr "**wide** - Use new style of TLVs to carry wider metric." -#: ../../configuration/service/pppoe-server.rst:392 -#: ../../configuration/service/pppoe-server.rst:399 -#: ../../configuration/vpn/l2tp.rst:336 -#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/service/pppoe-server.rst:413 +#: ../../configuration/service/pppoe-server.rst:421 +#: ../../configuration/vpn/l2tp.rst:339 +#: ../../configuration/vpn/l2tp.rst:346 #: ../../configuration/vpn/pptp.rst:260 #: ../../configuration/vpn/pptp.rst:267 -#: ../../configuration/vpn/sstp.rst:294 -#: ../../configuration/vpn/sstp.rst:301 +#: ../../configuration/vpn/sstp.rst:297 +#: ../../configuration/vpn/sstp.rst:304 msgid "**x:x:x:x** - Specify interface identifier for IPv6" msgstr "**x:x:x:x** - Specify interface identifier for IPv6" @@ -1040,51 +1208,51 @@ msgstr "**x:x:x:x** - Specify interface identifier for IPv6" msgid "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." msgstr "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." -#: ../../configuration/system/syslog.rst:112 -#: ../../configuration/system/syslog.rst:171 -#: ../../configuration/trafficpolicy/index.rst:267 -#: ../../configuration/trafficpolicy/index.rst:803 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/trafficpolicy/index.rst:317 +#: ../../configuration/trafficpolicy/index.rst:853 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "0" msgstr "0" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "000000" msgstr "000000" -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "001010" msgstr "001010" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "001100" msgstr "001100" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "001110" msgstr "001110" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "010010" msgstr "010010" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "010100" msgstr "010100" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "010110" msgstr "010110" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "011010" msgstr "011010" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "011100" msgstr "011100" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "011110" msgstr "011110" @@ -1092,19 +1260,19 @@ msgstr "011110" msgid "0: Disable DAD" msgstr "0: Disable DAD" -#: ../../configuration/highavailability/index.rst:267 +#: ../../configuration/highavailability/index.rst:271 msgid "0 if not defined, which means no refreshing." msgstr "0 if not defined, which means no refreshing." -#: ../../configuration/highavailability/index.rst:249 +#: ../../configuration/highavailability/index.rst:253 msgid "0 if not defined." msgstr "0 if not defined." #: ../../configuration/service/dhcp-server.rst:293 -#: ../../configuration/system/syslog.rst:114 -#: ../../configuration/system/syslog.rst:173 -#: ../../configuration/trafficpolicy/index.rst:801 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/trafficpolicy/index.rst:851 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "1" msgstr "1" @@ -1112,9 +1280,9 @@ msgstr "1" msgid "1-to-1 NAT" msgstr "1-to-1 NAT" -#: ../../configuration/system/syslog.rst:132 -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "10" msgstr "10" @@ -1126,7 +1294,7 @@ msgstr "100000 - 100 GBit/s" msgid "10000 - 10 GBit/s" msgstr "10000 - 10 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "100010" msgstr "100010" @@ -1134,11 +1302,11 @@ msgstr "100010" msgid "1000 - 1 GBit/s" msgstr "1000 - 1 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "100100" msgstr "100100" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "100110" msgstr "100110" @@ -1146,7 +1314,7 @@ msgstr "100110" msgid "100 - 100 MBit/s" msgstr "100 - 100 MBit/s" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "101110" msgstr "101110" @@ -1158,8 +1326,8 @@ msgstr "10.0.0.0 to 10.255.255.255 (CIDR: 10.0.0.0/8)" msgid "10 - 10 MBit/s" msgstr "10 - 10 MBit/s" -#: ../../configuration/system/syslog.rst:134 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "11" msgstr "11" @@ -1167,9 +1335,9 @@ msgstr "11" msgid "119" msgstr "119" -#: ../../configuration/system/syslog.rst:136 -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "12" msgstr "12" @@ -1178,29 +1346,29 @@ msgid "121, 249" msgstr "121, 249" #: ../../configuration/service/dhcp-server.rst:360 -#: ../../configuration/system/syslog.rst:138 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "13" msgstr "13" -#: ../../configuration/system/syslog.rst:140 -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "14" msgstr "14" #: ../../configuration/service/dhcp-server.rst:320 -#: ../../configuration/system/syslog.rst:142 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:160 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "15" msgstr "15" -#: ../../configuration/system/syslog.rst:144 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:162 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "16" msgstr "16" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "17" msgstr "17" @@ -1208,13 +1376,13 @@ msgstr "17" msgid "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" -#: ../../configuration/system/syslog.rst:148 -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/system/syslog.rst:166 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "18" msgstr "18" #: ../../configuration/service/dhcp-server.rst:325 -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "19" msgstr "19" @@ -1226,41 +1394,53 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Create an event handler" -#: ../../configuration/firewall/flowtables.rst:144 +#: ../../configuration/firewall/flowtables.rst:145 msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/groups.rst:345 +msgid "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" +msgstr "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" -#: ../../configuration/highavailability/index.rst:277 +#: ../../configuration/highavailability/index.rst:281 msgid "1 if not defined." msgstr "1 if not defined." #: ../../configuration/service/dhcp-server.rst:299 -#: ../../configuration/system/syslog.rst:116 -#: ../../configuration/system/syslog.rst:178 -#: ../../configuration/trafficpolicy/index.rst:799 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:196 +#: ../../configuration/trafficpolicy/index.rst:849 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "2" msgstr "2" -#: ../../configuration/system/syslog.rst:152 -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/system/syslog.rst:170 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "20" msgstr "20" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "21" msgstr "21" -#: ../../configuration/system/syslog.rst:156 -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/system/syslog.rst:174 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "22" msgstr "22" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "23" msgstr "23" @@ -1276,11 +1456,11 @@ msgstr "2500 - 2.5 GBit/s" msgid "252" msgstr "252" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "26" msgstr "26" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "28" msgstr "28" @@ -1292,7 +1472,11 @@ msgstr "2FA OTP support" msgid "2. Add regex to the script" msgstr "2. Add regex to the script" -#: ../../configuration/firewall/flowtables.rst:148 +#: ../../configuration/firewall/groups.rst:361 +msgid "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" +msgstr "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" + +#: ../../configuration/firewall/flowtables.rst:149 msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." @@ -1301,26 +1485,26 @@ msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-loc msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." #: ../../configuration/service/dhcp-server.rst:305 -#: ../../configuration/system/syslog.rst:118 -#: ../../configuration/system/syslog.rst:181 -#: ../../configuration/trafficpolicy/index.rst:797 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:199 +#: ../../configuration/trafficpolicy/index.rst:847 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "3" msgstr "3" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "30" msgstr "30" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "34" msgstr "34" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "36" msgstr "36" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "38" msgstr "38" @@ -1328,11 +1512,15 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Add a full path to the script" +#: ../../configuration/firewall/groups.rst:377 +msgid "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" +msgstr "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" + #: ../../configuration/service/dhcp-server.rst:310 -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:183 -#: ../../configuration/trafficpolicy/index.rst:795 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:201 +#: ../../configuration/trafficpolicy/index.rst:845 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "4" msgstr "4" @@ -1340,7 +1528,7 @@ msgstr "4" msgid "40000 - 40 GBit/s" msgstr "40000 - 40 GBit/s" -#: ../../configuration/interfaces/wireless.rst:170 +#: ../../configuration/interfaces/wireless.rst:201 msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." @@ -1352,7 +1540,7 @@ msgstr "42" msgid "44" msgstr "44" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "46" msgstr "46" @@ -1360,14 +1548,22 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Add optional parameters" +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + #: ../../configuration/firewall/flowtables.rst:153 msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." -#: ../../configuration/system/syslog.rst:122 -#: ../../configuration/system/syslog.rst:185 -#: ../../configuration/trafficpolicy/index.rst:793 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + +#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:203 +#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "5" msgstr "5" @@ -1383,23 +1579,31 @@ msgstr "5000 - 5 GBit/s" msgid "54" msgstr "54" -#: ../../configuration/firewall/flowtables.rst:157 +#: ../../configuration/firewall/flowtables.rst:158 msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." -#: ../../configuration/highavailability/index.rst:257 -#: ../../configuration/highavailability/index.rst:288 +#: ../../configuration/firewall/flowtables.rst:158 +msgid "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + +#: ../../configuration/highavailability/index.rst:261 +#: ../../configuration/highavailability/index.rst:292 msgid "5 if not defined." msgstr "5 if not defined." #: ../../configuration/service/dhcp-server.rst:315 -#: ../../configuration/system/syslog.rst:124 -#: ../../configuration/system/syslog.rst:189 -#: ../../configuration/trafficpolicy/index.rst:791 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/trafficpolicy/index.rst:841 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "6" msgstr "6" +#: ../../configuration/nat/cgnat.rst:69 +msgid "64512 / 1000 ≈ 64 subscribers per public IP" +msgstr "64512 / 1000 ≈ 64 subscribers per public IP" + #: ../../configuration/service/dhcp-server.rst:350 msgid "66" msgstr "66" @@ -1416,10 +1620,18 @@ msgstr "67" msgid "69" msgstr "69" -#: ../../configuration/firewall/flowtables.rst:161 +#: ../../configuration/firewall/flowtables.rst:162 msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." +msgstr "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." + +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6in4 (SIT)" @@ -1428,10 +1640,10 @@ msgstr "6in4 (SIT)" msgid "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." -#: ../../configuration/system/syslog.rst:126 -#: ../../configuration/system/syslog.rst:191 -#: ../../configuration/trafficpolicy/index.rst:789 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:209 +#: ../../configuration/trafficpolicy/index.rst:839 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "7" msgstr "7" @@ -1439,7 +1651,7 @@ msgstr "7" msgid "70" msgstr "70" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "8" msgstr "8" @@ -1447,8 +1659,8 @@ msgstr "8" msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." -#: ../../configuration/system/syslog.rst:130 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "9" msgstr "9" @@ -1472,14 +1684,23 @@ msgstr "<h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h>: IPv6 range to match." msgid "<h:h:h:h:h:h:h:h>: IPv6 address to match." msgstr "<h:h:h:h:h:h:h:h>: IPv6 address to match." -#: ../../configuration/system/syslog.rst:230 +#: ../../configuration/system/syslog.rst:248 msgid "<lines>" msgstr "<lines>" -#: ../../configuration/interfaces/wireless.rst:251 +#: ../../configuration/interfaces/wireless.rst:286 msgid "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." msgstr "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." +#: ../../configuration/interfaces/wireless.rst:381 +#: ../../configuration/interfaces/wireless.rst:401 +msgid "<number> must be one of:" +msgstr "<number> must be one of:" + +#: ../../configuration/interfaces/wireless.rst:375 +msgid "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." +msgstr "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." + #: ../../configuration/protocols/ospf.rst:346 msgid "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." msgstr "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." @@ -1528,15 +1749,15 @@ msgstr "API" msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/groups.rst:129 +#: ../../configuration/firewall/groups.rst:128 msgid "A **domain group** represents a collection of domains." msgstr "A **domain group** represents a collection of domains." -#: ../../configuration/firewall/groups.rst:111 +#: ../../configuration/firewall/groups.rst:110 msgid "A **mac group** represents a collection of mac addresses." msgstr "A **mac group** represents a collection of mac addresses." -#: ../../configuration/firewall/groups.rst:86 +#: ../../configuration/firewall/groups.rst:85 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." @@ -1544,6 +1765,10 @@ msgstr "A **port group** represents only port numbers, not the protocol. Port gr msgid "A *bit* is written as **bit**," msgstr "A *bit* is written as **bit**," +#: ../../configuration/firewall/groups.rst:288 +msgid "A 4 step port knocking example is shown next:" +msgstr "A 4 step port knocking example is shown next:" + #: ../../configuration/protocols/rpki.rst:21 msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." @@ -1592,16 +1817,16 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." -#: ../../configuration/firewall/zone.rst:73 +#: ../../configuration/firewall/zone.rst:70 msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." -#: ../../configuration/interfaces/bridge.rst:204 -#: ../../configuration/interfaces/bridge.rst:238 +#: ../../configuration/interfaces/bridge.rst:203 +#: ../../configuration/interfaces/bridge.rst:237 msgid "A bridge named `br100`" msgstr "A bridge named `br100`" -#: ../../configuration/container/index.rst:144 +#: ../../configuration/container/index.rst:199 msgid "A brief description what this network is all about." msgstr "A brief description what this network is all about." @@ -1609,11 +1834,11 @@ msgstr "A brief description what this network is all about." msgid "A class can have multiple match filters:" msgstr "A class can have multiple match filters:" -#: ../../configuration/trafficpolicy/index.rst:307 +#: ../../configuration/trafficpolicy/index.rst:357 msgid "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." msgstr "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." -#: ../../configuration/interfaces/openvpn.rst:538 +#: ../../configuration/interfaces/openvpn.rst:542 msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:" @@ -1621,7 +1846,7 @@ msgstr "A complete LDAP auth OpenVPN configuration could look like the following msgid "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" msgstr "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" -#: ../../configuration/vpn/sstp.rst:508 +#: ../../configuration/vpn/sstp.rst:518 msgid "A connection attempt will be shown as:" msgstr "A connection attempt will be shown as:" @@ -1633,6 +1858,10 @@ msgstr "A default route is automatically installed once the interface is up. To msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." +#: ../../configuration/service/broadcast-relay.rst:22 +msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." +msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." + #: ../../configuration/highavailability/index.rst:78 msgid "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." msgstr "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." @@ -1645,7 +1874,7 @@ msgstr "A domain name is the label (name) assigned to a computer network and is msgid "A dummy interface for the provider-assigned IP;" msgstr "A dummy interface for the provider-assigned IP;" -#: ../../configuration/highavailability/index.rst:436 +#: ../../configuration/highavailability/index.rst:440 msgid "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." @@ -1669,6 +1898,10 @@ msgstr "A human readable description what this CA is about." msgid "A human readable description what this certificate is about." msgstr "A human readable description what this certificate is about." +#: ../../_include/interface-evpn-uplink.txt:7 +msgid "A link can be setup for uplink tracking via the following example:" +msgstr "A link can be setup for uplink tracking via the following example:" + #: ../../configuration/interfaces/loopback.rst:17 msgid "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." msgstr "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." @@ -1685,6 +1918,10 @@ msgstr "A managed device is a network node that implements an SNMP interface tha msgid "A match filter can contain multiple criteria and will match traffic if all those criteria are true." msgstr "A match filter can contain multiple criteria and will match traffic if all those criteria are true." +#: ../../configuration/trafficpolicy/index.rst:238 +msgid "A match group can contain multiple criteria and inherit them in the same policy." +msgstr "A match group can contain multiple criteria and inherit them in the same policy." + #: ../../configuration/protocols/bfd.rst:145 msgid "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." msgstr "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." @@ -1693,7 +1930,7 @@ msgstr "A monitored static route conditions the installation to the RIB on the B msgid "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." msgstr "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." -#: ../../configuration/interfaces/bonding.rst:337 +#: ../../configuration/interfaces/bonding.rst:390 msgid "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." msgstr "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." @@ -1701,7 +1938,7 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" -#: ../../configuration/firewall/flowtables.rst:44 +#: ../../configuration/firewall/flowtables.rst:45 msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." @@ -1717,8 +1954,13 @@ msgstr "A physical interface is required to connect this MACsec instance to. Tra msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/ipv4.rst:508 -#: ../../configuration/firewall/ipv6.rst:491 +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 +msgid "A port can be set by number or name as defined in ``/etc/services``." +msgstr "A port can be set by number or name as defined in ``/etc/services``." + +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1730,7 +1972,7 @@ msgstr "A query for which there is authoritatively no answer is cached to quickl msgid "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." msgstr "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." -#: ../../configuration/vrf/index.rst:30 +#: ../../configuration/vrf/index.rst:26 msgid "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." msgstr "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." @@ -1755,15 +1997,19 @@ msgstr "A segment ID that contains an IP address prefix calculated by an IGP in msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." -#: ../../configuration/service/dhcp-server.rst:648 +#: ../../configuration/service/dhcp-server.rst:677 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" +#: ../../configuration/service/dhcp-server.rst:654 +msgid "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." +msgstr "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." + #: ../../configuration/protocols/bgp.rst:1168 msgid "A simple BGP configuration via IPv6." msgstr "A simple BGP configuration via IPv6." -#: ../../configuration/trafficpolicy/index.rst:769 +#: ../../configuration/trafficpolicy/index.rst:819 msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." @@ -1771,11 +2017,11 @@ msgstr "A simple Random Early Detection (RED) policy would start randomly droppi msgid "A simple eBGP configuration:" msgstr "A simple eBGP configuration:" -#: ../../configuration/trafficpolicy/index.rst:1124 +#: ../../configuration/trafficpolicy/index.rst:1174 msgid "A simple example of Shaper using priorities." msgstr "A simple example of Shaper using priorities." -#: ../../configuration/trafficpolicy/index.rst:532 +#: ../../configuration/trafficpolicy/index.rst:582 msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." @@ -1783,7 +2029,7 @@ msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." -#: ../../configuration/firewall/index.rst:14 +#: ../../configuration/firewall/index.rst:19 msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." @@ -1815,7 +2061,7 @@ msgstr "A user friendly alias for this connection. Can be used instead of the de msgid "A user friendly description identifying the connected peripheral." msgstr "A user friendly description identifying the connected peripheral." -#: ../../configuration/interfaces/bonding.rst:260 +#: ../../configuration/interfaces/bonding.rst:265 msgid "A value of 0 disables ARP monitoring. The default value is 0." msgstr "A value of 0 disables ARP monitoring. The default value is 0." @@ -1823,11 +2069,11 @@ msgstr "A value of 0 disables ARP monitoring. The default value is 0." msgid "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." -#: ../../configuration/trafficpolicy/index.rst:943 +#: ../../configuration/trafficpolicy/index.rst:993 msgid "A very small buffer will soon start dropping packets." msgstr "A very small buffer will soon start dropping packets." -#: ../../configuration/firewall/zone.rst:52 +#: ../../configuration/firewall/zone.rst:49 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." @@ -1851,18 +2097,19 @@ msgstr "Accept SSH connections for the given `<device>` on TCP port `<port>`. Af msgid "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." msgstr "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." -#: ../../configuration/service/pppoe-server.rst:384 -#: ../../configuration/vpn/l2tp.rst:328 +#: ../../configuration/service/pppoe-server.rst:404 #: ../../configuration/vpn/pptp.rst:252 -#: ../../configuration/vpn/sstp.rst:286 msgid "Accept peer interface identifier. By default is not defined." msgstr "Accept peer interface identifier. By default is not defined." -#: ../../configuration/service/ipoe-server.rst:364 -#: ../../configuration/service/pppoe-server.rst:530 -#: ../../configuration/vpn/l2tp.rst:484 +#: ../../configuration/vpn/l2tp.rst:331 +#: ../../configuration/vpn/sstp.rst:289 +msgid "Accept peer interface identifier. By default this is not defined." +msgstr "Accept peer interface identifier. By default this is not defined." + +#: ../../configuration/service/ipoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:555 #: ../../configuration/vpn/pptp.rst:408 -#: ../../configuration/vpn/sstp.rst:442 msgid "Acceptable rate of connections (e.g. 1/min, 60/sec)" msgstr "Acceptable rate of connections (e.g. 1/min, 60/sec)" @@ -1874,7 +2121,7 @@ msgstr "Access List Policy" msgid "Access Lists" msgstr "Access Lists" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." msgstr "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." @@ -1882,18 +2129,18 @@ msgstr "Action must be taken immediately - A condition that should be corrected msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "Action which will be run once the ctrl-alt-del keystroke is received." -#: ../../configuration/firewall/bridge.rst:65 -#: ../../configuration/firewall/ipv4.rst:81 -#: ../../configuration/firewall/ipv6.rst:81 +#: ../../configuration/firewall/bridge.rst:84 +#: ../../configuration/firewall/ipv4.rst:105 +#: ../../configuration/firewall/ipv6.rst:105 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Actions" -#: ../../configuration/interfaces/openvpn.rst:483 +#: ../../configuration/interfaces/openvpn.rst:487 msgid "Active Directory" msgstr "Active Directory" -#: ../../configuration/loadbalancing/reverse-proxy.rst:135 +#: ../../configuration/loadbalancing/haproxy.rst:142 msgid "Active health check backend server" msgstr "Active health check backend server" @@ -1901,7 +2148,7 @@ msgstr "Active health check backend server" msgid "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." msgstr "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." -#: ../../configuration/interfaces/wireless.rst:105 +#: ../../configuration/interfaces/wireless.rst:129 msgid "Add Power Constraint element to Beacon and Probe Response frames." msgstr "Add Power Constraint element to Beacon and Probe Response frames." @@ -1909,15 +2156,15 @@ msgstr "Add Power Constraint element to Beacon and Probe Response frames." msgid "Add a forwarding rule matching UDP port on your internet router." msgstr "Add a forwarding rule matching UDP port on your internet router." -#: ../../configuration/container/index.rst:118 +#: ../../configuration/container/index.rst:156 msgid "Add a host device to the container." msgstr "Add a host device to the container." -#: ../../configuration/service/ssh.rst:84 +#: ../../configuration/service/ssh.rst:85 msgid "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." msgstr "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." -#: ../../configuration/container/index.rst:58 +#: ../../configuration/container/index.rst:83 msgid "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." msgstr "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." @@ -1925,6 +2172,18 @@ msgstr "Add custom environment variables. Multiple environment variables are all msgid "Add default routes for routing ``table 10`` and ``table 11``" msgstr "Add default routes for routing ``table 10`` and ``table 11``" +#: ../../configuration/firewall/groups.rst:162 +msgid "Add description to firewall groups:" +msgstr "Add description to firewall groups:" + +#: ../../configuration/firewall/groups.rst:177 +msgid "Add destination IP address of the connection to a dynamic address group:" +msgstr "Add destination IP address of the connection to a dynamic address group:" + +#: ../../configuration/container/index.rst:184 +msgid "Add metadata label for this container." +msgstr "Add metadata label for this container." + #: ../../configuration/policy/examples.rst:176 msgid "Add multiple source IP in one rule with same priority" msgstr "Add multiple source IP in one rule with same priority" @@ -1953,6 +2212,10 @@ msgstr "Add policy route matching VLAN source addresses" msgid "Add public key portion for the certificate named `name` to the VyOS CLI." msgstr "Add public key portion for the certificate named `name` to the VyOS CLI." +#: ../../configuration/firewall/groups.rst:188 +msgid "Add source IP address of the connection to a dynamic address group:" +msgstr "Add source IP address of the connection to a dynamic address group:" + #: ../../configuration/pki/index.rst:195 msgid "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." msgstr "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." @@ -1973,7 +2236,11 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:301 +#: ../../configuration/firewall/groups.rst:170 +msgid "Adding elements to Dynamic Firewall Groups" +msgstr "Adding elements to Dynamic Firewall Groups" + +#: ../../configuration/loadbalancing/haproxy.rst:354 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -1985,6 +2252,10 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +#: ../../configuration/interfaces/openvpn.rst:419 +msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." + #: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" @@ -2009,11 +2280,16 @@ msgstr "Address Families" msgid "Address Groups" msgstr "Address Groups" -#: ../../configuration/service/dhcp-server.rst:651 +#: ../../configuration/service/suricata.rst:42 +msgid "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." +msgstr "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/service/dhcp-server.rst:656 +#: ../../configuration/service/dhcp-server.rst:680 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:641 +#: ../../configuration/service/dhcp-server.rst:670 msgid "Address pools" msgstr "Address pools" @@ -2021,7 +2297,7 @@ msgstr "Address pools" msgid "Address to listen for HTTPS requests" msgstr "Address to listen for HTTPS requests" -#: ../../configuration/container/index.rst:160 +#: ../../configuration/container/index.rst:215 msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." @@ -2029,19 +2305,23 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." +#: ../../configuration/interfaces/wireless.rst:129 +msgid "Adds the Power Constraint information element to Beacon and Probe Response frames." +msgstr "Adds the Power Constraint information element to Beacon and Probe Response frames." + #: ../../configuration/protocols/bgp.rst:669 msgid "Administrative Distance" msgstr "Administrative Distance" -#: ../../configuration/service/ipoe-server.rst:335 +#: ../../configuration/service/ipoe-server.rst:334 msgid "Advanced Interface Options" msgstr "Advanced Interface Options" -#: ../../configuration/service/ipoe-server.rst:307 -#: ../../configuration/service/pppoe-server.rst:425 -#: ../../configuration/vpn/l2tp.rst:369 +#: ../../configuration/service/ipoe-server.rst:306 +#: ../../configuration/service/pppoe-server.rst:447 +#: ../../configuration/vpn/l2tp.rst:372 #: ../../configuration/vpn/pptp.rst:293 -#: ../../configuration/vpn/sstp.rst:327 +#: ../../configuration/vpn/sstp.rst:330 msgid "Advanced Options" msgstr "Advanced Options" @@ -2049,6 +2329,10 @@ msgstr "Advanced Options" msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." +#: ../../configuration/nat/cgnat.rst:36 +msgid "Advantages of CGNAT" +msgstr "Advantages of CGNAT" + #: ../../configuration/interfaces/openvpn.rst:16 msgid "Advantages of OpenVPN are:" msgstr "Advantages of OpenVPN are:" @@ -2057,6 +2341,10 @@ msgstr "Advantages of OpenVPN are:" msgid "Advertise DNS server per https://tools.ietf.org/html/rfc6106" msgstr "Advertise DNS server per https://tools.ietf.org/html/rfc6106" +#: ../../configuration/service/router-advert.rst:110 +msgid "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." +msgstr "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." + #: ../../configuration/service/router-advert.rst:78 msgid "Advertising a NAT64 Prefix" msgstr "Advertising a NAT64 Prefix" @@ -2069,15 +2357,19 @@ msgstr "Advertising a Prefix" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" -#: ../../configuration/vrf/index.rst:344 +#: ../../configuration/vrf/index.rst:340 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." +#: ../../configuration/service/suricata.rst:32 +msgid "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." +msgstr "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:80 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." -#: ../../configuration/vpn/ipsec.rst:418 +#: ../../configuration/vpn/ipsec.rst:438 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." @@ -2085,6 +2377,10 @@ msgstr "After the PKI certs are all set up we can start configuring our IPSec/IK msgid "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." msgstr "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." +#: ../../configuration/vpn/ipsec.rst:419 +msgid "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." +msgstr "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." + #: ../../configuration/vpn/ipsec.rst:399 msgid "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." msgstr "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." @@ -2093,11 +2389,11 @@ msgstr "After you obtained your server certificate you can import it from a file msgid "Agent - software which runs on managed devices" msgstr "Agent - software which runs on managed devices" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Alert" msgstr "Alert" -#: ../../configuration/highavailability/index.rst:356 +#: ../../configuration/highavailability/index.rst:360 msgid "Algorithm" msgstr "Algorithm" @@ -2105,6 +2401,10 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" +#: ../../configuration/interfaces/bonding.rst:297 +msgid "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." +msgstr "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." + #: ../../configuration/service/dns.rst:248 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -2117,11 +2417,15 @@ msgstr "All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/ msgid "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." msgstr "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." +#: ../../configuration/interfaces/wwan.rst:324 +msgid "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." +msgstr "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." + #: ../../configuration/vpn/sstp.rst:22 msgid "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." msgstr "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." -#: ../../configuration/system/syslog.rst:110 +#: ../../configuration/system/syslog.rst:128 msgid "All facilities" msgstr "All facilities" @@ -2149,6 +2453,10 @@ msgstr "All routers in the PIM network must agree on these values." msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +#: ../../configuration/system/task-scheduler.rst:10 +msgid "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +msgstr "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." + #: ../../configuration/protocols/bgp.rst:241 msgid "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." msgstr "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." @@ -2157,11 +2465,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." -#: ../../configuration/firewall/zone.rst:55 +#: ../../configuration/firewall/zone.rst:52 msgid "All traffic between zones is affected by existing policies" msgstr "All traffic between zones is affected by existing policies" -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:51 msgid "All traffic to and from an interface within a zone is permitted." msgstr "All traffic to and from an interface within a zone is permitted." @@ -2169,15 +2477,15 @@ msgstr "All traffic to and from an interface within a zone is permitted." msgid "All tunnel sessions can be checked via:" msgstr "All tunnel sessions can be checked via:" -#: ../../configuration/service/ipoe-server.rst:231 -#: ../../configuration/service/pppoe-server.rst:193 +#: ../../configuration/service/ipoe-server.rst:230 +#: ../../configuration/service/pppoe-server.rst:210 #: ../../configuration/vpn/l2tp.rst:236 #: ../../configuration/vpn/pptp.rst:176 #: ../../configuration/vpn/sstp.rst:209 msgid "Allocation clients ip addresses by RADIUS" msgstr "Allocation clients ip addresses by RADIUS" -#: ../../configuration/service/ssh.rst:121 +#: ../../configuration/service/ssh.rst:141 msgid "Allow ``ssh`` dynamic-protection." msgstr "Allow ``ssh`` dynamic-protection." @@ -2189,7 +2497,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/https.rst:81 +#: ../../configuration/service/https.rst:113 msgid "Allow cross-origin requests from `<origin>`." msgstr "Allow cross-origin requests from `<origin>`." @@ -2197,7 +2505,7 @@ msgstr "Allow cross-origin requests from `<origin>`." msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." -#: ../../configuration/container/index.rst:32 +#: ../../configuration/container/index.rst:57 msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." @@ -2213,17 +2521,17 @@ msgstr "Allow this BFD peer to not be directly connected" msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:835 -#: ../../configuration/firewall/ipv6.rst:821 -#: ../../configuration/system/conntrack.rst:199 +#: ../../configuration/firewall/ipv4.rst:886 +#: ../../configuration/firewall/ipv6.rst:876 +#: ../../configuration/system/conntrack.rst:172 msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." -#: ../../configuration/interfaces/bridge.rst:171 +#: ../../configuration/interfaces/bridge.rst:170 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." -#: ../../configuration/loadbalancing/reverse-proxy.rst:73 +#: ../../configuration/loadbalancing/haproxy.rst:85 msgid "Allows to define URL path matching rules for a specific service." msgstr "Allows to define URL path matching rules for a specific service." @@ -2235,16 +2543,19 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP msgid "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." msgstr "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." -#: ../../configuration/service/ssh.rst:157 +#: ../../configuration/service/ssh.rst:177 msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Already learned known_hosts files of clients need an update as the public key will change." -#: ../../configuration/firewall/bridge.rst:123 -#: ../../configuration/firewall/ipv4.rst:166 -#: ../../configuration/firewall/ipv6.rst:166 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." +#: ../../configuration/firewall/bridge.rst:171 +msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." +msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." + #: ../../configuration/service/dhcp-relay.rst:110 msgid "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" msgstr "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" @@ -2253,10 +2564,22 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" +#: ../../configuration/firewall/bridge.rst:146 +msgid "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" +msgstr "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" + #: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." +#: ../../configuration/firewall/groups.rst:200 +msgid "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + +#: ../../configuration/firewall/groups.rst:199 +msgid "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + #: ../../configuration/protocols/static.rst:171 msgid "Alternate Routing Tables" msgstr "Alternate Routing Tables" @@ -2269,11 +2592,15 @@ msgstr "Alternate routing tables are used with policy based routing by utilizing msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +#: ../../configuration/interfaces/vxlan.rst:342 +msgid "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +msgstr "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" + #: ../../configuration/service/dhcp-server.rst:132 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." -#: ../../configuration/firewall/groups.rst:68 +#: ../../configuration/firewall/groups.rst:67 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2281,6 +2608,10 @@ msgstr "An **interface group** represents a collection of interfaces." msgid "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." msgstr "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." +#: ../../configuration/interfaces/bonding.rst:301 +msgid "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." +msgstr "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." + #: ../../configuration/trafficpolicy/index.rst:208 msgid "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." @@ -2289,7 +2620,7 @@ msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of msgid "An SNMP-managed network consists of three key components:" msgstr "An SNMP-managed network consists of three key components:" -#: ../../configuration/interfaces/bonding.rst:234 +#: ../../configuration/interfaces/bonding.rst:239 msgid "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." msgstr "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." @@ -2301,11 +2632,19 @@ msgstr "An additional layer of symmetric-key crypto can be used on top of the as msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." +#: ../../configuration/interfaces/wireguard.rst:103 +msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." +msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." + #: ../../configuration/interfaces/wireguard.rst:247 msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." #: ../../configuration/vpn/ipsec.rst:11 +msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." +msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." + +#: ../../configuration/vpn/ipsec.rst:11 msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." @@ -2317,7 +2656,7 @@ msgstr "An agent is a network-management software module that resides on a manag msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)" -#: ../../configuration/firewall/ipv4.rst:396 +#: ../../configuration/firewall/ipv4.rst:421 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." @@ -2333,10 +2672,15 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +#: ../../configuration/firewall/ipv6.rst:395 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" + #: ../../configuration/firewall/zone.rst:43 msgid "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." +#: ../../configuration/interfaces/openvpn.rst:768 #: ../../configuration/interfaces/tunnel.rst:36 #: ../../configuration/interfaces/tunnel.rst:54 #: ../../configuration/interfaces/tunnel.rst:71 @@ -2346,11 +2690,11 @@ msgstr "An basic introduction to zone-based firewalls can be found `here <https: msgid "An example:" msgstr "An example:" -#: ../../configuration/service/monitoring.rst:136 +#: ../../configuration/service/monitoring.rst:166 msgid "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" msgstr "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" -#: ../../configuration/interfaces/bridge.rst:236 +#: ../../configuration/interfaces/bridge.rst:235 msgid "An example of creating a VLAN-aware bridge is as follows:" msgstr "An example of creating a VLAN-aware bridge is as follows:" @@ -2366,22 +2710,30 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." -#: ../../configuration/firewall/flowtables.rst:142 +#: ../../configuration/firewall/flowtables.rst:143 msgid "Analysis on what happens for desired connection:" msgstr "Analysis on what happens for desired connection:" -#: ../../configuration/firewall/bridge.rst:297 +#: ../../configuration/firewall/bridge.rst:462 msgid "And, to print only bridge firewall information:" msgstr "And, to print only bridge firewall information:" -#: ../../configuration/firewall/ipv4.rst:57 +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv4.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" -#: ../../configuration/firewall/ipv6.rst:57 +#: ../../configuration/firewall/ipv6.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/service/ids.rst:138 msgid "And content of the script:" msgstr "And content of the script:" @@ -2390,20 +2742,32 @@ msgstr "And content of the script:" msgid "And for ipv6:" msgstr "And for ipv6:" -#: ../../configuration/firewall/groups.rst:165 +#: ../../configuration/firewall/bridge.rst:63 +msgid "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" +msgstr "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" + +#: ../../configuration/firewall/groups.rst:263 msgid "And next, some configuration example where groups are used:" msgstr "And next, some configuration example where groups are used:" -#: ../../configuration/firewall/bridge.rst:349 +#: ../../configuration/firewall/bridge.rst:514 msgid "And op-mode commands:" msgstr "And op-mode commands:" +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/system/ip.rst:97 msgid "And the different IPv4 **reset** commands available:" msgstr "And the different IPv4 **reset** commands available:" -#: ../../configuration/interfaces/bonding.rst:185 -#: ../../configuration/interfaces/bonding.rst:214 +#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:219 msgid "And then hash is reduced modulo slave count." msgstr "And then hash is reduced modulo slave count." @@ -2415,12 +2779,16 @@ msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT con msgid "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." msgstr "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." -#: ../../configuration/vpn/ipsec.rst:549 +#: ../../configuration/vpn/ipsec.rst:553 +msgid "Apple iOS/iPadOS (14.2+)" +msgstr "Apple iOS/iPadOS (14.2+)" + +#: ../../configuration/vpn/ipsec.rst:569 msgid "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." -#: ../../configuration/vrf/index.rst:52 -#: ../../configuration/vrf/index.rst:62 +#: ../../configuration/vrf/index.rst:48 +#: ../../configuration/vrf/index.rst:58 msgid "Apply a route-map filter to routes for the specified protocol." msgstr "Apply a route-map filter to routes for the specified protocol." @@ -2436,7 +2804,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo msgid "Apply routing policy to **inbound** direction of out VLAN interfaces" msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces" -#: ../../configuration/firewall/zone.rst:101 +#: ../../configuration/firewall/zone.rst:98 msgid "Applying a Rule-Set to a Zone" msgstr "Applying a Rule-Set to a Zone" @@ -2444,7 +2812,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1218 +#: ../../configuration/trafficpolicy/index.rst:1268 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2457,15 +2825,23 @@ msgstr "Area Configuration" msgid "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" msgstr "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" +#: ../../configuration/protocols/isis.rst:55 +msgid "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" + +#: ../../configuration/protocols/openfabric.rst:45 +msgid "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" + #: ../../configuration/system/task-scheduler.rst:38 msgid "Arguments which will be passed to the executable." msgstr "Arguments which will be passed to the executable." -#: ../../configuration/interfaces/bonding.rst:396 +#: ../../configuration/interfaces/bonding.rst:449 msgid "Arista EOS" msgstr "Arista EOS" -#: ../../configuration/interfaces/bonding.rst:381 +#: ../../configuration/interfaces/bonding.rst:434 msgid "Aruba/HP" msgstr "Aruba/HP" @@ -2481,6 +2857,10 @@ msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." +#: ../../configuration/vpn/sstp.rst:19 +msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." +msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." + #: ../../configuration/interfaces/vxlan.rst:61 msgid "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." msgstr "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." @@ -2489,7 +2869,7 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." -#: ../../configuration/firewall/index.rst:7 +#: ../../configuration/firewall/index.rst:12 msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." @@ -2497,19 +2877,27 @@ msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter proje msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." -#: ../../configuration/trafficpolicy/index.rst:940 +#: ../../configuration/interfaces/wwan.rst:327 +msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." +msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." + +#: ../../configuration/trafficpolicy/index.rst:990 msgid "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." -#: ../../configuration/interfaces/openvpn.rst:666 +#: ../../configuration/interfaces/openvpn.rst:807 msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." -#: ../../configuration/firewall/zone.rst:68 +#: ../../configuration/firewall/zone.rst:65 msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." -#: ../../configuration/vpn/ipsec.rst:523 +#: ../../configuration/firewall/groups.rst:230 +msgid "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" +msgstr "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" + +#: ../../configuration/vpn/ipsec.rst:543 msgid "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." @@ -2517,7 +2905,15 @@ msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain se msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." -#: ../../configuration/system/option.rst:110 +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." +msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." + +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." +msgstr "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." + +#: ../../configuration/system/option.rst:130 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." @@ -2533,7 +2929,7 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." -#: ../../configuration/firewall/groups.rst:147 +#: ../../configuration/firewall/groups.rst:245 msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." @@ -2541,11 +2937,11 @@ msgstr "As said before, once firewall groups are created, they can be referenced msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." -#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:373 msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." -#: ../../configuration/firewall/index.rst:176 +#: ../../configuration/firewall/index.rst:223 msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." @@ -2561,19 +2957,19 @@ msgstr "As the name implies, it's IPv4 encapsulated in IPv6, as simple as that." msgid "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" msgstr "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" -#: ../../configuration/trafficpolicy/index.rst:997 +#: ../../configuration/trafficpolicy/index.rst:1047 msgid "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." msgstr "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." -#: ../../configuration/trafficpolicy/index.rst:1076 +#: ../../configuration/trafficpolicy/index.rst:1126 msgid "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." msgstr "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." -#: ../../configuration/trafficpolicy/index.rst:718 +#: ../../configuration/trafficpolicy/index.rst:768 msgid "As with other policies, you can define different type of matching rules for your classes:" msgstr "As with other policies, you can define different type of matching rules for your classes:" -#: ../../configuration/trafficpolicy/index.rst:734 +#: ../../configuration/trafficpolicy/index.rst:784 msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" @@ -2581,6 +2977,10 @@ msgstr "As with other policies, you can embed_ other policies into the classes ( msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" +#: ../../configuration/interfaces/vxlan.rst:285 +msgid "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" +msgstr "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" + #: ../../configuration/firewall/general-legacy.rst:770 msgid "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." msgstr "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." @@ -2589,22 +2989,25 @@ msgstr "As you can see in the example here, you can assign the same rule-set to msgid "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." msgstr "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:86 +#: ../../configuration/loadbalancing/haproxy.rst:98 msgid "Assign a specific backend to a rule" msgstr "Assign a specific backend to a rule" -#: ../../configuration/vrf/index.rst:98 +#: ../../configuration/vpn/l2tp.rst:384 +#: ../../configuration/vpn/sstp.rst:342 +msgid "Assign a static IP address to `<user>` account." +msgstr "Assign a static IP address to `<user>` account." + +#: ../../configuration/vrf/index.rst:94 msgid "Assign interface identified by `<interface>` to VRF named `<name>`." msgstr "Assign interface identified by `<interface>` to VRF named `<name>`." -#: ../../configuration/interfaces/bonding.rst:324 +#: ../../configuration/interfaces/bonding.rst:377 msgid "Assign member interfaces to PortChannel" msgstr "Assign member interfaces to PortChannel" -#: ../../configuration/service/pppoe-server.rst:437 -#: ../../configuration/vpn/l2tp.rst:381 +#: ../../configuration/service/pppoe-server.rst:460 #: ../../configuration/vpn/pptp.rst:305 -#: ../../configuration/vpn/sstp.rst:339 msgid "Assign static IP address to `<user>` account." msgstr "Assign static IP address to `<user>` account." @@ -2624,55 +3027,55 @@ msgstr "Associates the previously generated private key to a specific WireGuard msgid "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." msgstr "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "Assured Forwarding(AF) 11" msgstr "Assured Forwarding(AF) 11" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "Assured Forwarding(AF) 12" msgstr "Assured Forwarding(AF) 12" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "Assured Forwarding(AF) 13" msgstr "Assured Forwarding(AF) 13" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "Assured Forwarding(AF) 21" msgstr "Assured Forwarding(AF) 21" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "Assured Forwarding(AF) 22" msgstr "Assured Forwarding(AF) 22" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "Assured Forwarding(AF) 23" msgstr "Assured Forwarding(AF) 23" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "Assured Forwarding(AF) 31" msgstr "Assured Forwarding(AF) 31" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "Assured Forwarding(AF) 32" msgstr "Assured Forwarding(AF) 32" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "Assured Forwarding(AF) 33" msgstr "Assured Forwarding(AF) 33" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Assured Forwarding(AF) 41" msgstr "Assured Forwarding(AF) 41" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Assured Forwarding(AF) 42" msgstr "Assured Forwarding(AF) 42" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "Assured Forwarding(AF) 43" msgstr "Assured Forwarding(AF) 43" -#: ../../configuration/trafficpolicy/index.rst:980 +#: ../../configuration/trafficpolicy/index.rst:1030 msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." @@ -2684,11 +3087,11 @@ msgstr "At the moment it not possible to look at the whole firewall log with VyO msgid "At the time of this writing the following displays are supported:" msgstr "At the time of this writing the following displays are supported:" -#: ../../configuration/trafficpolicy/index.rst:490 +#: ../../configuration/trafficpolicy/index.rst:540 msgid "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." msgstr "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." -#: ../../configuration/container/index.rst:42 +#: ../../configuration/container/index.rst:66 msgid "Attaches user-defined network to a container. Only one network must be specified and must already exist." msgstr "Attaches user-defined network to a container. Only one network must be specified and must already exist." @@ -2696,15 +3099,15 @@ msgstr "Attaches user-defined network to a container. Only one network must be s msgid "Authentication" msgstr "Authentication" -#: ../../configuration/service/ipoe-server.rst:310 -#: ../../configuration/service/pppoe-server.rst:428 -#: ../../configuration/vpn/l2tp.rst:372 +#: ../../configuration/service/ipoe-server.rst:309 +#: ../../configuration/service/pppoe-server.rst:450 +#: ../../configuration/vpn/l2tp.rst:375 #: ../../configuration/vpn/pptp.rst:296 -#: ../../configuration/vpn/sstp.rst:330 +#: ../../configuration/vpn/sstp.rst:333 msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:115 +#: ../../configuration/interfaces/ethernet.rst:123 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2720,7 +3123,7 @@ msgstr "Authentication application client-secret." msgid "Authentication application tenant-id" msgstr "Authentication application tenant-id" -#: ../../configuration/interfaces/openvpn.rst:449 +#: ../../configuration/interfaces/openvpn.rst:453 msgid "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" msgstr "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" @@ -2744,7 +3147,7 @@ msgstr "Authoritative zones" msgid "Authorization token" msgstr "Authorization token" -#: ../../configuration/service/pppoe-server.rst:228 +#: ../../configuration/service/pppoe-server.rst:247 msgid "Automatic VLAN Creation" msgstr "Automatic VLAN Creation" @@ -2764,6 +3167,10 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds." msgid "Autonomous Systems" msgstr "Autonomous Systems" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "Available health check protocols:" +msgstr "Available health check protocols:" + #: ../../configuration/nat/nat44.rst:384 msgid "Avoiding \"leaky\" NAT" msgstr "Avoiding \"leaky\" NAT" @@ -2844,10 +3251,18 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." -#: ../../configuration/vrf/index.rst:432 +#: ../../configuration/vrf/index.rst:428 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." +#: ../../configuration/interfaces/wireless.rst:361 +msgid "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." +msgstr "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." + +#: ../../configuration/interfaces/bonding.rst:330 +msgid "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." +msgstr "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." + #: ../../configuration/protocols/babel.rst:5 msgid "Babel" msgstr "Babel" @@ -2860,15 +3275,15 @@ msgstr "Babel a dual stack protocol. A single Babel instance is able to perform msgid "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." msgstr "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:95 +#: ../../configuration/loadbalancing/haproxy.rst:107 msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:339 +#: ../../configuration/loadbalancing/haproxy.rst:393 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "Balance algorithms:" msgstr "Balance algorithms:" @@ -2876,15 +3291,15 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:252 +#: ../../configuration/loadbalancing/haproxy.rst:304 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +#: ../../configuration/loadbalancing/haproxy.rst:419 msgid "Balancing with HTTP health checks" msgstr "Balancing with HTTP health checks" -#: ../../configuration/service/pppoe-server.rst:251 +#: ../../configuration/service/pppoe-server.rst:270 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2893,7 +3308,7 @@ msgstr "Bandwidth Shaping" msgid "Bandwidth Shaping for local users" msgstr "Bandwidth Shaping for local users" -#: ../../configuration/service/pppoe-server.rst:253 +#: ../../configuration/service/pppoe-server.rst:272 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes." @@ -2905,11 +3320,19 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." -#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv4.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" -#: ../../configuration/firewall/ipv6.rst:54 +#: ../../configuration/firewall/ipv6.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" @@ -2941,7 +3364,12 @@ msgstr "Basic setup" msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." -#: ../../configuration/interfaces/wireless.rst:235 +#: ../../configuration/interfaces/wireless.rst:103 +msgid "Beacon Protection: management frame protection for Beacon frames." +msgstr "Beacon Protection: management frame protection for Beacon frames." + +#: ../../configuration/interfaces/wireless.rst:266 +#: ../../configuration/interfaces/wireless.rst:349 msgid "Beamforming capabilities:" msgstr "Beamforming capabilities:" @@ -2953,11 +3381,19 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:86 +#: ../../configuration/interfaces/ethernet.rst:94 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." -#: ../../configuration/firewall/zone.rst:103 +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check members of firewall groups:" +msgstr "Before testing, we can check members of firewall groups:" + +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check the members of firewall groups:" +msgstr "Before testing, we can check the members of firewall groups:" + +#: ../../configuration/firewall/zone.rst:100 msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first." @@ -2973,7 +3409,7 @@ msgstr "Below flow-chart could be a quick reference for the close-action combina msgid "Below is an example to configure a LNS:" msgstr "Below is an example to configure a LNS:" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "Best effort traffic, default" msgstr "Best effort traffic, default" @@ -2985,11 +3421,11 @@ msgstr "Between computers, the most common configuration used was \"8N1\": eight msgid "Bidirectional NAT" msgstr "Bidirectional NAT" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Binary value" msgstr "Binary value" -#: ../../configuration/container/index.rst:153 +#: ../../configuration/container/index.rst:208 msgid "Bind container network to a given VRF instance." msgstr "Bind container network to a given VRF instance." @@ -3005,11 +3441,11 @@ msgstr "Binds eth1.241 and vxlan241 to each other by making them both member int msgid "Blackhole" msgstr "Blackhole" -#: ../../configuration/service/ssh.rst:130 +#: ../../configuration/service/ssh.rst:150 msgid "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." msgstr "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." -#: ../../configuration/service/ssh.rst:139 +#: ../../configuration/service/ssh.rst:159 msgid "Block source IP when their cumulative attack score exceeds threshold. The default is 30." msgstr "Block source IP when their cumulative attack score exceeds threshold. The default is 30." @@ -3049,7 +3485,7 @@ msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Au msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." -#: ../../configuration/interfaces/openvpn.rst:428 +#: ../../configuration/interfaces/openvpn.rst:432 msgid "Branch 1's router might have the following lines:" msgstr "Branch 1's router might have the following lines:" @@ -3069,12 +3505,12 @@ msgstr "Bridge Firewall Configuration" msgid "Bridge Options" msgstr "Bridge Options" -#: ../../configuration/firewall/bridge.rst:56 +#: ../../configuration/firewall/bridge.rst:75 msgid "Bridge Rules" msgstr "Bridge Rules" -#: ../../configuration/interfaces/bridge.rst:207 -#: ../../configuration/interfaces/bridge.rst:242 +#: ../../configuration/interfaces/bridge.rst:206 +#: ../../configuration/interfaces/bridge.rst:241 msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" @@ -3082,11 +3518,11 @@ msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgid "Bridge maximum aging `<time>` in seconds (default: 20)." msgstr "Bridge maximum aging `<time>` in seconds (default: 20)." -#: ../../configuration/service/ipoe-server.rst:360 -#: ../../configuration/service/pppoe-server.rst:526 -#: ../../configuration/vpn/l2tp.rst:480 +#: ../../configuration/service/ipoe-server.rst:359 +#: ../../configuration/service/pppoe-server.rst:551 +#: ../../configuration/vpn/l2tp.rst:485 #: ../../configuration/vpn/pptp.rst:404 -#: ../../configuration/vpn/sstp.rst:438 +#: ../../configuration/vpn/sstp.rst:443 msgid "Burst count" msgstr "Burst count" @@ -3118,6 +3554,10 @@ msgstr "By default, ddclient_ will update a dynamic dns record using the IP addr msgid "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." msgstr "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." +#: ../../configuration/firewall/bridge.rst:430 +msgid "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" +msgstr "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" + #: ../../configuration/protocols/ospf.rst:534 #: ../../configuration/protocols/ospf.rst:1246 msgid "By default, it supports both planned and unplanned outages." @@ -3131,7 +3571,7 @@ msgstr "By default, locally advertised prefixes use the implicit-null label to e msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." -#: ../../configuration/system/flow-accounting.rst:60 +#: ../../configuration/system/flow-accounting.rst:64 msgid "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" msgstr "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" @@ -3139,7 +3579,7 @@ msgstr "By default, recorded flows will be saved internally and can be listed wi msgid "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." msgstr "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." -#: ../../configuration/interfaces/wireless.rst:73 +#: ../../configuration/interfaces/wireless.rst:85 msgid "By default, this bridging is allowed." msgstr "By default, this bridging is allowed." @@ -3147,6 +3587,10 @@ msgstr "By default, this bridging is allowed." msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." +#: ../../configuration/firewall/global-options.rst:27 +msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." +msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." + #: ../../configuration/highavailability/index.rst:190 msgid "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." msgstr "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." @@ -3160,7 +3604,7 @@ msgstr "By default VRRP uses preemption. You can disable it with the \"no-preemp msgid "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." msgstr "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." -#: ../../configuration/vrf/index.rst:35 +#: ../../configuration/vrf/index.rst:31 msgid "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." msgstr "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." @@ -3172,7 +3616,7 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" -#: ../../configuration/trafficpolicy/index.rst:1151 +#: ../../configuration/trafficpolicy/index.rst:1201 msgid "CAKE" msgstr "CAKE" @@ -3180,7 +3624,15 @@ msgstr "CAKE" msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" -#: ../../configuration/trafficpolicy/index.rst:793 +#: ../../configuration/nat/cgnat.rst:5 +msgid "CGNAT" +msgstr "CGNAT" + +#: ../../configuration/nat/cgnat.rst:17 +msgid "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." +msgstr "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:843 msgid "CRITIC/ECP" msgstr "CRITIC/ECP" @@ -3210,11 +3662,11 @@ msgstr "Certificate revocation list in PEM format." msgid "Certificates" msgstr "Certificates" -#: ../../configuration/system/option.rst:96 +#: ../../configuration/system/option.rst:116 msgid "Change system keyboard layout to given language." msgstr "Change system keyboard layout to given language." -#: ../../configuration/firewall/zone.rst:94 +#: ../../configuration/firewall/zone.rst:91 msgid "Change the default-action with this setting." msgstr "Change the default-action with this setting." @@ -3226,14 +3678,22 @@ msgstr "Changes in BGP policies require the BGP session to be cleared. Clearing msgid "Changes to the NAT system only affect newly established connections. Already established connections are not affected." msgstr "Changes to the NAT system only affect newly established connections. Already established connections are not affected." -#: ../../configuration/system/option.rst:100 +#: ../../configuration/system/option.rst:120 msgid "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." msgstr "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." -#: ../../configuration/interfaces/wireless.rst:44 +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." + +#: ../../configuration/interfaces/wireless.rst:55 msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." + #: ../../configuration/system/updates.rst:28 msgid "Check:" msgstr "Check:" @@ -3242,7 +3702,7 @@ msgstr "Check:" msgid "Check if the Intel® QAT device is up and ready to do the job." msgstr "Check if the Intel® QAT device is up and ready to do the job." -#: ../../configuration/interfaces/openvpn.rst:706 +#: ../../configuration/interfaces/openvpn.rst:847 msgid "Check status" msgstr "Check status" @@ -3254,15 +3714,19 @@ msgstr "Check the many parameters available for the `show ipv6 route` command:" msgid "Checking connections" msgstr "Checking connections" -#: ../../configuration/firewall/flowtables.rst:165 +#: ../../configuration/firewall/flowtables.rst:166 msgid "Checks" msgstr "Checks" +#: ../../configuration/service/suricata.rst:82 +msgid "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." +msgstr "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." + #: ../../configuration/service/tftp-server.rst:21 msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." -#: ../../configuration/interfaces/bonding.rst:322 +#: ../../configuration/interfaces/bonding.rst:375 msgid "Cisco Catalyst" msgstr "Cisco Catalyst" @@ -3274,7 +3738,7 @@ msgstr "Cisco and Allied Telesyn call it Private VLAN" msgid "Clamp MSS for a specific IP" msgstr "Clamp MSS for a specific IP" -#: ../../configuration/trafficpolicy/index.rst:227 +#: ../../configuration/trafficpolicy/index.rst:277 msgid "Class treatment" msgstr "Class treatment" @@ -3290,7 +3754,7 @@ msgstr "Classless static route" msgid "Clear all BGP extcommunities." msgstr "Clear all BGP extcommunities." -#: ../../configuration/interfaces/openvpn.rst:571 +#: ../../configuration/interfaces/openvpn.rst:575 msgid "Client" msgstr "Client" @@ -3302,19 +3766,20 @@ msgstr "Client:" msgid "Client Address Pools" msgstr "Client Address Pools" -#: ../../configuration/interfaces/openvpn.rst:440 +#: ../../configuration/interfaces/openvpn.rst:444 msgid "Client Authentication" msgstr "Client Authentication" +#: ../../configuration/vpn/ipsec.rst:512 #: ../../configuration/vpn/remoteaccess_ipsec.rst:137 msgid "Client Configuration" msgstr "Client Configuration" -#: ../../configuration/service/ipoe-server.rst:328 -#: ../../configuration/service/pppoe-server.rst:446 -#: ../../configuration/vpn/l2tp.rst:400 +#: ../../configuration/service/ipoe-server.rst:327 +#: ../../configuration/service/pppoe-server.rst:469 +#: ../../configuration/vpn/l2tp.rst:403 #: ../../configuration/vpn/pptp.rst:324 -#: ../../configuration/vpn/sstp.rst:358 +#: ../../configuration/vpn/sstp.rst:361 msgid "Client IP Pool Advanced Options" msgstr "Client IP Pool Advanced Options" @@ -3322,10 +3787,14 @@ msgstr "Client IP Pool Advanced Options" msgid "Client IP addresses will be provided from pool `192.0.2.0/25`" msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`" -#: ../../configuration/interfaces/openvpn.rst:614 +#: ../../configuration/interfaces/openvpn.rst:618 msgid "Client Side" msgstr "Client Side" +#: ../../configuration/interfaces/openvpn.rst:700 +msgid "Client Side :" +msgstr "Client Side :" + #: ../../configuration/service/ipoe-server.rst:186 msgid "Client configuration" msgstr "Client configuration" @@ -3338,11 +3807,11 @@ msgstr "Client domain name" msgid "Client domain search" msgstr "Client domain search" -#: ../../configuration/interfaces/wireless.rst:70 +#: ../../configuration/interfaces/wireless.rst:82 msgid "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." msgstr "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." -#: ../../configuration/interfaces/openvpn.rst:399 +#: ../../configuration/interfaces/openvpn.rst:403 msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" @@ -3350,7 +3819,7 @@ msgstr "Clients are identified by the CN field of their x.509 certificates, in t msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "Clock daemon" msgstr "Clock daemon" @@ -3358,25 +3827,29 @@ msgstr "Clock daemon" msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." -#: ../../configuration/firewall/bridge.rst:216 -#: ../../configuration/firewall/ipv4.rst:298 -#: ../../configuration/firewall/ipv6.rst:298 +#: ../../configuration/firewall/bridge.rst:321 +#: ../../configuration/firewall/ipv4.rst:323 +#: ../../configuration/firewall/ipv6.rst:323 msgid "Command for disabling a rule but keep it in the configuration." msgstr "Command for disabling a rule but keep it in the configuration." -#: ../../configuration/vrf/index.rst:147 +#: ../../configuration/vrf/index.rst:143 msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." -#: ../../configuration/firewall/ipv4.rst:1202 -#: ../../configuration/firewall/ipv6.rst:1195 +#: ../../configuration/firewall/ipv4.rst:1306 +#: ../../configuration/firewall/ipv6.rst:1305 msgid "Command used to update GeoIP database and firewall sets." msgstr "Command used to update GeoIP database and firewall sets." -#: ../../configuration/firewall/flowtables.rst:119 +#: ../../configuration/firewall/flowtables.rst:120 msgid "Commands" msgstr "Commands" +#: ../../configuration/firewall/groups.rst:175 +msgid "Commands used for this task are:" +msgstr "Commands used for this task are:" + #: ../../configuration/service/dhcp-server.rst:436 msgid "Common configuration, valid for both primary and secondary node." msgstr "Common configuration, valid for both primary and secondary node." @@ -3404,6 +3877,14 @@ msgstr "Common interface configuration" msgid "Common parameters" msgstr "Common parameters" +#: ../../configuration/interfaces/openvpn.rst:634 +msgid "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." +msgstr "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." + +#: ../../configuration/service/suricata.rst:92 +msgid "Conclusion" +msgstr "Conclusion" + #: ../../configuration/protocols/bgp.rst:949 msgid "Confederation Configuration" msgstr "Confederation Configuration" @@ -3412,10 +3893,14 @@ msgstr "Confederation Configuration" msgid "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." +#: ../../configuration/service/config-sync.rst:5 +msgid "Config Sync" +msgstr "Config Sync" + #: ../../configuration/container/index.rst:12 #: ../../configuration/firewall/global-options.rst:23 #: ../../configuration/firewall/groups.rst:11 -#: ../../configuration/firewall/zone.rst:66 +#: ../../configuration/firewall/zone.rst:63 #: ../../configuration/interfaces/bonding.rst:17 #: ../../configuration/interfaces/bridge.rst:21 #: ../../configuration/interfaces/dummy.rst:28 @@ -3424,7 +3909,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/l2tpv3.rst:31 #: ../../configuration/interfaces/loopback.rst:26 #: ../../configuration/interfaces/macsec.rst:20 -#: ../../configuration/interfaces/openvpn.rst:585 +#: ../../configuration/interfaces/openvpn.rst:589 #: ../../configuration/interfaces/pppoe.rst:59 #: ../../configuration/interfaces/pseudo-ethernet.rst:45 #: ../../configuration/interfaces/sstp-client.rst:20 @@ -3433,7 +3918,8 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/vxlan.rst:39 #: ../../configuration/interfaces/wireless.rst:30 #: ../../configuration/interfaces/wwan.rst:16 -#: ../../configuration/loadbalancing/reverse-proxy.rst:13 +#: ../../configuration/loadbalancing/haproxy.rst:13 +#: ../../configuration/nat/cgnat.rst:73 #: ../../configuration/nat/nat44.rst:705 #: ../../configuration/policy/access-list.rst:13 #: ../../configuration/policy/as-path-list.rst:10 @@ -3447,10 +3933,12 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/protocols/bgp.rst:164 #: ../../configuration/protocols/igmp-proxy.rst:14 #: ../../configuration/protocols/isis.rst:28 +#: ../../configuration/protocols/openfabric.rst:20 #: ../../configuration/protocols/ospf.rst:22 #: ../../configuration/protocols/ospf.rst:1076 #: ../../configuration/protocols/rpki.rst:102 #: ../../configuration/service/broadcast-relay.rst:18 +#: ../../configuration/service/config-sync.rst:24 #: ../../configuration/service/conntrack-sync.rst:38 #: ../../configuration/service/console-server.rst:21 #: ../../configuration/service/dhcp-relay.rst:19 @@ -3467,13 +3955,14 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/service/router-advert.rst:28 #: ../../configuration/service/salt-minion.rst:25 #: ../../configuration/service/ssh.rst:36 +#: ../../configuration/service/suricata.rst:38 #: ../../configuration/service/tftp-server.rst:14 #: ../../configuration/service/webproxy.rst:21 #: ../../configuration/system/default-route.rst:12 #: ../../configuration/system/flow-accounting.rst:43 #: ../../configuration/system/lcd.rst:17 -#: ../../configuration/system/login.rst:245 -#: ../../configuration/system/login.rst:314 +#: ../../configuration/system/login.rst:251 +#: ../../configuration/system/login.rst:320 #: ../../configuration/system/sflow.rst:12 #: ../../configuration/system/updates.rst:8 #: ../../configuration/vpn/dmvpn.rst:38 @@ -3481,26 +3970,27 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/vpn/openconnect.rst:21 #: ../../configuration/vpn/sstp.rst:40 #: ../../configuration/vrf/index.rst:16 -#: ../../configuration/vrf/index.rst:272 -#: ../../configuration/vrf/index.rst:307 -#: ../../configuration/vrf/index.rst:455 +#: ../../configuration/vrf/index.rst:268 +#: ../../configuration/vrf/index.rst:303 +#: ../../configuration/vrf/index.rst:451 msgid "Configuration" msgstr "Configuration" -#: ../../configuration/firewall/flowtables.rst:100 +#: ../../configuration/firewall/flowtables.rst:101 #: ../../configuration/protocols/babel.rst:188 #: ../../configuration/protocols/ospf.rst:1316 #: ../../configuration/protocols/pim6.rst:78 #: ../../configuration/protocols/rip.rst:239 #: ../../configuration/protocols/segment-routing.rst:187 -#: ../../configuration/system/login.rst:283 -#: ../../configuration/system/login.rst:354 +#: ../../configuration/system/login.rst:289 +#: ../../configuration/system/login.rst:360 msgid "Configuration Example" msgstr "Configuration Example" +#: ../../configuration/nat/cgnat.rst:108 #: ../../configuration/nat/nat44.rst:325 #: ../../configuration/nat/nat64.rst:38 -#: ../../configuration/nat/nat66.rst:109 +#: ../../configuration/nat/nat66.rst:121 msgid "Configuration Examples" msgstr "Configuration Examples" @@ -3516,7 +4006,7 @@ msgstr "Configuration Options" msgid "Configuration commands covered in this section:" msgstr "Configuration commands covered in this section:" -#: ../../configuration/vpn/ipsec.rst:288 +#: ../../configuration/vpn/ipsec.rst:308 msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" @@ -3524,11 +4014,11 @@ msgstr "Configuration commands for the private and public key will be displayed msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" -#: ../../configuration/firewall/bridge.rst:323 +#: ../../configuration/firewall/bridge.rst:488 msgid "Configuration example:" msgstr "Configuration example:" -#: ../../configuration/vrf/index.rst:449 +#: ../../configuration/vrf/index.rst:445 msgid "Configuration for these exported routes must, at a minimum, specify these two parameters." msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters." @@ -3544,10 +4034,22 @@ msgstr "Configuration of a DHCP HA pair:" msgid "Configuration of a DHCP failover pair" msgstr "Configuration of a DHCP failover pair" -#: ../../configuration/vrf/index.rst:457 +#: ../../configuration/vrf/index.rst:453 msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." +#: ../../configuration/service/suricata.rst:69 +msgid "Configuration of the logging file." +msgstr "Configuration of the logging file." + +#: ../../configuration/service/config-sync.rst:113 +msgid "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." +msgstr "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." + +#: ../../configuration/service/config-sync.rst:7 +msgid "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." +msgstr "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." + #: ../../configuration/protocols/static.rst:199 #: ../../configuration/system/conntrack.rst:12 msgid "Configure" @@ -3565,7 +4067,7 @@ msgstr "Configure DNS `<record>` which should be updated. This can be set multip msgid "Configure DNS `<zone>` to be updated." msgstr "Configure DNS `<zone>` to be updated." -#: ../../configuration/interfaces/geneve.rst:53 +#: ../../configuration/interfaces/geneve.rst:77 msgid "Configure GENEVE tunnel far end/remote tunnel endpoint." msgstr "Configure GENEVE tunnel far end/remote tunnel endpoint." @@ -3587,16 +4089,16 @@ msgstr "Configure ICMP threshold parameters." msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets." msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets." -#: ../../configuration/service/ipoe-server.rst:162 -#: ../../configuration/service/pppoe-server.rst:124 +#: ../../configuration/service/ipoe-server.rst:161 +#: ../../configuration/service/pppoe-server.rst:127 #: ../../configuration/vpn/l2tp.rst:167 #: ../../configuration/vpn/pptp.rst:107 #: ../../configuration/vpn/sstp.rst:140 msgid "Configure RADIUS `<server>` and its required port for authentication requests." msgstr "Configure RADIUS `<server>` and its required port for authentication requests." -#: ../../configuration/service/ipoe-server.rst:128 -#: ../../configuration/service/pppoe-server.rst:90 +#: ../../configuration/service/ipoe-server.rst:127 +#: ../../configuration/service/pppoe-server.rst:91 #: ../../configuration/vpn/l2tp.rst:133 #: ../../configuration/vpn/pptp.rst:73 #: ../../configuration/vpn/sstp.rst:106 @@ -3619,11 +4121,11 @@ msgstr "Configure UDP threshold parameters" msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." -#: ../../configuration/system/login.rst:379 +#: ../../configuration/system/login.rst:385 msgid "Configure `<message>` which is shown after user has logged in to the system." msgstr "Configure `<message>` which is shown after user has logged in to the system." -#: ../../configuration/system/login.rst:374 +#: ../../configuration/system/login.rst:380 msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in." @@ -3647,7 +4149,7 @@ msgstr "Configure `<username>` used when authenticating the update request for D msgid "Configure a URL that contains information about images." msgstr "Configure a URL that contains information about images." -#: ../../configuration/system/flow-accounting.rst:158 +#: ../../configuration/system/flow-accounting.rst:162 msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." @@ -3661,7 +4163,7 @@ msgstr "Configure a static route for <subnet> using gateway <address> , use sour msgid "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." msgstr "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." -#: ../../configuration/system/flow-accounting.rst:106 +#: ../../configuration/system/flow-accounting.rst:110 msgid "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." msgstr "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." @@ -3669,7 +4171,7 @@ msgstr "Configure address of NetFlow collector. NetFlow server at `<address>` ca msgid "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." msgstr "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." -#: ../../configuration/system/flow-accounting.rst:148 +#: ../../configuration/system/flow-accounting.rst:152 msgid "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" msgstr "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" @@ -3693,7 +4195,7 @@ msgstr "Configure an accounting server and enable accounting with:" msgid "Configure and enable collection of flow information for the interface identified by <interface>." msgstr "Configure and enable collection of flow information for the interface identified by <interface>." -#: ../../configuration/system/flow-accounting.rst:50 +#: ../../configuration/system/flow-accounting.rst:54 msgid "Configure and enable collection of flow information for the interface identified by `<interface>`." msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`." @@ -3701,11 +4203,11 @@ msgstr "Configure and enable collection of flow information for the interface id msgid "Configure auto-checking for new images" msgstr "Configure auto-checking for new images" -#: ../../configuration/loadbalancing/reverse-proxy.rst:114 +#: ../../configuration/loadbalancing/haproxy.rst:126 msgid "Configure backend `<name>` mode TCP or HTTP" msgstr "Configure backend `<name>` mode TCP or HTTP" -#: ../../configuration/nat/nat66.rst:148 +#: ../../configuration/nat/nat66.rst:160 msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" @@ -3754,6 +4256,10 @@ msgstr "Configure listen interface for mirroring traffic." msgid "Configure local IPv4 address to listen for sflow." msgstr "Configure local IPv4 address to listen for sflow." +#: ../../configuration/interfaces/openvpn.rst:740 +msgid "Configure maximum allowed clock slop in seconds (default: 180)" +msgstr "Configure maximum allowed clock slop in seconds (default: 180)" + #: ../../configuration/service/snmp.rst:148 msgid "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" msgstr "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" @@ -3770,7 +4276,11 @@ msgstr "Configure next-hop `<address>` for an IPv4 static route. Multiple static msgid "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." msgstr "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." -#: ../../configuration/system/option.rst:125 +#: ../../configuration/interfaces/openvpn.rst:732 +msgid "Configure number of digits to use for totp hash (default: 6)" +msgstr "Configure number of digits to use for totp hash (default: 6)" + +#: ../../configuration/system/option.rst:145 msgid "Configure one of the predefined system performance profiles." msgstr "Configure one of the predefined system performance profiles." @@ -3810,7 +4320,11 @@ msgstr "Configure port number of remote VXLAN endpoint." msgid "Configure port number to be used for sflow conection. Default port is 6343." msgstr "Configure port number to be used for sflow conection. Default port is 6343." -#: ../../configuration/system/syslog.rst:73 +#: ../../configuration/service/ids.rst:59 +msgid "Configure port number to be used for sflow connection. Default port is 6343." +msgstr "Configure port number to be used for sflow connection. Default port is 6343." + +#: ../../configuration/system/syslog.rst:91 msgid "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." msgstr "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." @@ -3818,11 +4332,11 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:150 +#: ../../configuration/loadbalancing/haproxy.rst:157 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/haproxy.rst:162 msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" @@ -3834,27 +4348,31 @@ msgstr "Configure sFlow agent IPv4 or IPv6 address" msgid "Configure schedule counter-polling in seconds (default: 30)" msgstr "Configure schedule counter-polling in seconds (default: 30)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:36 +#: ../../configuration/loadbalancing/haproxy.rst:36 msgid "Configure service `<name>` mode TCP or HTTP" msgstr "Configure service `<name>` mode TCP or HTTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:41 +#: ../../configuration/loadbalancing/haproxy.rst:41 msgid "Configure service `<name>` to use the backend <name>" msgstr "Configure service `<name>` to use the backend <name>" -#: ../../configuration/system/login.rst:398 +#: ../../configuration/system/login.rst:404 msgid "Configure session timeout after which the user will be logged out." msgstr "Configure session timeout after which the user will be logged out." +#: ../../configuration/interfaces/openvpn.rst:744 +msgid "Configure step value for totp in seconds (default: 30)" +msgstr "Configure step value for totp in seconds (default: 30)" + #: ../../configuration/system/host-name.rst:41 msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." -#: ../../configuration/nat/nat66.rst:182 +#: ../../configuration/nat/nat66.rst:194 msgid "Configure the A-side router for NPTv6 using the prefixes above:" msgstr "Configure the A-side router for NPTv6 using the prefixes above:" -#: ../../configuration/nat/nat66.rst:204 +#: ../../configuration/nat/nat66.rst:216 msgid "Configure the B-side router for NPTv6 using the prefixes above:" msgstr "Configure the B-side router for NPTv6 using the prefixes above:" @@ -3862,26 +4380,46 @@ msgstr "Configure the B-side router for NPTv6 using the prefixes above:" msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." +#: ../../configuration/service/config-sync.rst:66 +msgid "Configure the HTTP API service on Router B" +msgstr "Configure the HTTP API service on Router B" + #: ../../configuration/service/tftp-server.rst:27 msgid "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." msgstr "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." +#: ../../configuration/service/config-sync.rst:74 +msgid "Configure the config-sync service on Router A" +msgstr "Configure the config-sync service on Router A" + #: ../../configuration/system/conntrack.rst:43 msgid "Configure the connection tracking protocol helper modules. All modules are enable by default." msgstr "Configure the connection tracking protocol helper modules. All modules are enable by default." -#: ../../configuration/system/login.rst:256 +#: ../../configuration/system/login.rst:262 msgid "Configure the discrete port under which the RADIUS server can be reached." msgstr "Configure the discrete port under which the RADIUS server can be reached." -#: ../../configuration/system/login.rst:325 +#: ../../configuration/system/login.rst:331 msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:212 +#: ../../configuration/loadbalancing/haproxy.rst:264 +msgid "Configure the load-balancing haproxy service for HTTP." +msgstr "Configure the load-balancing haproxy service for HTTP." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:264 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." +#: ../../configuration/service/ntp.rst:150 +msgid "Configure the timestamping behavior with the following option:" +msgstr "Configure the timestamping behavior with the following option:" + +#: ../../configuration/interfaces/openvpn.rst:736 +msgid "Configure time drift in seconds (default: 0)" +msgstr "Configure time drift in seconds (default: 0)" + #: ../../configuration/service/ids.rst:46 msgid "Configure traffic capture mode." msgstr "Configure traffic capture mode." @@ -3898,14 +4436,30 @@ msgstr "Configure watermark warning generation for an IGMP group limit. Generate msgid "Configured routing table `<id>` is used by VRF `<name>`." msgstr "Configured routing table `<id>` is used by VRF `<name>`." -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Configured value" msgstr "Configured value" +#: ../../configuration/service/ntp.rst:146 +msgid "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." +msgstr "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." + #: ../../configuration/protocols/bgp.rst:455 msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." +#: ../../configuration/service/ntp.rst:196 +msgid "Configures the PTP port. By default, the standard port 319 is used." +msgstr "Configures the PTP port. By default, the standard port 319 is used." + +#: ../../configuration/interfaces/ethernet.rst:58 +msgid "Configures the ring buffer size of the interface." +msgstr "Configures the ring buffer size of the interface." + +#: ../../configuration/interfaces/wireless.rst:167 +msgid "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." +msgstr "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." + #: ../../configuration/service/ipoe-server.rst:27 msgid "Configuring IPoE Server" msgstr "Configuring IPoE Server" @@ -3918,7 +4472,7 @@ msgstr "Configuring IPsec" msgid "Configuring L2TP Server" msgstr "Configuring L2TP Server" -#: ../../configuration/vpn/l2tp.rst:270 +#: ../../configuration/vpn/l2tp.rst:273 msgid "Configuring LNS (L2TP Network Server)" msgstr "Configuring LNS (L2TP Network Server)" @@ -3934,7 +4488,7 @@ msgstr "Configuring PPTP Server" msgid "Configuring RADIUS accounting" msgstr "Configuring RADIUS accounting" -#: ../../configuration/service/ipoe-server.rst:114 +#: ../../configuration/service/ipoe-server.rst:113 #: ../../configuration/service/pppoe-server.rst:76 #: ../../configuration/vpn/l2tp.rst:119 #: ../../configuration/vpn/pptp.rst:59 @@ -3946,11 +4500,11 @@ msgstr "Configuring RADIUS authentication" msgid "Configuring SSTP Server" msgstr "Configuring SSTP Server" -#: ../../configuration/vpn/sstp.rst:476 +#: ../../configuration/vpn/sstp.rst:486 msgid "Configuring SSTP client" msgstr "Configuring SSTP client" -#: ../../configuration/vpn/ipsec.rst:494 +#: ../../configuration/vpn/ipsec.rst:514 msgid "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." msgstr "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." @@ -3963,14 +4517,17 @@ msgstr "Configuring a listen-address is essential for the service to work." msgid "Connect/Disconnect" msgstr "Connect/Disconnect" -#: ../../configuration/service/ipoe-server.rst:376 -#: ../../configuration/service/pppoe-server.rst:546 -#: ../../configuration/vpn/l2tp.rst:500 +#: ../../configuration/service/ipoe-server.rst:375 +#: ../../configuration/service/pppoe-server.rst:571 #: ../../configuration/vpn/pptp.rst:424 -#: ../../configuration/vpn/sstp.rst:458 msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +#: ../../configuration/vpn/l2tp.rst:505 +#: ../../configuration/vpn/sstp.rst:463 +msgid "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +msgstr "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." + #: ../../configuration/protocols/rpki.rst:143 msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -3995,15 +4552,19 @@ msgstr "Conntrack Sync" msgid "Conntrack Sync Example" msgstr "Conntrack Sync Example" -#: ../../configuration/system/conntrack.rst:178 +#: ../../configuration/system/conntrack.rst:146 msgid "Conntrack ignore rules" msgstr "Conntrack ignore rules" -#: ../../configuration/system/conntrack.rst:204 +#: ../../configuration/system/conntrack.rst:177 msgid "Conntrack log" msgstr "Conntrack log" -#: ../../configuration/system/syslog.rst:21 +#: ../../configuration/nat/cgnat.rst:43 +msgid "Considerations" +msgstr "Considerations" + +#: ../../configuration/system/syslog.rst:39 msgid "Console" msgstr "Console" @@ -4011,7 +4572,7 @@ msgstr "Console" msgid "Console Server" msgstr "Console Server" -#: ../../configuration/container/index.rst:111 +#: ../../configuration/container/index.rst:149 msgid "Constrain the memory available to the container." msgstr "Constrain the memory available to the container." @@ -4019,11 +4580,11 @@ msgstr "Constrain the memory available to the container." msgid "Container" msgstr "Container" -#: ../../configuration/container/index.rst:136 +#: ../../configuration/container/index.rst:191 msgid "Container Networks" msgstr "Container Networks" -#: ../../configuration/container/index.rst:156 +#: ../../configuration/container/index.rst:211 msgid "Container Registry" msgstr "Container Registry" @@ -4043,10 +4604,14 @@ msgstr "Convert the address prefix of a single `fc01::/64` network to `fc00::/64 msgid "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," msgstr "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," -#: ../../configuration/interfaces/wireless.rst:49 +#: ../../configuration/interfaces/wireless.rst:44 msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." +#: ../../configuration/interfaces/wireless.rst:55 +msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." +msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." + #: ../../configuration/policy/community-list.rst:17 msgid "Creat community-list policy identified by name <text>." msgstr "Creat community-list policy identified by name <text>." @@ -4067,7 +4632,7 @@ msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are take msgid "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" msgstr "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" -#: ../../configuration/service/pppoe-server.rst:49 +#: ../../configuration/service/pppoe-server.rst:48 #: ../../configuration/vpn/l2tp.rst:36 #: ../../configuration/vpn/pptp.rst:38 #: ../../configuration/vpn/sstp.rst:63 @@ -4082,7 +4647,7 @@ msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address msgid "Create a CA chain and leaf certificates" msgstr "Create a CA chain and leaf certificates" -#: ../../configuration/interfaces/bridge.rst:199 +#: ../../configuration/interfaces/bridge.rst:198 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -4106,6 +4671,10 @@ msgstr "Create a new DHCP static mapping named `<description>` which is valid fo msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." +#: ../../configuration/vrf/index.rst:23 +msgid "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." +msgstr "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." + #: ../../configuration/pki/index.rst:42 #: ../../configuration/pki/index.rst:47 msgid "Create a new :abbr:`CA (Certificate Authority)` and output the CAs public and private key on the console." @@ -4150,19 +4719,19 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho msgid "Create as-path-policy identified by name <text>." msgstr "Create as-path-policy identified by name <text>." -#: ../../configuration/firewall/flowtables.rst:64 +#: ../../configuration/firewall/flowtables.rst:65 msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." -#: ../../configuration/firewall/flowtables.rst:95 +#: ../../configuration/firewall/flowtables.rst:96 msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." -#: ../../configuration/firewall/flowtables.rst:90 +#: ../../configuration/firewall/flowtables.rst:91 msgid "Create firewall rule in forward chain, and set action to ``offload``." msgstr "Create firewall rule in forward chain, and set action to ``offload``." -#: ../../configuration/firewall/flowtables.rst:61 +#: ../../configuration/firewall/flowtables.rst:62 msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." @@ -4191,11 +4760,11 @@ msgstr "Create new dynamic DNS update configuration which will update the IP add msgid "Create new system user with username `<name>` and real-name specified by `<string>`." msgstr "Create new system user with username `<name>` and real-name specified by `<string>`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:31 +#: ../../configuration/loadbalancing/haproxy.rst:31 msgid "Create service `<name>` to listen on <port>" msgstr "Create service `<name>` to listen on <port>" -#: ../../configuration/container/index.rst:140 +#: ../../configuration/container/index.rst:195 msgid "Creates a named container network" msgstr "Creates a named container network" @@ -4207,31 +4776,31 @@ msgstr "Creates local IPoE user with username=**<interface>** and password=**<MA msgid "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." -#: ../../configuration/interfaces/bridge.rst:201 +#: ../../configuration/interfaces/bridge.rst:200 msgid "Creating a bridge interface is very simple. In this example, we will have:" msgstr "Creating a bridge interface is very simple. In this example, we will have:" -#: ../../configuration/firewall/flowtables.rst:67 +#: ../../configuration/firewall/flowtables.rst:68 msgid "Creating a flow table:" msgstr "Creating a flow table:" -#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:385 msgid "Creating a traffic policy" msgstr "Creating a traffic policy" -#: ../../configuration/firewall/flowtables.rst:85 +#: ../../configuration/firewall/flowtables.rst:86 msgid "Creating rules for using flow tables:" msgstr "Creating rules for using flow tables:" -#: ../../configuration/container/index.rst:173 +#: ../../configuration/container/index.rst:228 msgid "Credentials can be defined here and will only be used when adding a container image to the system." msgstr "Credentials can be defined here and will only be used when adding a container image to the system." -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical" msgstr "Critical" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical conditions - e.g. hard drive errors." msgstr "Critical conditions - e.g. hard drive errors." @@ -4259,11 +4828,11 @@ msgstr "Cur Hop Limit" msgid "Currently does not do much as caching is not implemented." msgstr "Currently does not do much as caching is not implemented." -#: ../../configuration/vrf/index.rst:105 +#: ../../configuration/vrf/index.rst:101 msgid "Currently dynamic routing is supported for the following protocols:" msgstr "Currently dynamic routing is supported for the following protocols:" -#: ../../configuration/system/syslog.rst:32 +#: ../../configuration/system/syslog.rst:50 msgid "Custom File" msgstr "Custom File" @@ -4271,6 +4840,14 @@ msgstr "Custom File" msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." +#: ../../configuration/firewall/bridge.rst:44 +msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + +#: ../../configuration/firewall/bridge.rst:69 +msgid "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + #: ../../configuration/firewall/general.rst:77 msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." @@ -4279,23 +4856,35 @@ msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +#: ../../configuration/firewall/ipv4.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + #: ../../configuration/firewall/ipv6.rst:65 msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." -#: ../../configuration/highavailability/index.rst:383 +#: ../../configuration/firewall/ipv6.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + +#: ../../configuration/highavailability/index.rst:387 msgid "Custom health-check script allows checking real-server availability" msgstr "Custom health-check script allows checking real-server availability" -#: ../../configuration/system/conntrack.rst:180 +#: ../../configuration/system/conntrack.rst:153 msgid "Customized ignore rules, based on a packet and flow selector." msgstr "Customized ignore rules, based on a packet and flow selector." -#: ../../configuration/interfaces/openvpn.rst:685 +#: ../../configuration/interfaces/openvpn.rst:773 msgid "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." msgstr "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." -#: ../../configuration/interfaces/openvpn.rst:681 +#: ../../configuration/interfaces/openvpn.rst:826 +msgid "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." +msgstr "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." + +#: ../../configuration/interfaces/openvpn.rst:822 msgid "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." msgstr "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." @@ -4335,7 +4924,7 @@ msgstr "DHCP relay example" msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." -#: ../../configuration/service/dhcp-server.rst:643 +#: ../../configuration/service/dhcp-server.rst:672 msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." @@ -4404,32 +4993,32 @@ msgstr "DNS search list to advertise" msgid "DNS server IPv4 address" msgstr "DNS server IPv4 address" -#: ../../configuration/service/dhcp-server.rst:650 +#: ../../configuration/service/dhcp-server.rst:679 msgid "DNS server is located at ``2001:db8::ffff``" msgstr "DNS server is located at ``2001:db8::ffff``" -#: ../../configuration/trafficpolicy/index.rst:259 +#: ../../configuration/trafficpolicy/index.rst:309 msgid "DSCP values as per :rfc:`2474` and :rfc:`4595`:" msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:" -#: ../../configuration/interfaces/wireless.rst:182 +#: ../../configuration/interfaces/wireless.rst:213 msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/ipv4.rst:467 -#: ../../configuration/firewall/ipv6.rst:451 +#: ../../configuration/firewall/ipv4.rst:492 +#: ../../configuration/firewall/ipv6.rst:479 msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug" msgstr "Debug" -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug-level messages - Messages that contain information normally of use only when debugging a program." msgstr "Debug-level messages - Messages that contain information normally of use only when debugging a program." -#: ../../configuration/trafficpolicy/index.rst:217 +#: ../../configuration/trafficpolicy/index.rst:267 msgid "Default" msgstr "Default" @@ -4453,18 +5042,32 @@ msgstr "Default Gateway/Route" msgid "Default Router Preference" msgstr "Default Router Preference" -#: ../../configuration/service/pppoe-server.rst:509 -#: ../../configuration/vpn/l2tp.rst:463 +#: ../../configuration/service/pppoe-server.rst:534 #: ../../configuration/vpn/pptp.rst:387 -#: ../../configuration/vpn/sstp.rst:421 msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +#: ../../configuration/vpn/sstp.rst:425 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." + +#: ../../configuration/vpn/l2tp.rst:467 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." + #: ../../configuration/service/dhcp-server.rst:431 msgid "Default gateway and DNS server is at `192.0.2.254`" msgstr "Default gateway and DNS server is at `192.0.2.254`" -#: ../../configuration/container/index.rst:113 +#: ../../configuration/container/index.rst:140 +msgid "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." +msgstr "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." + +#: ../../configuration/service/monitoring.rst:142 +msgid "Default is 3100" +msgstr "Default is 3100" + +#: ../../configuration/container/index.rst:151 msgid "Default is 512 MB. Use 0 MB for unlimited memory." msgstr "Default is 512 MB. Use 0 MB for unlimited memory." @@ -4492,7 +5095,7 @@ msgstr "Defaults to 'uid'" msgid "Defaults to 225.0.0.50." msgstr "Defaults to 225.0.0.50." -#: ../../configuration/system/option.rst:98 +#: ../../configuration/system/option.rst:118 msgid "Defaults to ``us``." msgstr "Defaults to ``us``." @@ -4504,19 +5107,23 @@ msgstr "Define Conection Timeouts" msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." +#: ../../configuration/container/index.rst:203 +msgid "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." +msgstr "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." + #: ../../configuration/container/index.rst:148 msgid "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." msgstr "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." -#: ../../configuration/firewall/groups.rst:52 +#: ../../configuration/firewall/groups.rst:51 msgid "Define a IPv4 or IPv6 Network group." msgstr "Define a IPv4 or IPv6 Network group." -#: ../../configuration/firewall/groups.rst:28 +#: ../../configuration/firewall/groups.rst:27 msgid "Define a IPv4 or a IPv6 address group" msgstr "Define a IPv4 or a IPv6 address group" -#: ../../configuration/firewall/zone.rst:78 +#: ../../configuration/firewall/zone.rst:75 msgid "Define a Zone" msgstr "Define a Zone" @@ -4524,15 +5131,15 @@ msgstr "Define a Zone" msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" -#: ../../configuration/firewall/groups.rst:133 +#: ../../configuration/firewall/groups.rst:132 msgid "Define a domain group." msgstr "Define a domain group." -#: ../../configuration/firewall/groups.rst:115 +#: ../../configuration/firewall/groups.rst:114 msgid "Define a mac group." msgstr "Define a mac group." -#: ../../configuration/firewall/groups.rst:95 +#: ../../configuration/firewall/groups.rst:94 msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" @@ -4540,7 +5147,7 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." -#: ../../configuration/firewall/groups.rst:72 +#: ../../configuration/firewall/groups.rst:71 msgid "Define an interface group. Wildcard are accepted too." msgstr "Define an interface group. Wildcard are accepted too." @@ -4548,6 +5155,10 @@ msgstr "Define an interface group. Wildcard are accepted too." msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." +#: ../../_include/interface-ip.txt:85 +msgid "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." +msgstr "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." + #: ../../_include/interface-ip.txt:69 msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." @@ -4564,31 +5175,49 @@ msgstr "Define different restriction levels for announcing the local source IP a msgid "Define how to handle leaf-seonds." msgstr "Define how to handle leaf-seonds." -#: ../../configuration/firewall/flowtables.rst:71 +#: ../../configuration/service/ntp.rst:95 +msgid "Define how to handle leap-seconds." +msgstr "Define how to handle leap-seconds." + +#: ../../configuration/firewall/flowtables.rst:72 msgid "Define interfaces to be used in the flowtable." msgstr "Define interfaces to be used in the flowtable." +#: ../../configuration/service/dhcp-server.rst:650 +msgid "Define lenght of exclude prefix in `<pd-prefix>`." +msgstr "Define lenght of exclude prefix in `<pd-prefix>`." + #: ../../configuration/firewall/bridge.rst:187 -#: ../../configuration/firewall/ipv4.rst:252 -#: ../../configuration/firewall/ipv6.rst:252 +#: ../../configuration/firewall/ipv4.rst:276 +#: ../../configuration/firewall/ipv6.rst:276 msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." +#: ../../configuration/firewall/bridge.rst:269 +msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/firewall/bridge.rst:173 -#: ../../configuration/firewall/ipv4.rst:230 -#: ../../configuration/firewall/ipv6.rst:230 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 msgid "Define log-level. Only applicable if rule log is enable." msgstr "Define log-level. Only applicable if rule log is enable." +#: ../../configuration/firewall/bridge.rst:242 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 +msgid "Define log-level. Only applicable if rule log is enabled." +msgstr "Define log-level. Only applicable if rule log is enabled." + #: ../../configuration/firewall/bridge.rst:180 -#: ../../configuration/firewall/ipv4.rst:241 -#: ../../configuration/firewall/ipv6.rst:241 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 msgid "Define log group to send message to. Only applicable if rule log is enable." msgstr "Define log group to send message to. Only applicable if rule log is enable." #: ../../configuration/firewall/bridge.rst:195 -#: ../../configuration/firewall/ipv4.rst:264 -#: ../../configuration/firewall/ipv6.rst:264 +#: ../../configuration/firewall/ipv4.rst:288 +#: ../../configuration/firewall/ipv6.rst:288 msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." @@ -4596,15 +5225,35 @@ msgstr "Define number of packets to queue inside the kernel before sending them msgid "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" msgstr "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" +#: ../../configuration/firewall/ipv4.rst:277 +#: ../../configuration/firewall/ipv6.rst:277 +msgid "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:255 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 +msgid "Define the log group to send messages to. Only applicable if rule log is enabled." +msgstr "Define the log group to send messages to. Only applicable if rule log is enabled." + +#: ../../configuration/firewall/ipv4.rst:289 +#: ../../configuration/firewall/ipv6.rst:289 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:283 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/protocols/rpki.rst:106 msgid "Define the time interval to update the local cache" msgstr "Define the time interval to update the local cache" -#: ../../configuration/firewall/zone.rst:89 +#: ../../configuration/firewall/zone.rst:86 msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." -#: ../../configuration/firewall/flowtables.rst:80 +#: ../../configuration/firewall/flowtables.rst:81 msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." @@ -4629,10 +5278,8 @@ msgstr "Defines an off-NBMA network prefix for which the GRE interface will act msgid "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." -#: ../../configuration/service/pppoe-server.rst:496 -#: ../../configuration/vpn/l2tp.rst:450 +#: ../../configuration/service/pppoe-server.rst:521 #: ../../configuration/vpn/pptp.rst:374 -#: ../../configuration/vpn/sstp.rst:408 msgid "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." msgstr "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." @@ -4643,10 +5290,10 @@ msgstr "Defines minimum acceptable MTU. If client will try to negotiate less the msgid "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." -#: ../../configuration/service/pppoe-server.rst:515 -#: ../../configuration/vpn/l2tp.rst:469 +#: ../../configuration/service/pppoe-server.rst:540 +#: ../../configuration/vpn/l2tp.rst:474 #: ../../configuration/vpn/pptp.rst:393 -#: ../../configuration/vpn/sstp.rst:427 +#: ../../configuration/vpn/sstp.rst:432 msgid "Defines preferred MRU. By default is not defined." msgstr "Defines preferred MRU. By default is not defined." @@ -4658,14 +5305,19 @@ msgstr "Defines protocols for checking ARP, ICMP, TCP" msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." -#: ../../configuration/service/pppoe-server.rst:479 -#: ../../configuration/vpn/l2tp.rst:433 +#: ../../configuration/service/pppoe-server.rst:504 +#: ../../configuration/vpn/l2tp.rst:436 #: ../../configuration/vpn/pptp.rst:357 -#: ../../configuration/vpn/sstp.rst:391 +#: ../../configuration/vpn/sstp.rst:394 msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." -#: ../../configuration/trafficpolicy/index.rst:1213 +#: ../../configuration/vpn/l2tp.rst:453 +#: ../../configuration/vpn/sstp.rst:411 +msgid "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." +msgstr "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." + +#: ../../configuration/trafficpolicy/index.rst:1263 msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." @@ -4673,10 +5325,18 @@ msgstr "Defines the round-trip time used for active queue management (AQM) in mi msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" +#: ../../configuration/firewall/groups.rst:154 +msgid "Defining Dynamic Address Groups" +msgstr "Defining Dynamic Address Groups" + #: ../../configuration/protocols/bgp.rst:186 msgid "Defining Peers" msgstr "Defining Peers" +#: ../../configuration/service/dhcp-server.rst:632 +msgid "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." +msgstr "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." + #: ../../configuration/service/dhcp-server.rst:638 msgid "Delegate prefixes from the range indicated by the start and stop qualifier." msgstr "Delegate prefixes from the range indicated by the start and stop qualifier." @@ -4689,11 +5349,11 @@ msgstr "Delete BGP communities matching the community-list." msgid "Delete BGP communities matching the large-community-list." msgstr "Delete BGP communities matching the large-community-list." -#: ../../configuration/system/syslog.rst:240 +#: ../../configuration/system/syslog.rst:258 msgid "Delete Logs" msgstr "Delete Logs" -#: ../../configuration/container/index.rst:211 +#: ../../configuration/container/index.rst:266 msgid "Delete a particular container image based on it's image ID. You can also delete all container images at once." msgstr "Delete a particular container image based on it's image ID. You can also delete all container images at once." @@ -4709,26 +5369,26 @@ msgstr "Delete all BGP large-communities" msgid "Delete default route from the system." msgstr "Delete default route from the system." -#: ../../configuration/system/syslog.rst:244 +#: ../../configuration/system/syslog.rst:262 msgid "Deletes the specified user-defined file <text> in the /var/log/user directory" msgstr "Deletes the specified user-defined file <text> in the /var/log/user directory" -#: ../../configuration/interfaces/wireless.rst:161 +#: ../../configuration/interfaces/wireless.rst:192 msgid "Depending on the location, not all of these channels may be available for use!" msgstr "Depending on the location, not all of these channels may be available for use!" #: ../../configuration/service/router-advert.rst:1 -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Description" msgstr "Description" -#: ../../configuration/trafficpolicy/index.rst:366 +#: ../../configuration/trafficpolicy/index.rst:416 msgid "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." -#: ../../configuration/interfaces/openvpn.rst:485 +#: ../../configuration/interfaces/openvpn.rst:489 msgid "Despite the fact that AD is a superset of LDAP" msgstr "Despite the fact that AD is a superset of LDAP" @@ -4752,7 +5412,7 @@ msgstr "Detailed information about \"cisco\" and \"ibm\" models differences can msgid "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." msgstr "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." -#: ../../configuration/interfaces/wireless.rst:141 +#: ../../configuration/interfaces/wireless.rst:171 msgid "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" msgstr "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" @@ -4778,10 +5438,10 @@ msgstr "Direction: **in** and **out**. Protect public network from external atta msgid "Disable CPU power saving mechanisms also known as C states." msgstr "Disable CPU power saving mechanisms also known as C states." -#: ../../configuration/service/pppoe-server.rst:457 -#: ../../configuration/vpn/l2tp.rst:411 +#: ../../configuration/service/pppoe-server.rst:481 +#: ../../configuration/vpn/l2tp.rst:414 #: ../../configuration/vpn/pptp.rst:335 -#: ../../configuration/vpn/sstp.rst:369 +#: ../../configuration/vpn/sstp.rst:372 msgid "Disable Compression Control Protocol (CCP). CCP is enabled by default." msgstr "Disable Compression Control Protocol (CCP). CCP is enabled by default." @@ -4793,10 +5453,10 @@ msgstr "Disable MLD reports and query on the interface." msgid "Disable (lock) account. User will not be able to log in." msgstr "Disable (lock) account. User will not be able to log in." -#: ../../configuration/service/pppoe-server.rst:432 -#: ../../configuration/vpn/l2tp.rst:376 +#: ../../configuration/service/pppoe-server.rst:455 +#: ../../configuration/vpn/l2tp.rst:379 #: ../../configuration/vpn/pptp.rst:300 -#: ../../configuration/vpn/sstp.rst:334 +#: ../../configuration/vpn/sstp.rst:337 msgid "Disable `<user>` account." msgstr "Disable `<user>` account." @@ -4804,11 +5464,11 @@ msgstr "Disable `<user>` account." msgid "Disable a BFD peer" msgstr "Disable a BFD peer" -#: ../../configuration/container/index.rst:133 +#: ../../configuration/container/index.rst:188 msgid "Disable a container." msgstr "Disable a container." -#: ../../configuration/container/index.rst:166 +#: ../../configuration/container/index.rst:221 msgid "Disable a given container registry" msgstr "Disable a given container registry" @@ -4820,8 +5480,8 @@ msgstr "Disable all optional CPU mitigations. This improves system performance, msgid "Disable connection logging via Syslog." msgstr "Disable connection logging via Syslog." -#: ../../configuration/firewall/ipv4.rst:953 -#: ../../configuration/firewall/ipv6.rst:939 +#: ../../configuration/firewall/ipv4.rst:1058 +#: ../../configuration/firewall/ipv6.rst:1048 msgid "Disable conntrack loose track option" msgstr "Disable conntrack loose track option" @@ -4881,7 +5541,7 @@ msgstr "Disable this service." msgid "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." msgstr "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." -#: ../../configuration/interfaces/openvpn.rst:695 +#: ../../configuration/interfaces/openvpn.rst:836 msgid "Disabled by default - no kernel module loaded." msgstr "Disabled by default - no kernel module loaded." @@ -4889,7 +5549,7 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." -#: ../../configuration/trafficpolicy/index.rst:1173 +#: ../../configuration/trafficpolicy/index.rst:1223 msgid "Disables flow isolation, all traffic passes through a single queue." msgstr "Disables flow isolation, all traffic passes through a single queue." @@ -4929,19 +5589,19 @@ msgstr "Disabling the encryption on the link by removing ``security encrypt`` wi msgid "Disadvantages are:" msgstr "Disadvantages are:" -#: ../../configuration/interfaces/wireless.rst:62 +#: ../../configuration/interfaces/wireless.rst:74 msgid "Disassociate stations based on excessive transmission failures or other indications of connection loss." msgstr "Disassociate stations based on excessive transmission failures or other indications of connection loss." -#: ../../configuration/vrf/index.rst:161 +#: ../../configuration/vrf/index.rst:157 msgid "Display IPv4 routing table for VRF identified by `<name>`." msgstr "Display IPv4 routing table for VRF identified by `<name>`." -#: ../../configuration/vrf/index.rst:180 +#: ../../configuration/vrf/index.rst:176 msgid "Display IPv6 routing table for VRF identified by `<name>`." msgstr "Display IPv6 routing table for VRF identified by `<name>`." -#: ../../configuration/system/syslog.rst:198 +#: ../../configuration/system/syslog.rst:216 msgid "Display Logs" msgstr "Display Logs" @@ -4949,7 +5609,7 @@ msgstr "Display Logs" msgid "Display OTP key for user" msgstr "Display OTP key for user" -#: ../../configuration/system/syslog.rst:222 +#: ../../configuration/system/syslog.rst:240 msgid "Display all authorization attempts of the specified image" msgstr "Display all authorization attempts of the specified image" @@ -4961,19 +5621,19 @@ msgstr "Display all known ARP table entries on a given interface only (`eth1`):" msgid "Display all known ARP table entries spanning across all interfaces" msgstr "Display all known ARP table entries spanning across all interfaces" -#: ../../configuration/system/syslog.rst:226 +#: ../../configuration/system/syslog.rst:244 msgid "Display contents of a specified user-defined log file of the specified image" msgstr "Display contents of a specified user-defined log file of the specified image" -#: ../../configuration/system/syslog.rst:220 +#: ../../configuration/system/syslog.rst:238 msgid "Display contents of all master log files of the specified image" msgstr "Display contents of all master log files of the specified image" -#: ../../configuration/system/syslog.rst:229 +#: ../../configuration/system/syslog.rst:247 msgid "Display last lines of the system log of the specified image" msgstr "Display last lines of the system log of the specified image" -#: ../../configuration/system/syslog.rst:224 +#: ../../configuration/system/syslog.rst:242 msgid "Display list of all user-defined log files of the specified image" msgstr "Display list of all user-defined log files of the specified image" @@ -4981,6 +5641,10 @@ msgstr "Display list of all user-defined log files of the specified image" msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +#: ../../configuration/system/syslog.rst:220 +msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" + #: ../../configuration/service/lldp.rst:75 msgid "Displays information about all neighbors discovered via LLDP." msgstr "Displays information about all neighbors discovered via LLDP." @@ -4989,7 +5653,7 @@ msgstr "Displays information about all neighbors discovered via LLDP." msgid "Displays queue information for a PPPoE interface." msgstr "Displays queue information for a PPPoE interface." -#: ../../configuration/vrf/index.rst:232 +#: ../../configuration/vrf/index.rst:228 msgid "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." msgstr "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." @@ -4998,8 +5662,8 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows." #: ../../configuration/system/ip.rst:55 -#: ../../configuration/vrf/index.rst:79 -#: ../../configuration/vrf/index.rst:85 +#: ../../configuration/vrf/index.rst:75 +#: ../../configuration/vrf/index.rst:81 msgid "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." msgstr "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." @@ -5011,11 +5675,11 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1278 +#: ../../configuration/trafficpolicy/index.rst:1328 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." -#: ../../configuration/service/https.rst:90 +#: ../../configuration/service/https.rst:93 msgid "Do not leave introspection enabled in production, it is a security risk." msgstr "Do not leave introspection enabled in production, it is a security risk." @@ -5035,7 +5699,7 @@ msgstr "Does not need to be used together with proxy_arp." msgid "Domain" msgstr "Domain" -#: ../../configuration/firewall/groups.rst:127 +#: ../../configuration/firewall/groups.rst:126 msgid "Domain Groups" msgstr "Domain Groups" @@ -5084,14 +5748,12 @@ msgstr "Download/Update complete blacklist" msgid "Download/Update partial blacklist." msgstr "Download/Update partial blacklist." -#: ../../configuration/service/pppoe-server.rst:262 -#: ../../configuration/vpn/l2tp.rst:386 +#: ../../configuration/service/pppoe-server.rst:281 #: ../../configuration/vpn/pptp.rst:310 -#: ../../configuration/vpn/sstp.rst:344 msgid "Download bandwidth limit in kbit/s for `<user>`." msgstr "Download bandwidth limit in kbit/s for `<user>`." -#: ../../configuration/service/ipoe-server.rst:320 +#: ../../configuration/service/ipoe-server.rst:319 msgid "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." @@ -5099,11 +5761,11 @@ msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgid "Drop AS-NUMBER from the BGP AS path." msgstr "Drop AS-NUMBER from the BGP AS path." -#: ../../configuration/trafficpolicy/index.rst:352 +#: ../../configuration/trafficpolicy/index.rst:402 msgid "Drop Tail" msgstr "Drop Tail" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Drop rate" msgstr "Drop rate" @@ -5111,10 +5773,14 @@ msgstr "Drop rate" msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" -#: ../../configuration/service/pppoe-server.rst:625 +#: ../../configuration/service/pppoe-server.rst:650 msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" +#: ../../configuration/firewall/index.rst:7 +msgid "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." +msgstr "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." + #: ../../configuration/interfaces/dummy.rst:7 msgid "Dummy" msgstr "Dummy" @@ -5127,7 +5793,7 @@ msgstr "Dummy interface" msgid "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." msgstr "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." -#: ../../configuration/vrf/index.rst:212 +#: ../../configuration/vrf/index.rst:208 msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." @@ -5135,11 +5801,11 @@ msgstr "Duplicate packets are not included in the packet loss calculation, altho msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" -#: ../../configuration/vpn/ipsec.rst:568 +#: ../../configuration/vpn/ipsec.rst:588 msgid "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." msgstr "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." -#: ../../configuration/service/ssh.rst:113 +#: ../../configuration/service/ssh.rst:133 msgid "Dynamic-protection" msgstr "Dynamic-protection" @@ -5147,6 +5813,14 @@ msgstr "Dynamic-protection" msgid "Dynamic DNS" msgstr "Dynamic DNS" +#: ../../configuration/firewall/groups.rst:143 +msgid "Dynamic Groups" +msgstr "Dynamic Groups" + +#: ../../configuration/firewall/groups.rst:156 +msgid "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" +msgstr "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" + #: ../../_include/interface-eapol.txt:6 msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." @@ -5155,14 +5829,23 @@ msgstr "EAPoL comes with an identify option. We automatically use the interface msgid "ESP Phase:" msgstr "ESP Phase:" -#: ../../configuration/vpn/ipsec.rst:113 +#: ../../configuration/vpn/ipsec.rst:114 msgid "ESP (Encapsulating Security Payload) Attributes" msgstr "ESP (Encapsulating Security Payload) Attributes" -#: ../../configuration/vpn/ipsec.rst:115 +#: ../../configuration/vpn/ipsec.rst:116 msgid "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" msgstr "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" +#: ../../configuration/interfaces/bonding.rst:316 +msgid "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." +msgstr "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." + +#: ../../configuration/interfaces/bonding.rst:295 +#: ../../configuration/interfaces/ethernet.rst:130 +msgid "EVPN Multihoming" +msgstr "EVPN Multihoming" + #: ../../configuration/service/conntrack-sync.rst:23 msgid "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." msgstr "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." @@ -5183,11 +5866,11 @@ msgstr "Each bridge has a relative priority and cost. Each interface is associat msgid "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" msgstr "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" -#: ../../configuration/trafficpolicy/index.rst:1027 +#: ../../configuration/trafficpolicy/index.rst:1077 msgid "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." msgstr "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." -#: ../../configuration/trafficpolicy/index.rst:967 +#: ../../configuration/trafficpolicy/index.rst:1017 msgid "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." msgstr "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." @@ -5215,6 +5898,10 @@ msgstr "Each of the install command should be applied to the configuration and c msgid "Each site-to-site peer has the next options:" msgstr "Each site-to-site peer has the next options:" +#: ../../configuration/nat/cgnat.rst:117 +msgid "Each subscriber will be allocated a maximum of 2000 ports from the external pool." +msgstr "Each subscriber will be allocated a maximum of 2000 ports from the external pool." + #: ../../configuration/interfaces/vxlan.rst:77 msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." @@ -5227,11 +5914,11 @@ msgstr "Email address to associate with certificate" msgid "Email used for registration and recovery contact." msgstr "Email used for registration and recovery contact." -#: ../../configuration/trafficpolicy/index.rst:300 +#: ../../configuration/trafficpolicy/index.rst:350 msgid "Embedding one policy into another one" msgstr "Embedding one policy into another one" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "Emergency" msgstr "Emergency" @@ -5271,11 +5958,11 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." -#: ../../configuration/service/https.rst:88 +#: ../../configuration/service/https.rst:91 msgid "Enable GraphQL Schema introspection." msgstr "Enable GraphQL Schema introspection." -#: ../../configuration/interfaces/wireless.rst:178 +#: ../../configuration/interfaces/wireless.rst:209 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5312,15 +5999,15 @@ msgstr "Enable IS-IS and redistribute routes not natively in IS-IS" msgid "Enable IS-IS with Segment Routing (Experimental)" msgstr "Enable IS-IS with Segment Routing (Experimental)" -#: ../../configuration/interfaces/wireless.rst:194 +#: ../../configuration/interfaces/wireless.rst:225 msgid "Enable L-SIG TXOP protection capability" msgstr "Enable L-SIG TXOP protection capability" -#: ../../configuration/interfaces/wireless.rst:263 +#: ../../configuration/interfaces/wireless.rst:298 msgid "Enable LDPC (Low Density Parity Check) coding capability" msgstr "Enable LDPC (Low Density Parity Check) coding capability" -#: ../../configuration/interfaces/wireless.rst:190 +#: ../../configuration/interfaces/wireless.rst:221 msgid "Enable LDPC coding capability" msgstr "Enable LDPC coding capability" @@ -5349,7 +6036,11 @@ msgstr "Enable OSPF with route redistribution of the loopback and default origin msgid "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." msgstr "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." -#: ../../configuration/interfaces/openvpn.rst:692 +#: ../../configuration/protocols/openfabric.rst:168 +msgid "Enable OpenFabric" +msgstr "Enable OpenFabric" + +#: ../../configuration/interfaces/openvpn.rst:833 msgid "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." @@ -5357,11 +6048,15 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k msgid "Enable PREF64 option as outlined in :rfc:`8781`." msgstr "Enable PREF64 option as outlined in :rfc:`8781`." -#: ../../configuration/service/ipoe-server.rst:386 -#: ../../configuration/service/pppoe-server.rst:575 -#: ../../configuration/vpn/l2tp.rst:510 +#: ../../configuration/service/https.rst:75 +msgid "Enable REST API" +msgstr "Enable REST API" + +#: ../../configuration/service/ipoe-server.rst:385 +#: ../../configuration/service/pppoe-server.rst:600 +#: ../../configuration/vpn/l2tp.rst:515 #: ../../configuration/vpn/pptp.rst:434 -#: ../../configuration/vpn/sstp.rst:468 +#: ../../configuration/vpn/sstp.rst:473 msgid "Enable SNMP" msgstr "Enable SNMP" @@ -5373,8 +6068,8 @@ msgstr "Enable SNMP queries of the LLDP database" msgid "Enable SNMP support for an individual routing daemon." msgstr "Enable SNMP support for an individual routing daemon." -#: ../../configuration/interfaces/bridge.rst:206 -#: ../../configuration/interfaces/bridge.rst:241 +#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:240 msgid "Enable STP" msgstr "Enable STP" @@ -5382,7 +6077,7 @@ msgstr "Enable STP" msgid "Enable TFTP service by specifying the `<directory>` which will be used to serve files." msgstr "Enable TFTP service by specifying the `<directory>` which will be used to serve files." -#: ../../configuration/interfaces/wireless.rst:294 +#: ../../configuration/interfaces/wireless.rst:331 msgid "Enable VHT TXOP Power Save Mode" msgstr "Enable VHT TXOP Power Save Mode" @@ -5402,7 +6097,7 @@ msgstr "Enable automatic redirect from http to https." msgid "Enable creation of shortcut routes." msgstr "Enable creation of shortcut routes." -#: ../../configuration/interfaces/ethernet.rst:62 +#: ../../configuration/interfaces/ethernet.rst:70 msgid "Enable different types of hardware offloading on the given NIC." msgstr "Enable different types of hardware offloading on the given NIC." @@ -5415,24 +6110,54 @@ msgid "Enable layer 7 HTTP health check" msgstr "Enable layer 7 HTTP health check" #: ../../configuration/firewall/bridge.rst:157 -#: ../../configuration/firewall/ipv4.rst:206 -#: ../../configuration/firewall/ipv6.rst:206 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." +#: ../../configuration/firewall/bridge.rst:214 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 +msgid "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." +msgstr "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." + +#: ../../configuration/nat/cgnat.rst:104 +msgid "Enable logging of IP address and ports allocations." +msgstr "Enable logging of IP address and ports allocations." + #: ../../configuration/firewall/global-options.rst:114 msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:119 +msgid "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" +msgstr "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:106 msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:81 +msgid "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" +msgstr "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" + +#: ../../configuration/firewall/global-options.rst:89 +msgid "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" +msgstr "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" + +#: ../../configuration/firewall/global-options.rst:111 +msgid "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" +msgstr "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" + #: ../../configuration/firewall/ipv4.rst:173 #: ../../configuration/firewall/ipv6.rst:173 msgid "Enable or disable logging for the matched packet." msgstr "Enable or disable logging for the matched packet." +#: ../../configuration/firewall/global-options.rst:96 +msgid "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" +msgstr "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" + #: ../../configuration/protocols/ospf.rst:360 msgid "Enable ospf on an interface and set associated area." msgstr "Enable ospf on an interface and set associated area." @@ -5443,17 +6168,17 @@ msgstr "Enable ospf on an interface and set associated area." msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." -#: ../../configuration/interfaces/wireless.rst:213 -#: ../../configuration/interfaces/wireless.rst:286 +#: ../../configuration/interfaces/wireless.rst:244 +#: ../../configuration/interfaces/wireless.rst:323 msgid "Enable receiving PPDU using STBC (Space Time Block Coding)" msgstr "Enable receiving PPDU using STBC (Space Time Block Coding)" -#: ../../configuration/system/flow-accounting.rst:154 +#: ../../configuration/system/flow-accounting.rst:158 msgid "Enable sampling of packets, which will be transmitted to sFlow collectors." msgstr "Enable sampling of packets, which will be transmitted to sFlow collectors." -#: ../../configuration/interfaces/wireless.rst:217 -#: ../../configuration/interfaces/wireless.rst:290 +#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:327 msgid "Enable sending PPDU using STBC (Space Time Block Coding)" msgstr "Enable sending PPDU using STBC (Space Time Block Coding)" @@ -5469,7 +6194,7 @@ msgstr "Enable spanning tree protocol. STP is disabled by default." msgid "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" msgstr "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" -#: ../../configuration/interfaces/openvpn.rst:697 +#: ../../configuration/interfaces/openvpn.rst:838 msgid "Enable this feature causes an interface reset." msgstr "Enable this feature causes an interface reset." @@ -5485,23 +6210,27 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." -#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +#: ../../configuration/loadbalancing/haproxy.rst:217 msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." -#: ../../configuration/vrf/index.rst:480 +#: ../../configuration/vrf/index.rst:476 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." -#: ../../configuration/service/ipoe-server.rst:220 -#: ../../configuration/service/pppoe-server.rst:182 +#: ../../configuration/system/option.rst:55 +msgid "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." +msgstr "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." + +#: ../../configuration/service/ipoe-server.rst:219 +#: ../../configuration/service/pppoe-server.rst:198 #: ../../configuration/vpn/l2tp.rst:225 #: ../../configuration/vpn/pptp.rst:165 #: ../../configuration/vpn/sstp.rst:198 msgid "Enables bandwidth shaping via RADIUS." msgstr "Enables bandwidth shaping via RADIUS." -#: ../../configuration/vrf/index.rst:502 +#: ../../configuration/vrf/index.rst:498 msgid "Enables import or export of routes between the current unicast VRF and VPN." msgstr "Enables import or export of routes between the current unicast VRF and VPN." @@ -5509,6 +6238,10 @@ msgstr "Enables import or export of routes between the current unicast VRF and V msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." +#: ../../configuration/service/ntp.rst:190 +msgid "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." +msgstr "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." + #: ../../configuration/protocols/bfd.rst:30 msgid "Enables the echo transmission mode" msgstr "Enables the echo transmission mode" @@ -5521,7 +6254,7 @@ msgstr "Enables the root partition auto-extension and resizes to the maximum ava msgid "Enabling Advertisments" msgstr "Enabling Advertisments" -#: ../../configuration/interfaces/openvpn.rst:679 +#: ../../configuration/interfaces/openvpn.rst:820 msgid "Enabling OpenVPN DCO" msgstr "Enabling OpenVPN DCO" @@ -5537,7 +6270,7 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:84 msgid "Enforce strict path checking." msgstr "Enforce strict path checking." @@ -5549,7 +6282,7 @@ msgstr "Enslave `<member>` interface to bond `<interface>`." msgid "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." msgstr "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." -#: ../../configuration/interfaces/openvpn.rst:445 +#: ../../configuration/interfaces/openvpn.rst:449 msgid "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." @@ -5557,11 +6290,11 @@ msgstr "Enterprise installations usually ship a kind of directory service which msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)" msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error" msgstr "Error" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error conditions" msgstr "Error conditions" @@ -5637,6 +6370,10 @@ msgstr "Every Virtual Ethernet interfaces behaves like a real Ethernet interface msgid "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." +#: ../../configuration/vpn/ipsec.rst:459 +msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." +msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." + #: ../../configuration/vpn/ipsec.rst:439 msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." @@ -5645,10 +6382,11 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." -#: ../../configuration/firewall/bridge.rst:321 -#: ../../configuration/highavailability/index.rst:407 -#: ../../configuration/interfaces/bonding.rst:291 +#: ../../configuration/firewall/bridge.rst:486 +#: ../../configuration/highavailability/index.rst:411 +#: ../../configuration/interfaces/bonding.rst:344 #: ../../configuration/interfaces/l2tpv3.rst:86 +#: ../../configuration/interfaces/openvpn.rst:747 #: ../../configuration/interfaces/pppoe.rst:323 #: ../../configuration/interfaces/virtual-ethernet.rst:92 #: ../../configuration/interfaces/vxlan.rst:187 @@ -5658,6 +6396,7 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/protocols/pim.rst:217 #: ../../configuration/protocols/rpki.rst:166 #: ../../configuration/service/broadcast-relay.rst:55 +#: ../../configuration/service/config-sync.rst:62 #: ../../configuration/service/conntrack-sync.rst:195 #: ../../configuration/service/dhcp-relay.rst:85 #: ../../configuration/service/dhcp-relay.rst:174 @@ -5667,23 +6406,24 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/service/eventhandler.rst:83 #: ../../configuration/service/ids.rst:82 #: ../../configuration/service/mdns.rst:50 -#: ../../configuration/service/monitoring.rst:134 -#: ../../configuration/service/router-advert.rst:108 +#: ../../configuration/service/monitoring.rst:164 +#: ../../configuration/service/router-advert.rst:115 #: ../../configuration/service/snmp.rst:94 #: ../../configuration/service/snmp.rst:145 #: ../../configuration/service/tftp-server.rst:47 #: ../../configuration/system/acceleration.rst:58 -#: ../../configuration/system/login.rst:401 +#: ../../configuration/system/login.rst:407 #: ../../configuration/system/name-server.rst:28 #: ../../configuration/system/name-server.rst:63 #: ../../configuration/system/sflow.rst:49 #: ../../configuration/system/updates.rst:21 -#: ../../configuration/trafficpolicy/index.rst:530 -#: ../../configuration/trafficpolicy/index.rst:1122 +#: ../../configuration/trafficpolicy/index.rst:580 +#: ../../configuration/trafficpolicy/index.rst:1172 #: ../../configuration/vpn/dmvpn.rst:161 +#: ../../configuration/vpn/ipsec.rst:410 #: ../../configuration/vpn/openconnect.rst:97 -#: ../../configuration/vrf/index.rst:118 -#: ../../configuration/vrf/index.rst:251 +#: ../../configuration/vrf/index.rst:114 +#: ../../configuration/vrf/index.rst:247 msgid "Example" msgstr "Example" @@ -5704,15 +6444,16 @@ msgstr "Example, from radius-server send command for disconnect client with user #: ../../configuration/nat/nat44.rst:425 #: ../../configuration/nat/nat66.rst:78 #: ../../configuration/nat/nat66.rst:96 +#: ../../configuration/nat/nat66.rst:110 #: ../../configuration/protocols/static.rst:67 #: ../../configuration/protocols/static.rst:135 #: ../../configuration/protocols/static.rst:207 #: ../../configuration/service/dns.rst:460 #: ../../configuration/service/monitoring.rst:69 #: ../../configuration/service/monitoring.rst:98 -#: ../../configuration/service/ssh.rst:165 -#: ../../configuration/service/ssh.rst:200 -#: ../../configuration/system/flow-accounting.rst:164 +#: ../../configuration/service/ssh.rst:185 +#: ../../configuration/service/ssh.rst:220 +#: ../../configuration/system/flow-accounting.rst:168 #: ../../configuration/vpn/l2tp.rst:91 #: ../../configuration/vpn/site2site_ipsec.rst:165 #: ../../configuration/vpn/site2site_ipsec.rst:276 @@ -5747,6 +6488,10 @@ msgstr "Example, from radius-server send command for disconnect client with user msgid "Example:" msgstr "Example:" +#: ../../configuration/nat/cgnat.rst:64 +msgid "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." +msgstr "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." @@ -5783,15 +6528,19 @@ msgstr "Example: Mirror the outbound traffic of `br1` port to `eth3`" msgid "Example: Mirror the outbound traffic of `eth1` port to `eth3`" msgstr "Example: Mirror the outbound traffic of `eth1` port to `eth3`" -#: ../../configuration/interfaces/bridge.rst:175 +#: ../../configuration/policy/prefix-list.rst:50 +msgid "Example: Prefix Lists" +msgstr "Example: Prefix Lists" + +#: ../../configuration/interfaces/bridge.rst:174 msgid "Example: Set `eth0` member port to be allowed VLAN 4" msgstr "Example: Set `eth0` member port to be allowed VLAN 4" -#: ../../configuration/interfaces/bridge.rst:181 +#: ../../configuration/interfaces/bridge.rst:180 msgid "Example: Set `eth0` member port to be allowed VLAN 6-8" msgstr "Example: Set `eth0` member port to be allowed VLAN 6-8" -#: ../../configuration/interfaces/bridge.rst:162 +#: ../../configuration/interfaces/bridge.rst:161 msgid "Example: Set `eth0` member port to be native VLAN 2" msgstr "Example: Set `eth0` member port to be native VLAN 2" @@ -5799,11 +6548,19 @@ msgstr "Example: Set `eth0` member port to be native VLAN 2" msgid "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." -#: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:110 +#: ../../configuration/container/index.rst:271 +#: ../../configuration/service/https.rst:117 msgid "Example Configuration" msgstr "Example Configuration" +#: ../../configuration/interfaces/wireless.rst:737 +msgid "Example Configuration: WiFi-6 at 2.4GHz" +msgstr "Example Configuration: WiFi-6 at 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:828 +msgid "Example Configuration: WiFi-6e at 6GHz" +msgstr "Example Configuration: WiFi-6e at 6GHz" + #: ../../configuration/service/dns.rst:478 msgid "Example IPv6 only:" msgstr "Example IPv6 only:" @@ -5812,8 +6569,8 @@ msgstr "Example IPv6 only:" msgid "Example Network" msgstr "Example Network" -#: ../../configuration/firewall/ipv4.rst:1153 -#: ../../configuration/firewall/ipv6.rst:1153 +#: ../../configuration/firewall/ipv4.rst:1257 +#: ../../configuration/firewall/ipv6.rst:1263 msgid "Example Partial Config" msgstr "Example Partial Config" @@ -5833,22 +6590,27 @@ msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access ( msgid "Example of redirection:" msgstr "Example of redirection:" -#: ../../configuration/firewall/ipv4.rst:948 -#: ../../configuration/firewall/ipv6.rst:934 +#: ../../configuration/nat/cgnat.rst:113 +msgid "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" +msgstr "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" + +#: ../../configuration/firewall/ipv4.rst:1053 +#: ../../configuration/firewall/ipv6.rst:1043 msgid "Example synproxy" msgstr "Example synproxy" -#: ../../configuration/firewall/groups.rst:145 -#: ../../configuration/interfaces/bridge.rst:196 +#: ../../configuration/firewall/groups.rst:240 +#: ../../configuration/interfaces/bridge.rst:195 #: ../../configuration/interfaces/macsec.rst:153 -#: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/interfaces/wireless.rst:665 +#: ../../configuration/loadbalancing/haproxy.rst:279 #: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 +#: ../../configuration/protocols/openfabric.rst:165 #: ../../configuration/protocols/ospf.rst:834 -#: ../../configuration/service/pppoe-server.rst:601 +#: ../../configuration/service/pppoe-server.rst:626 #: ../../configuration/service/webproxy.rst:419 msgid "Examples" msgstr "Examples" @@ -5866,6 +6628,10 @@ msgstr "Examples of policies usage:" msgid "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." msgstr "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." +#: ../../configuration/service/dhcp-server.rst:644 +msgid "Exclude `<exclude-prefix>` from `<pd-prefix>`." +msgstr "Exclude `<exclude-prefix>` from `<pd-prefix>`." + #: ../../configuration/highavailability/index.rst:83 msgid "Exclude address" msgstr "Exclude address" @@ -5882,11 +6648,11 @@ msgstr "Exit policy on match: go to next sequence number." msgid "Exit policy on match: go to rule <1-65535>" msgstr "Exit policy on match: go to rule <1-65535>" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "Expedited forwarding (EF)" msgstr "Expedited forwarding (EF)" -#: ../../configuration/firewall/flowtables.rst:140 +#: ../../configuration/firewall/flowtables.rst:141 msgid "Explanation" msgstr "Explanation" @@ -5902,27 +6668,31 @@ msgstr "External DHCPv6 server is at 2001:db8::4" msgid "External Route Summarisation" msgstr "External Route Summarisation" +#: ../../configuration/nat/cgnat.rst:142 +msgid "External address sequences" +msgstr "External address sequences" + #: ../../configuration/service/ids.rst:101 msgid "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" msgstr "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" -#: ../../configuration/trafficpolicy/index.rst:441 +#: ../../configuration/trafficpolicy/index.rst:491 msgid "FQ-CoDel" msgstr "FQ-CoDel" -#: ../../configuration/trafficpolicy/index.rst:450 +#: ../../configuration/trafficpolicy/index.rst:500 msgid "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." msgstr "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." -#: ../../configuration/trafficpolicy/index.rst:460 +#: ../../configuration/trafficpolicy/index.rst:510 msgid "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." msgstr "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." -#: ../../configuration/trafficpolicy/index.rst:474 +#: ../../configuration/trafficpolicy/index.rst:524 msgid "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." -#: ../../configuration/trafficpolicy/index.rst:465 +#: ../../configuration/trafficpolicy/index.rst:515 msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." @@ -5938,19 +6708,19 @@ msgstr "FRR offers only partial support for some of the routing protocol extensi msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "FTP daemon" msgstr "FTP daemon" -#: ../../configuration/system/syslog.rst:96 +#: ../../configuration/system/syslog.rst:114 msgid "Facilities" msgstr "Facilities" -#: ../../configuration/system/syslog.rst:104 +#: ../../configuration/system/syslog.rst:122 msgid "Facilities can be adjusted to meet the needs of the user:" msgstr "Facilities can be adjusted to meet the needs of the user:" -#: ../../configuration/system/syslog.rst:107 +#: ../../configuration/system/syslog.rst:125 msgid "Facility Code" msgstr "Facility Code" @@ -5975,15 +6745,15 @@ msgstr "Failover routes are manually configured routes, but they install to the msgid "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." msgstr "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." -#: ../../configuration/trafficpolicy/index.rst:384 +#: ../../configuration/trafficpolicy/index.rst:434 msgid "Fair Queue" msgstr "Fair Queue" -#: ../../configuration/trafficpolicy/index.rst:429 +#: ../../configuration/trafficpolicy/index.rst:479 msgid "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." msgstr "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." -#: ../../configuration/trafficpolicy/index.rst:389 +#: ../../configuration/trafficpolicy/index.rst:439 msgid "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." msgstr "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." @@ -6011,7 +6781,7 @@ msgstr "File identified by `<filename>` containing the TSIG authentication key f msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." -#: ../../configuration/service/pppoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:321 msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" @@ -6023,6 +6793,10 @@ msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-str msgid "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." msgstr "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." +#: ../../configuration/system/syslog.rst:35 +msgid "Filter syslog messages based on facility and level." +msgstr "Filter syslog messages based on facility and level." + #: ../../configuration/policy/index.rst:16 msgid "Filter traffic based on source/destination address." msgstr "Filter traffic based on source/destination address." @@ -6047,11 +6821,11 @@ msgstr "Firewall" msgid "Firewall-Legacy" msgstr "Firewall-Legacy" -#: ../../configuration/firewall/ipv4.rst:72 +#: ../../configuration/firewall/ipv4.rst:96 msgid "Firewall - IPv4 Rules" msgstr "Firewall - IPv4 Rules" -#: ../../configuration/firewall/ipv6.rst:72 +#: ../../configuration/firewall/ipv6.rst:96 msgid "Firewall - IPv6 Rules" msgstr "Firewall - IPv6 Rules" @@ -6063,20 +6837,20 @@ msgstr "Firewall Configuration" msgid "Firewall Configuration (Deprecated)" msgstr "Firewall Configuration (Deprecated)" -#: ../../configuration/firewall/bridge.rst:199 -#: ../../configuration/firewall/ipv4.rst:268 -#: ../../configuration/firewall/ipv6.rst:268 +#: ../../configuration/firewall/bridge.rst:288 +#: ../../configuration/firewall/ipv4.rst:293 +#: ../../configuration/firewall/ipv6.rst:293 msgid "Firewall Description" msgstr "Firewall Description" -#: ../../configuration/interfaces/openvpn.rst:209 +#: ../../configuration/interfaces/openvpn.rst:211 #: ../../configuration/interfaces/wireguard.rst:207 msgid "Firewall Exceptions" msgstr "Firewall Exceptions" -#: ../../configuration/firewall/bridge.rst:149 -#: ../../configuration/firewall/ipv4.rst:196 -#: ../../configuration/firewall/ipv6.rst:196 +#: ../../configuration/firewall/bridge.rst:203 +#: ../../configuration/firewall/ipv4.rst:220 +#: ../../configuration/firewall/ipv6.rst:220 msgid "Firewall Logs" msgstr "Firewall Logs" @@ -6084,6 +6858,18 @@ msgstr "Firewall Logs" msgid "Firewall Rules" msgstr "Firewall Rules" +#: ../../configuration/firewall/ipv4.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/groups.rst:145 +msgid "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." +msgstr "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." + #: ../../configuration/firewall/groups.rst:7 msgid "Firewall groups" msgstr "Firewall groups" @@ -6100,11 +6886,11 @@ msgstr "Firewall groups represent collections of IP addresses, networks, ports, msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." -#: ../../configuration/highavailability/index.rst:391 +#: ../../configuration/highavailability/index.rst:395 msgid "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" -#: ../../configuration/interfaces/openvpn.rst:311 +#: ../../configuration/interfaces/openvpn.rst:315 msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." @@ -6116,15 +6902,20 @@ msgstr "Firewall rules are written as normal, using the internal IP address as t msgid "Firewall rules for Destination NAT" msgstr "Firewall rules for Destination NAT" -#: ../../configuration/interfaces/wwan.rst:321 +#: ../../configuration/interfaces/wwan.rst:322 msgid "Firmware Update" msgstr "Firmware Update" +#: ../../configuration/firewall/ipv4.rst:40 +#: ../../configuration/firewall/ipv6.rst:40 +msgid "First, all traffic is received by the router, and it is processed in the **prerouting** section." +msgstr "First, all traffic is received by the router, and it is processed in the **prerouting** section." + #: ../../configuration/vpn/rsa-keys.rst:9 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." -#: ../../configuration/vpn/ipsec.rst:271 +#: ../../configuration/vpn/ipsec.rst:291 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." @@ -6136,7 +6927,7 @@ msgstr "First, one of the systems generate the key using the :ref:`generate pki msgid "First, we create the root certificate authority." msgstr "First, we create the root certificate authority." -#: ../../configuration/interfaces/openvpn.rst:176 +#: ../../configuration/interfaces/openvpn.rst:178 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6164,6 +6955,10 @@ msgstr "First steps" msgid "First the OTP keys must be generated and sent to the user and to the configuration:" msgstr "First the OTP keys must be generated and sent to the user and to the configuration:" +#: ../../configuration/interfaces/openvpn.rst:346 +msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." +msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." + #: ../../configuration/interfaces/openvpn.rst:342 msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." @@ -6176,19 +6971,23 @@ msgstr "First you will need to deploy an RPKI validator for your routers to use. msgid "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." msgstr "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." -#: ../../configuration/trafficpolicy/index.rst:797 +#: ../../configuration/trafficpolicy/index.rst:847 msgid "Flash" msgstr "Flash" -#: ../../configuration/trafficpolicy/index.rst:795 +#: ../../configuration/trafficpolicy/index.rst:845 msgid "Flash Override" msgstr "Flash Override" +#: ../../configuration/vpn/ipsec.rst:174 +msgid "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +msgstr "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" + #: ../../configuration/system/flow-accounting.rst:5 msgid "Flow Accounting" msgstr "Flow Accounting" -#: ../../configuration/system/flow-accounting.rst:86 +#: ../../configuration/system/flow-accounting.rst:90 msgid "Flow Export" msgstr "Flow Export" @@ -6196,27 +6995,27 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" -#: ../../configuration/trafficpolicy/index.rst:1196 +#: ../../configuration/trafficpolicy/index.rst:1246 msgid "Flows are defined by source-destination host pairs." msgstr "Flows are defined by source-destination host pairs." -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1231 msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1186 +#: ../../configuration/trafficpolicy/index.rst:1236 msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1191 +#: ../../configuration/trafficpolicy/index.rst:1241 msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." -#: ../../configuration/trafficpolicy/index.rst:1177 +#: ../../configuration/trafficpolicy/index.rst:1227 msgid "Flows are defined only by destination address." msgstr "Flows are defined only by destination address." -#: ../../configuration/trafficpolicy/index.rst:1204 +#: ../../configuration/trafficpolicy/index.rst:1254 msgid "Flows are defined only by source address." msgstr "Flows are defined only by source address." @@ -6224,7 +7023,7 @@ msgstr "Flows are defined only by source address." msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." -#: ../../configuration/firewall/flowtables.rst:57 +#: ../../configuration/firewall/flowtables.rst:58 msgid "Flowtable Configuration" msgstr "Flowtable Configuration" @@ -6232,19 +7031,23 @@ msgstr "Flowtable Configuration" msgid "Flowtables Firewall Configuration" msgstr "Flowtables Firewall Configuration" -#: ../../configuration/firewall/flowtables.rst:32 +#: ../../configuration/firewall/flowtables.rst:33 msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +#: ../../configuration/firewall/flowtables.rst:33 +msgid "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +msgstr "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." + #: ../../configuration/loadbalancing/wan.rst:244 msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." -#: ../../configuration/service/ssh.rst:236 +#: ../../configuration/service/ssh.rst:256 msgid "Follow the SSH dynamic-protection log." msgstr "Follow the SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:228 +#: ../../configuration/service/ssh.rst:248 msgid "Follow the SSH server log." msgstr "Follow the SSH server log." @@ -6260,11 +7063,11 @@ msgstr "Follow the instructions to generate server cert (in configuration mode): msgid "Follow the logs for mDNS repeater service." msgstr "Follow the logs for mDNS repeater service." -#: ../../configuration/interfaces/openvpn.rst:258 +#: ../../configuration/interfaces/openvpn.rst:260 msgid "For Encryption:" msgstr "For Encryption:" -#: ../../configuration/interfaces/openvpn.rst:295 +#: ../../configuration/interfaces/openvpn.rst:299 msgid "For Hashing:" msgstr "For Hashing:" @@ -6276,11 +7079,15 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." -#: ../../configuration/service/pppoe-server.rst:257 +#: ../../configuration/service/pppoe-server.rst:276 msgid "For Local Users" msgstr "For Local Users" -#: ../../configuration/service/pppoe-server.rst:297 +#: ../../configuration/protocols/openfabric.rst:25 +msgid "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" +msgstr "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" + +#: ../../configuration/service/pppoe-server.rst:316 msgid "For RADIUS users" msgstr "For RADIUS users" @@ -6300,11 +7107,11 @@ msgstr "For :ref:`destination-nat` rules the packets destination address will be msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." -#: ../../configuration/interfaces/bonding.rst:383 +#: ../../configuration/interfaces/bonding.rst:436 msgid "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." msgstr "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." -#: ../../configuration/interfaces/bonding.rst:354 +#: ../../configuration/interfaces/bonding.rst:407 msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." @@ -6320,11 +7127,16 @@ msgstr "For a simple home network using just the ISP's equipment, this is usuall msgid "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." msgstr "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." +#: ../../configuration/interfaces/openvpn.rst:763 +msgid "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" +msgstr "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" + #: ../../configuration/system/login.rst:136 msgid "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." msgstr "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." #: ../../configuration/trafficpolicy/index.rst:157 +#: ../../configuration/trafficpolicy/index.rst:240 msgid "For example:" msgstr "For example:" @@ -6332,13 +7144,19 @@ msgstr "For example:" msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" +#: ../../configuration/firewall/bridge.rst:77 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 +msgid "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." +msgstr "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." + #: ../../configuration/firewall/bridge.rst:58 -#: ../../configuration/firewall/ipv4.rst:74 -#: ../../configuration/firewall/ipv6.rst:74 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." -#: ../../configuration/interfaces/bonding.rst:219 +#: ../../configuration/interfaces/bonding.rst:224 msgid "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." @@ -6350,7 +7168,7 @@ msgstr "For generating an OTP key in VyOS, you can use the CLI command (operatio msgid "For inbound updates the order of preference is:" msgstr "For inbound updates the order of preference is:" -#: ../../configuration/trafficpolicy/index.rst:254 +#: ../../configuration/trafficpolicy/index.rst:304 msgid "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." msgstr "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." @@ -6378,6 +7196,10 @@ msgstr "For multi hop sessions only. Configure the minimum expected TTL for an i msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." +#: ../../configuration/service/ntp.rst:182 +msgid "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." +msgstr "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." + #: ../../configuration/interfaces/vxlan.rst:152 msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." @@ -6386,12 +7208,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead msgid "For outbound updates the order of preference is:" msgstr "For outbound updates the order of preference is:" -#: ../../configuration/firewall/bridge.rst:201 +#: ../../configuration/firewall/bridge.rst:290 msgid "For reference, a description can be defined for every defined custom chain." msgstr "For reference, a description can be defined for every defined custom chain." -#: ../../configuration/firewall/ipv4.rst:270 -#: ../../configuration/firewall/ipv6.rst:270 +#: ../../configuration/firewall/ipv4.rst:295 +#: ../../configuration/firewall/ipv6.rst:295 msgid "For reference, a description can be defined for every single rule, and for every defined custom chain." msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -6407,7 +7229,7 @@ msgstr "For serial via USB port information please refor to: :ref:`hardware_usb` msgid "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." msgstr "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." -#: ../../configuration/interfaces/openvpn.rst:211 +#: ../../configuration/interfaces/openvpn.rst:213 msgid "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." msgstr "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." @@ -6423,19 +7245,35 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1251 +#: ../../configuration/nat/nat66.rst:108 +msgid "For the destination, groups can also be used instead of an address." +msgstr "For the destination, groups can also be used instead of an address." + +#: ../../configuration/trafficpolicy/index.rst:1301 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." +#: ../../configuration/container/index.rst:273 +msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." +msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." + #: ../../configuration/container/index.rst:218 msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." +#: ../../configuration/firewall/bridge.rst:52 +msgid "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" +msgstr "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" + #: ../../configuration/firewall/general.rst:66 msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" #: ../../configuration/firewall/bridge.rst:40 +msgid "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + +#: ../../configuration/firewall/bridge.rst:40 msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" @@ -6443,17 +7281,31 @@ msgstr "For traffic that needs to be forwared internally by the bridge, base cha msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." +#: ../../configuration/firewall/bridge.rst:46 +msgid "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:46 #: ../../configuration/firewall/ipv6.rst:46 msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + #: ../../configuration/firewall/general.rst:69 msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" -#: ../../configuration/firewall/ipv4.rst:36 -#: ../../configuration/firewall/ipv6.rst:36 +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" @@ -6461,7 +7313,12 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 +msgid "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" +msgstr "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" + +#: ../../configuration/loadbalancing/haproxy.rst:212 msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." @@ -6473,7 +7330,7 @@ msgstr "Formally, a virtual link looks like a point-to-point network connecting msgid "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." msgstr "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." -#: ../../configuration/highavailability/index.rst:372 +#: ../../configuration/highavailability/index.rst:376 msgid "Forward method" msgstr "Forward method" @@ -6501,7 +7358,19 @@ msgstr "From a security perspective, it is not recommended to let a third party msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" -#: ../../configuration/highavailability/index.rst:390 +#: ../../configuration/firewall/bridge.rst:19 +#: ../../configuration/firewall/flowtables.rst:20 +#: ../../configuration/firewall/ipv4.rst:19 +#: ../../configuration/firewall/ipv6.rst:19 +#: ../../configuration/firewall/zone.rst:28 +msgid "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" +msgstr "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" + +#: ../../configuration/nat/cgnat.rst:193 +msgid "Further Reading" +msgstr "Further Reading" + +#: ../../configuration/highavailability/index.rst:394 msgid "Fwmark" msgstr "Fwmark" @@ -6513,7 +7382,11 @@ msgstr "GENEVE" msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." -#: ../../configuration/interfaces/geneve.rst:49 +#: ../../configuration/interfaces/geneve.rst:16 +msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." +msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." + +#: ../../configuration/interfaces/geneve.rst:73 msgid "GENEVE options" msgstr "GENEVE options" @@ -6548,6 +7421,7 @@ msgid "Genearate a new OpenVPN shared secret. The generated secret is the output msgstr "Genearate a new OpenVPN shared secret. The generated secret is the output to the console." #: ../../configuration/protocols/isis.rst:25 +#: ../../configuration/protocols/openfabric.rst:17 #: ../../configuration/protocols/ospf.rst:25 #: ../../configuration/protocols/ospf.rst:1081 #: ../../configuration/system/option.rst:11 @@ -6564,6 +7438,14 @@ msgstr "General Configuration" msgid "General commands for firewall configuration, counter and statiscits:" msgstr "General commands for firewall configuration, counter and statiscits:" +#: ../../configuration/firewall/bridge.rst:456 +msgid "General commands for firewall configuration, counter and statistics:" +msgstr "General commands for firewall configuration, counter and statistics:" + +#: ../../configuration/firewall/groups.rst:243 +msgid "General example" +msgstr "General example" + #: ../../configuration/interfaces/wireguard.rst:29 msgid "Generate Keypair" msgstr "Generate Keypair" @@ -6581,6 +7463,11 @@ msgstr "Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key 128 or 256 msgid "Generate a WireGuard pre-shared secret used for peers to communicate." msgstr "Generate a WireGuard pre-shared secret used for peers to communicate." +#: ../../configuration/pki/index.rst:123 +#: ../../configuration/pki/index.rst:128 +msgid "Generate a new OpenVPN shared secret. The generated secret is the output to the console." +msgstr "Generate a new OpenVPN shared secret. The generated secret is the output to the console." + #: ../../configuration/pki/index.rst:138 #: ../../configuration/pki/index.rst:143 msgid "Generate a new WireGuard public/private key portion and output the result to the console." @@ -6591,7 +7478,7 @@ msgstr "Generate a new WireGuard public/private key portion and output the resul msgid "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." msgstr "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." -#: ../../configuration/service/ssh.rst:194 +#: ../../configuration/service/ssh.rst:214 msgid "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." msgstr "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." @@ -6599,6 +7486,14 @@ msgstr "Generate the configuration mode commands to add a public key for :ref:`s msgid "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." msgstr "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." +#: ../../configuration/interfaces/wireguard.rst:44 +msgid "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." +msgstr "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." + +#: ../../configuration/interfaces/wireguard.rst:33 +msgid "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +msgstr "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." + #: ../../configuration/interfaces/tunnel.rst:106 msgid "Generic Routing Encapsulation (GRE)" msgstr "Generic Routing Encapsulation (GRE)" @@ -6619,7 +7514,7 @@ msgstr "Get an overview over the encryption counters." msgid "Get detailed information about LLDP neighbors." msgstr "Get detailed information about LLDP neighbors." -#: ../../configuration/nat/nat66.rst:160 +#: ../../configuration/nat/nat66.rst:172 msgid "Get the DHCPv6-PD prefixes from both routers:" msgstr "Get the DHCPv6-PD prefixes from both routers:" @@ -6635,19 +7530,24 @@ msgstr "Given the fact that open DNS recursors could be used on DDoS amplificati msgid "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." msgstr "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +#: ../../configuration/interfaces/openvpn.rst:581 +msgid "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +msgstr "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." + #: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/haproxy.rst:179 +#: ../../configuration/system/syslog.rst:21 msgid "Global" msgstr "Global" -#: ../../configuration/service/ipoe-server.rst:352 -#: ../../configuration/service/pppoe-server.rst:518 -#: ../../configuration/vpn/l2tp.rst:472 +#: ../../configuration/service/ipoe-server.rst:351 +#: ../../configuration/service/pppoe-server.rst:543 +#: ../../configuration/vpn/l2tp.rst:477 #: ../../configuration/vpn/pptp.rst:396 -#: ../../configuration/vpn/sstp.rst:430 +#: ../../configuration/vpn/sstp.rst:435 msgid "Global Advanced options" msgstr "Global Advanced options" @@ -6659,11 +7559,11 @@ msgstr "Global Options" msgid "Global Options Firewall Configuration" msgstr "Global Options Firewall Configuration" -#: ../../configuration/highavailability/index.rst:224 +#: ../../configuration/highavailability/index.rst:228 msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:192 +#: ../../configuration/loadbalancing/haproxy.rst:181 msgid "Global parameters" msgstr "Global parameters" @@ -6676,11 +7576,11 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" -#: ../../configuration/service/https.rst:84 +#: ../../configuration/service/https.rst:87 msgid "GraphQL" msgstr "GraphQL" -#: ../../configuration/highavailability/index.rst:236 +#: ../../configuration/highavailability/index.rst:240 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6692,7 +7592,23 @@ msgstr "Groups" msgid "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." msgstr "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." -#: ../../configuration/interfaces/openvpn.rst:420 +#: ../../configuration/interfaces/wireless.rst:338 +msgid "HE (High Efficiency) capabilities (802.11ax)" +msgstr "HE (High Efficiency) capabilities (802.11ax)" + +#: ../../configuration/interfaces/wireless.rst:369 +msgid "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" +msgstr "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" + +#: ../../configuration/interfaces/wireless.rst:372 +msgid "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" +msgstr "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" + +#: ../../configuration/interfaces/wwan.rst:318 +msgid "HP LT4120 Snapdragon X5 LTE" +msgstr "HP LT4120 Snapdragon X5 LTE" + +#: ../../configuration/interfaces/openvpn.rst:424 msgid "HQ's router requires the following steps to generate crypto materials for the Branch 1:" msgstr "HQ's router requires the following steps to generate crypto materials for the Branch 1:" @@ -6708,20 +7624,28 @@ msgstr "HTTP API" msgid "HTTP based services" msgstr "HTTP based services" +#: ../../configuration/service/monitoring.rst:151 +msgid "HTTP basic authentication." +msgstr "HTTP basic authentication." + #: ../../configuration/service/monitoring.rst:51 #: ../../configuration/service/monitoring.rst:55 msgid "HTTP basic authentication username" msgstr "HTTP basic authentication username" -#: ../../configuration/system/option.rst:57 +#: ../../configuration/loadbalancing/haproxy.rst:210 +msgid "HTTP checks" +msgstr "HTTP checks" + +#: ../../configuration/system/option.rst:77 msgid "HTTP client" msgstr "HTTP client" -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:165 msgid "HTTP health check" msgstr "HTTP health check" -#: ../../configuration/interfaces/wireless.rst:137 +#: ../../configuration/interfaces/wireless.rst:165 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -6729,6 +7653,10 @@ msgstr "HT (High Throughput) capabilities (802.11n)" msgid "Hairpin NAT/NAT Reflection" msgstr "Hairpin NAT/NAT Reflection" +#: ../../configuration/service/dhcp-server.rst:638 +msgid "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." +msgstr "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." + #: ../../configuration/service/dhcp-server.rst:632 msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." @@ -6737,22 +7665,43 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe msgid "Handling and monitoring" msgstr "Handling and monitoring" +#: ../../configuration/loadbalancing/haproxy.rst:4 +msgid "Haproxy" +msgstr "Haproxy" + +#: ../../configuration/loadbalancing/haproxy.rst:8 +msgid "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." +msgstr "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." + +#: ../../configuration/service/ntp.rst:124 +msgid "Hardware Timestamping of NTP Packets" +msgstr "Hardware Timestamping of NTP Packets" + +#: ../../configuration/service/ntp.rst:133 +msgid "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." +msgstr "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." + #: ../../configuration/nat/nat44.rst:403 msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." -#: ../../configuration/highavailability/index.rst:382 +#: ../../configuration/highavailability/index.rst:386 msgid "Health-check" msgstr "Health-check" -#: ../../configuration/highavailability/index.rst:308 +#: ../../configuration/highavailability/index.rst:312 msgid "Health check scripts" msgstr "Health check scripts" +#: ../../configuration/loadbalancing/haproxy.rst:206 #: ../../configuration/loadbalancing/wan.rst:124 msgid "Health checks" msgstr "Health checks" +#: ../../configuration/loadbalancing/haproxy.rst:244 +msgid "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" +msgstr "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" + #: ../../configuration/nat/nat44.rst:626 msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" @@ -6765,6 +7714,10 @@ msgstr "Here's one example of a network environment for an ASP. The ASP requests msgid "Here's the IP routes that are populated. Just the loopback:" msgstr "Here's the IP routes that are populated. Just the loopback:" +#: ../../configuration/protocols/openfabric.rst:211 +msgid "Here's the IP routes that are populated:" +msgstr "Here's the IP routes that are populated:" + #: ../../configuration/protocols/ospf.rst:862 msgid "Here's the neighbors up:" msgstr "Here's the neighbors up:" @@ -6782,14 +7735,19 @@ msgid "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS msgstr "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS router and a Linux host using systemd-networkd." #: ../../configuration/protocols/isis.rst:44 +#: ../../configuration/protocols/openfabric.rst:34 msgid "Here is an example :abbr:`NET (Network Entity Title)` value:" msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:" +#: ../../configuration/firewall/groups.rst:406 +msgid "Here is an example of such command:" +msgstr "Here is an example of such command:" + #: ../../configuration/protocols/rpki.rst:177 msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." -#: ../../configuration/firewall/groups.rst:150 +#: ../../configuration/firewall/groups.rst:248 msgid "Here is an example were multiple groups are created:" msgstr "Here is an example were multiple groups are created:" @@ -6808,10 +7766,10 @@ msgstr "Here we provide two examples on how to apply NAT Load Balance." msgid "Hewlett-Packard call it Source-Port filtering or port-isolation" msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation" -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:279 -#: ../../configuration/trafficpolicy/index.rst:285 -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:329 +#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "High" msgstr "High" @@ -6840,7 +7798,7 @@ msgstr "Host Information" msgid "Host name" msgstr "Host name" -#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:721 msgid "Host specific mapping shall be named ``client1``" msgstr "Host specific mapping shall be named ``client1``" @@ -6860,11 +7818,11 @@ msgstr "How to configure Event Handler" msgid "How to make it work" msgstr "How to make it work" -#: ../../configuration/vpn/ipsec.rst:267 +#: ../../configuration/vpn/ipsec.rst:287 msgid "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." msgstr "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." -#: ../../configuration/interfaces/openvpn.rst:80 +#: ../../configuration/interfaces/openvpn.rst:81 msgid "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." msgstr "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." @@ -6920,7 +7878,7 @@ msgstr "IKE Phase:" msgid "IKE (Internet Key Exchange) Attributes" msgstr "IKE (Internet Key Exchange) Attributes" -#: ../../configuration/vpn/ipsec.rst:35 +#: ../../configuration/vpn/ipsec.rst:36 msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" @@ -6932,7 +7890,7 @@ msgstr "IKEv1" msgid "IKEv2" msgstr "IKEv2" -#: ../../configuration/vpn/ipsec.rst:372 +#: ../../configuration/vpn/ipsec.rst:392 msgid "IKEv2 IPSec road-warriors remote-access VPN" msgstr "IKEv2 IPSec road-warriors remote-access VPN" @@ -6992,8 +7950,8 @@ msgstr "IP address" msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" -#: ../../configuration/interfaces/wireless.rst:349 -#: ../../configuration/interfaces/wireless.rst:549 +#: ../../configuration/interfaces/wireless.rst:460 +#: ../../configuration/interfaces/wireless.rst:673 msgid "IP address ``192.168.2.1/24``" msgstr "IP address ``192.168.2.1/24``" @@ -7061,7 +8019,7 @@ msgstr "IP next-hop of route to match, based on prefix length." msgid "IP next-hop of route to match, based on type." msgstr "IP next-hop of route to match, based on type." -#: ../../configuration/trafficpolicy/index.rst:784 +#: ../../configuration/trafficpolicy/index.rst:834 msgid "IP precedence as defined in :rfc:`791`:" msgstr "IP precedence as defined in :rfc:`791`:" @@ -7085,6 +8043,10 @@ msgstr "IPoE Server" msgid "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." msgstr "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." +#: ../../configuration/service/ipoe-server.rst:29 +msgid "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." +msgstr "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." + #: ../../configuration/service/ipoe-server.rst:11 msgid "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." msgstr "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." @@ -7097,11 +8059,11 @@ msgstr "IPoE server will listen on interfaces eth1.50 and eth1.51" msgid "IPsec" msgstr "IPsec" -#: ../../configuration/vpn/ipsec.rst:176 +#: ../../configuration/vpn/ipsec.rst:196 msgid "IPsec policy matching GRE" msgstr "IPsec policy matching GRE" -#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/service/pppoe-server.rst:629 msgid "IPv4" msgstr "IPv4" @@ -7109,6 +8071,10 @@ msgstr "IPv4" msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." +#: ../../configuration/interfaces/vxlan.rst:106 +msgid "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." +msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." + #: ../../configuration/firewall/ipv4.rst:7 msgid "IPv4 Firewall Configuration" msgstr "IPv4 Firewall Configuration" @@ -7121,7 +8087,7 @@ msgstr "IPv4 address of next bootstrap server" msgid "IPv4 address of router on the client's subnet" msgstr "IPv4 address of router on the client's subnet" -#: ../../configuration/system/flow-accounting.rst:111 +#: ../../configuration/system/flow-accounting.rst:115 msgid "IPv4 or IPv6 source address of NetFlow packets" msgstr "IPv4 or IPv6 source address of NetFlow packets" @@ -7146,12 +8112,12 @@ msgid "IPv4 server" msgstr "IPv4 server" #: ../../configuration/interfaces/pppoe.rst:244 -#: ../../configuration/service/ipoe-server.rst:256 -#: ../../configuration/service/pppoe-server.rst:341 +#: ../../configuration/service/ipoe-server.rst:255 +#: ../../configuration/service/pppoe-server.rst:360 #: ../../configuration/system/ipv6.rst:3 -#: ../../configuration/vpn/l2tp.rst:286 +#: ../../configuration/vpn/l2tp.rst:289 #: ../../configuration/vpn/pptp.rst:210 -#: ../../configuration/vpn/sstp.rst:244 +#: ../../configuration/vpn/sstp.rst:247 msgid "IPv6" msgstr "IPv6" @@ -7159,10 +8125,10 @@ msgstr "IPv6" msgid "IPv6 Access List" msgstr "IPv6 Access List" -#: ../../configuration/service/pppoe-server.rst:381 -#: ../../configuration/vpn/l2tp.rst:325 +#: ../../configuration/service/pppoe-server.rst:401 +#: ../../configuration/vpn/l2tp.rst:328 #: ../../configuration/vpn/pptp.rst:249 -#: ../../configuration/vpn/sstp.rst:283 +#: ../../configuration/vpn/sstp.rst:286 msgid "IPv6 Advanced Options" msgstr "IPv6 Advanced Options" @@ -7186,7 +8152,7 @@ msgstr "IPv6 Multicast" msgid "IPv6 Prefix Delegation" msgstr "IPv6 Prefix Delegation" -#: ../../configuration/policy/prefix-list.rst:50 +#: ../../configuration/policy/prefix-list.rst:66 msgid "IPv6 Prefix Lists" msgstr "IPv6 Prefix Lists" @@ -7198,7 +8164,7 @@ msgstr "IPv6 SLAAC and IA-PD" msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" -#: ../../configuration/service/dhcp-server.rst:689 +#: ../../configuration/service/dhcp-server.rst:719 msgid "IPv6 address ``2001:db8::101`` shall be statically mapped" msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped" @@ -7230,11 +8196,11 @@ msgstr "IPv6 default client's pool assignment" msgid "IPv6 peering" msgstr "IPv6 peering" -#: ../../configuration/policy/prefix-list.rst:72 +#: ../../configuration/policy/prefix-list.rst:88 msgid "IPv6 prefix." msgstr "IPv6 prefix." -#: ../../configuration/service/dhcp-server.rst:690 +#: ../../configuration/service/dhcp-server.rst:720 msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" @@ -7274,11 +8240,11 @@ msgstr "ISC-DHCP Option name" msgid "Identity Based Configuration" msgstr "Identity Based Configuration" -#: ../../configuration/trafficpolicy/index.rst:903 +#: ../../configuration/trafficpolicy/index.rst:953 msgid "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." msgstr "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." -#: ../../configuration/interfaces/bonding.rst:253 +#: ../../configuration/interfaces/bonding.rst:258 msgid "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." msgstr "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." @@ -7328,15 +8294,28 @@ msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used." #: ../../configuration/firewall/bridge.rst:67 -#: ../../configuration/firewall/ipv4.rst:83 -#: ../../configuration/firewall/ipv6.rst:83 +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." +#: ../../configuration/firewall/bridge.rst:86 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." + +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." + #: ../../configuration/service/dhcp-server.rst:161 msgid "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." msgstr "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." +#: ../../configuration/firewall/bridge.rst:132 +msgid "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" +msgstr "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" + #: ../../configuration/nat/nat44.rst:43 msgid "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." @@ -7345,6 +8324,38 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918 msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." +#: ../../configuration/firewall/ipv4.rst:734 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:725 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:735 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:726 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:760 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:751 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv4.rst:759 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:750 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + #: ../../configuration/protocols/pim.rst:106 msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." @@ -7365,11 +8376,15 @@ msgstr "If configured, try to avoid local addresses that are not in the target's msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." +#: ../../configuration/service/monitoring.rst:153 +msgid "If either is set both must be set." +msgstr "If either is set both must be set." + #: ../../configuration/nat/nat44.rst:564 msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." -#: ../../configuration/trafficpolicy/index.rst:1031 +#: ../../configuration/trafficpolicy/index.rst:1081 msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." @@ -7381,15 +8396,19 @@ msgstr "If interface were the packet was received is part of a bridge, then pack msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +#: ../../configuration/firewall/bridge.rst:58 +msgid "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." +msgstr "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." + #: ../../configuration/protocols/igmp-proxy.rst:49 msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." -#: ../../configuration/interfaces/openvpn.rst:69 +#: ../../configuration/interfaces/openvpn.rst:70 msgid "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." msgstr "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." -#: ../../configuration/system/syslog.rst:87 +#: ../../configuration/system/syslog.rst:105 msgid "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." @@ -7413,7 +8432,7 @@ msgstr "If no destination is specified the rule will match on any destination ad msgid "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." msgstr "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." -#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/system/syslog.rst:225 msgid "If no option is specified, this defaults to `all`." msgstr "If no option is specified, this defaults to `all`." @@ -7429,10 +8448,26 @@ msgstr "If optional profile parameter is used, select a BFD profile for the BFD msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." +#: ../../configuration/system/syslog.rst:30 +msgid "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." +msgstr "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." + +#: ../../configuration/service/router-advert.rst:105 +msgid "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." +msgstr "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." + #: ../../_include/interface-ip.txt:36 msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." +#: ../../configuration/service/monitoring.rst:159 +msgid "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." +msgstr "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." + +#: ../../configuration/interfaces/openvpn.rst:727 +msgid "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." +msgstr "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." + #: ../../configuration/system/task-scheduler.rst:24 msgid "If suffix is omitted, minutes are implied." msgstr "If suffix is omitted, minutes are implied." @@ -7453,46 +8488,61 @@ msgstr "If the AS-Path for the route has only private ASNs, the private ASNs are msgid "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." msgstr "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." -#: ../../configuration/service/ipoe-server.rst:243 -#: ../../configuration/service/pppoe-server.rst:205 -#: ../../configuration/vpn/l2tp.rst:248 +#: ../../configuration/service/ipoe-server.rst:242 +#: ../../configuration/service/pppoe-server.rst:223 #: ../../configuration/vpn/pptp.rst:188 -#: ../../configuration/vpn/sstp.rst:221 msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:233 -#: ../../configuration/service/pppoe-server.rst:195 -#: ../../configuration/vpn/l2tp.rst:238 +#: ../../configuration/vpn/l2tp.rst:250 +#: ../../configuration/vpn/sstp.rst:223 +msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:212 #: ../../configuration/vpn/pptp.rst:178 -#: ../../configuration/vpn/sstp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." +#: ../../configuration/vpn/l2tp.rst:238 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." + +#: ../../configuration/vpn/sstp.rst:211 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." + #: ../../configuration/vpn/l2tp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." -#: ../../configuration/service/ipoe-server.rst:237 -#: ../../configuration/service/pppoe-server.rst:199 -#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/service/ipoe-server.rst:236 +#: ../../configuration/service/pppoe-server.rst:216 #: ../../configuration/vpn/pptp.rst:182 -#: ../../configuration/vpn/sstp.rst:215 msgid "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:240 -#: ../../configuration/service/pppoe-server.rst:202 -#: ../../configuration/vpn/l2tp.rst:245 +#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/vpn/sstp.rst:215 +msgid "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:239 +#: ../../configuration/service/pppoe-server.rst:219 #: ../../configuration/vpn/pptp.rst:185 -#: ../../configuration/vpn/sstp.rst:218 msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." -#: ../../configuration/service/pppoe-server.rst:219 -#: ../../configuration/vpn/l2tp.rst:262 +#: ../../configuration/vpn/l2tp.rst:246 +#: ../../configuration/vpn/sstp.rst:219 +msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." + +#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/vpn/l2tp.rst:265 #: ../../configuration/vpn/pptp.rst:202 -#: ../../configuration/vpn/sstp.rst:235 +#: ../../configuration/vpn/sstp.rst:238 msgid "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." msgstr "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." @@ -7504,11 +8554,11 @@ msgstr "If the :cfgcmd:`no-prepend` attribute is specified, then the supplied lo msgid "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." msgstr "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." -#: ../../configuration/trafficpolicy/index.rst:892 +#: ../../configuration/trafficpolicy/index.rst:942 msgid "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." msgstr "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." -#: ../../configuration/trafficpolicy/index.rst:899 +#: ../../configuration/trafficpolicy/index.rst:949 msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." @@ -7516,16 +8566,24 @@ msgstr "If the current queue size is larger than **queue-limit**, then packets w msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" -#: ../../configuration/firewall/index.rst:83 +#: ../../configuration/firewall/index.rst:94 msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +#: ../../configuration/firewall/index.rst:99 +msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" +msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" + +#: ../../configuration/firewall/index.rst:31 +msgid "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +msgstr "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" + #: ../../configuration/firewall/index.rst:26 msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" -#: ../../configuration/interfaces/bonding.rst:187 -#: ../../configuration/interfaces/bonding.rst:216 +#: ../../configuration/interfaces/bonding.rst:192 +#: ../../configuration/interfaces/bonding.rst:221 msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." msgstr "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." @@ -7562,14 +8620,21 @@ msgstr "If this is set the relay agent will insert the interface ID. This option msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." +#: ../../configuration/vpn/sstp.rst:481 +msgid "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." +msgstr "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." + +#: ../../configuration/vpn/l2tp.rst:441 +#: ../../configuration/vpn/sstp.rst:399 +msgid "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." +msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." + #: ../../configuration/vpn/sstp.rst:189 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." -#: ../../configuration/service/pppoe-server.rst:484 -#: ../../configuration/vpn/l2tp.rst:438 +#: ../../configuration/service/pppoe-server.rst:509 #: ../../configuration/vpn/pptp.rst:362 -#: ../../configuration/vpn/sstp.rst:396 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." @@ -7589,14 +8654,18 @@ msgstr "If this parameter is not set, the default holdoff time is 30 seconds." msgid "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." msgstr "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." -#: ../../configuration/system/login.rst:274 +#: ../../configuration/system/login.rst:280 msgid "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." -#: ../../configuration/system/login.rst:343 +#: ../../configuration/system/login.rst:349 msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." +#: ../../configuration/interfaces/openvpn.rst:318 +msgid "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." +msgstr "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." + #: ../../configuration/nat/nat44.rst:810 msgid "If you've completed all the above steps you no doubt want to see if it's all working." msgstr "If you've completed all the above steps you no doubt want to see if it's all working." @@ -7605,7 +8674,7 @@ msgstr "If you've completed all the above steps you no doubt want to see if it's msgid "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." msgstr "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." -#: ../../configuration/interfaces/openvpn.rst:637 +#: ../../configuration/interfaces/openvpn.rst:645 msgid "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." msgstr "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." @@ -7625,33 +8694,36 @@ msgstr "If you are responsible for the global addresses assigned to your network msgid "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." msgstr "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." -#: ../../configuration/trafficpolicy/index.rst:483 +#: ../../configuration/trafficpolicy/index.rst:533 msgid "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." msgstr "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." -#: ../../configuration/service/ipoe-server.rst:146 -#: ../../configuration/service/pppoe-server.rst:108 -#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/service/ipoe-server.rst:145 +#: ../../configuration/service/pppoe-server.rst:109 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." #: ../../configuration/vpn/pptp.rst:91 -#: ../../configuration/vpn/sstp.rst:124 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." -#: ../../configuration/interfaces/openvpn.rst:306 +#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/vpn/sstp.rst:124 +msgid "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." +msgstr "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." + +#: ../../configuration/interfaces/openvpn.rst:310 msgid "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." msgstr "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." #: ../../configuration/system/ip.rst:43 #: ../../configuration/system/ipv6.rst:39 -#: ../../configuration/vrf/index.rst:57 -#: ../../configuration/vrf/index.rst:67 +#: ../../configuration/vrf/index.rst:53 +#: ../../configuration/vrf/index.rst:63 msgid "If you choose any as the option that will cause all protocols that are sending routes to zebra." msgstr "If you choose any as the option that will cause all protocols that are sending routes to zebra." -#: ../../configuration/trafficpolicy/index.rst:1114 +#: ../../configuration/trafficpolicy/index.rst:1164 msgid "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." @@ -7663,11 +8735,11 @@ msgstr "If you enable this, you will probably want to set diversity-factor and c msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." -#: ../../configuration/vpn/ipsec.rst:483 +#: ../../configuration/vpn/ipsec.rst:503 msgid "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." msgstr "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." -#: ../../configuration/interfaces/bonding.rst:312 +#: ../../configuration/interfaces/bonding.rst:365 msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." @@ -7691,11 +8763,11 @@ msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add add msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." -#: ../../configuration/system/flow-accounting.rst:65 +#: ../../configuration/system/flow-accounting.rst:69 msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" -#: ../../configuration/interfaces/openvpn.rst:518 +#: ../../configuration/interfaces/openvpn.rst:522 msgid "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" msgstr "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" @@ -7703,27 +8775,34 @@ msgstr "If you only want to check if the user account is enabled and can authent msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." -#: ../../configuration/service/ipoe-server.rst:215 -#: ../../configuration/service/pppoe-server.rst:177 -#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/service/ipoe-server.rst:214 +#: ../../configuration/service/pppoe-server.rst:192 #: ../../configuration/vpn/pptp.rst:160 -#: ../../configuration/vpn/sstp.rst:193 msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." +#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/vpn/sstp.rst:193 +msgid "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." +msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." + +#: ../../configuration/loadbalancing/haproxy.rst:256 +msgid "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." +msgstr "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." + #: ../../configuration/system/console.rst:41 msgid "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." msgstr "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." -#: ../../configuration/vpn/sstp.rst:482 +#: ../../configuration/vpn/sstp.rst:492 msgid "If you use a self-signed certificate, do not forget to install CA on the client side." msgstr "If you use a self-signed certificate, do not forget to install CA on the client side." -#: ../../configuration/vpn/ipsec.rst:538 +#: ../../configuration/vpn/ipsec.rst:558 msgid "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." msgstr "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." -#: ../../configuration/system/flow-accounting.rst:140 +#: ../../configuration/system/flow-accounting.rst:144 msgid "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." msgstr "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." @@ -7731,7 +8810,7 @@ msgstr "If you want to change the maximum number of flows, which are tracking si msgid "If you want to disable a rule but let it in the configuration." msgstr "If you want to disable a rule but let it in the configuration." -#: ../../configuration/system/login.rst:298 +#: ../../configuration/system/login.rst:304 msgid "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." msgstr "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." @@ -7759,10 +8838,14 @@ msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_c msgid "Imagine the following topology" msgstr "Imagine the following topology" -#: ../../configuration/trafficpolicy/index.rst:799 +#: ../../configuration/trafficpolicy/index.rst:849 msgid "Immediate" msgstr "Immediate" +#: ../../configuration/nat/cgnat.rst:24 +msgid "Implemented the following :rfc:`6888` requirements:" +msgstr "Implemented the following :rfc:`6888` requirements:" + #: ../../configuration/pki/index.rst:254 msgid "Import files to PKI format" msgstr "Import files to PKI format" @@ -7791,6 +8874,10 @@ msgstr "Import the public CA certificate from the defined file to VyOS CLI." msgid "Imported prefixes during the validation may have values:" msgstr "Imported prefixes during the validation may have values:" +#: ../../configuration/interfaces/openvpn.rst:672 +msgid "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" +msgstr "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" + #: ../../configuration/protocols/static.rst:191 msgid "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." @@ -7799,11 +8886,23 @@ msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP msgid "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." msgstr "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." -#: ../../configuration/vpn/ipsec.rst:120 +#: ../../configuration/trafficpolicy/index.rst:763 +msgid "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." +msgstr "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." +msgstr "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 6GHz as of yet." +msgstr "In VyOS, 802.11ax is only implemented for 6GHz as of yet." + +#: ../../configuration/vpn/ipsec.rst:121 msgid "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." -#: ../../configuration/vpn/ipsec.rst:42 +#: ../../configuration/vpn/ipsec.rst:43 msgid "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." @@ -7819,7 +8918,7 @@ msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags t msgid "In :rfc:`3069` it is called VLAN Aggregation" msgstr "In :rfc:`3069` it is called VLAN Aggregation" -#: ../../configuration/firewall/zone.rst:60 +#: ../../configuration/firewall/zone.rst:57 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." @@ -7839,11 +8938,11 @@ msgstr "In a nutshell, the current implementation provides the following feature msgid "In addition, you can specify many other parameters to get BGP information:" msgstr "In addition, you can specify many other parameters to get BGP information:" -#: ../../configuration/system/login.rst:305 +#: ../../configuration/system/login.rst:311 msgid "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." -#: ../../configuration/system/flow-accounting.rst:88 +#: ../../configuration/system/flow-accounting.rst:92 msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server." msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server." @@ -7870,14 +8969,18 @@ msgid "In addition you will specify the IP address or FQDN for the client where msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address." #: ../../configuration/firewall/groups.rst:21 +msgid "In an **address group** a single IP address or IP address range is defined." +msgstr "In an **address group** a single IP address or IP address range is defined." + +#: ../../configuration/firewall/groups.rst:21 msgid "In an **address group** a single IP address or IP address ranges are defined." msgstr "In an **address group** a single IP address or IP address ranges are defined." -#: ../../configuration/interfaces/openvpn.rst:57 +#: ../../configuration/interfaces/openvpn.rst:58 msgid "In both cases, we will use the following settings:" msgstr "In both cases, we will use the following settings:" -#: ../../configuration/system/flow-accounting.rst:78 +#: ../../configuration/system/flow-accounting.rst:82 msgid "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" msgstr "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" @@ -7885,7 +8988,7 @@ msgstr "In case, if you need to catch some logs from flow-accounting daemon, you msgid "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." msgstr "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." -#: ../../configuration/trafficpolicy/index.rst:775 +#: ../../configuration/trafficpolicy/index.rst:825 msgid "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." @@ -7893,7 +8996,7 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" -#: ../../configuration/firewall/bridge.rst:70 +#: ../../configuration/firewall/bridge.rst:89 msgid "In firewall bridge rules, the action can be:" msgstr "In firewall bridge rules, the action can be:" @@ -7901,11 +9004,11 @@ msgstr "In firewall bridge rules, the action can be:" msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." -#: ../../configuration/system/login.rst:240 +#: ../../configuration/system/login.rst:246 msgid "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." msgstr "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." -#: ../../configuration/system/flow-accounting.rst:45 +#: ../../configuration/system/flow-accounting.rst:49 msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." @@ -7937,7 +9040,7 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." -#: ../../configuration/service/dhcp-server.rst:684 +#: ../../configuration/service/dhcp-server.rst:714 msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." @@ -7945,7 +9048,7 @@ msgstr "In order to map specific IPv6 addresses to specific hosts static mapping msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." -#: ../../configuration/trafficpolicy/index.rst:402 +#: ../../configuration/trafficpolicy/index.rst:452 msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." @@ -7953,7 +9056,7 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." -#: ../../configuration/interfaces/ethernet.rst:111 +#: ../../configuration/interfaces/ethernet.rst:119 msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." @@ -7961,7 +9064,7 @@ msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." -#: ../../configuration/firewall/flowtables.rst:59 +#: ../../configuration/firewall/flowtables.rst:60 msgid "In order to use flowtables, the minimal configuration needed includes:" msgstr "In order to use flowtables, the minimal configuration needed includes:" @@ -7981,11 +9084,11 @@ msgstr "In our example, we used the key name ``openvpn-1`` which we will referen msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" -#: ../../configuration/vpn/ipsec.rst:411 +#: ../../configuration/vpn/ipsec.rst:431 msgid "In our example the certificate name is called vyos:" msgstr "In our example the certificate name is called vyos:" -#: ../../configuration/trafficpolicy/index.rst:906 +#: ../../configuration/trafficpolicy/index.rst:956 msgid "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." @@ -7993,6 +9096,10 @@ msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshol msgid "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." msgstr "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." +#: ../../configuration/trafficpolicy/index.rst:217 +msgid "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" +msgstr "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" + #: ../../configuration/protocols/ospf.rst:46 msgid "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" msgstr "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" @@ -8017,11 +9124,11 @@ msgstr "In the age of very fast networks, a second of unreachability may equal m msgid "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." msgstr "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." -#: ../../configuration/trafficpolicy/index.rst:895 +#: ../../configuration/trafficpolicy/index.rst:945 msgid "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." msgstr "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." -#: ../../configuration/trafficpolicy/index.rst:564 +#: ../../configuration/trafficpolicy/index.rst:614 msgid "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." msgstr "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." @@ -8029,11 +9136,11 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." -#: ../../configuration/vpn/ipsec.rst:564 +#: ../../configuration/vpn/ipsec.rst:584 msgid "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." msgstr "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." -#: ../../configuration/service/pppoe-server.rst:333 +#: ../../configuration/service/pppoe-server.rst:352 msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." @@ -8041,7 +9148,7 @@ msgstr "In the example above, the first 499 sessions connect without delay. PADO msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" -#: ../../configuration/system/login.rst:403 +#: ../../configuration/system/login.rst:409 msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." @@ -8061,7 +9168,7 @@ msgstr "In the following example we can see a basic multicast setup:" msgid "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." msgstr "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." -#: ../../configuration/highavailability/index.rst:410 +#: ../../configuration/highavailability/index.rst:414 msgid "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" msgstr "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" @@ -8077,6 +9184,10 @@ msgstr "In this command tree, all hardware acceleration options will be handled. msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" +#: ../../configuration/trafficpolicy/index.rst:263 +msgid "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." +msgstr "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." + #: ../../configuration/nat/nat44.rst:358 msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." @@ -8085,7 +9196,7 @@ msgstr "In this example, we use **masquerade** as the translation address instea msgid "In this example, we will be using the example Quick Start configuration above as a starting point." msgstr "In this example, we will be using the example Quick Start configuration above as a starting point." -#: ../../configuration/highavailability/index.rst:440 +#: ../../configuration/highavailability/index.rst:444 msgid "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." @@ -8093,7 +9204,7 @@ msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protoco msgid "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." msgstr "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." -#: ../../configuration/interfaces/openvpn.rst:334 +#: ../../configuration/interfaces/openvpn.rst:338 msgid "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." msgstr "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." @@ -8109,14 +9220,26 @@ msgstr "In this scenario:" msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/ipv6.rst:13 msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/bridge.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/bridge.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/flowtables.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables" msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables" @@ -8129,7 +9252,27 @@ msgstr "In this section there's useful information of all firewall configuration msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" -#: ../../configuration/firewall/bridge.rst:289 +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/flowtables.rst:15 +msgid "In this section there's useful information on all firewall configuration that can be done regarding flowtables." +msgstr "In this section there's useful information on all firewall configuration that can be done regarding flowtables." + +#: ../../configuration/firewall/zone.rst:22 +msgid "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:454 msgid "In this section you can find all useful firewall op-mode commands." msgstr "In this section you can find all useful firewall op-mode commands." @@ -8145,7 +9288,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." -#: ../../configuration/firewall/zone.rst:43 +#: ../../configuration/firewall/zone.rst:40 msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." @@ -8157,11 +9300,11 @@ msgstr "Inbound connections to a WAN interface can be improperly handled when th msgid "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." msgstr "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." -#: ../../configuration/interfaces/wireless.rst:272 +#: ../../configuration/interfaces/wireless.rst:308 msgid "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:68 +#: ../../configuration/loadbalancing/haproxy.rst:80 msgid "Indication" msgstr "Indication" @@ -8177,11 +9320,11 @@ msgstr "Inform client that the DNS server can be found at `<address>`." msgid "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" msgstr "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational" msgstr "Informational" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational messages" msgstr "Informational messages" @@ -8189,7 +9332,7 @@ msgstr "Informational messages" msgid "Input from `eth0` network interface" msgstr "Input from `eth0` network interface" -#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/bridge.rst:555 msgid "Inspect logs:" msgstr "Inspect logs:" @@ -8197,6 +9340,10 @@ msgstr "Inspect logs:" msgid "Install the client software via apt and execute pptpsetup to generate the configuration." msgstr "Install the client software via apt and execute pptpsetup to generate the configuration." +#: ../../configuration/firewall/groups.rst:150 +msgid "Instead, members of these groups are added dynamically using firewall rules." +msgstr "Instead, members of these groups are added dynamically using firewall rules." + #: ../../configuration/interfaces/pppoe.rst:218 #: ../../configuration/interfaces/pppoe.rst:264 #: ../../configuration/interfaces/sstp-client.rst:90 @@ -8217,7 +9364,7 @@ msgstr "Instead of sending the real system hostname to the DHCP server, overwrit msgid "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." msgstr "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." -#: ../../configuration/interfaces/wireless.rst:602 +#: ../../configuration/interfaces/wireless.rst:914 msgid "Intel AX200" msgstr "Intel AX200" @@ -8234,12 +9381,13 @@ msgid "Interface **eth0** used to connect to upstream." msgstr "Interface **eth0** used to connect to upstream." #: ../../configuration/protocols/isis.rst:146 +#: ../../configuration/protocols/openfabric.rst:93 #: ../../configuration/protocols/ospf.rst:356 #: ../../configuration/protocols/ospf.rst:1139 msgid "Interface Configuration" msgstr "Interface Configuration" -#: ../../configuration/firewall/groups.rst:66 +#: ../../configuration/firewall/groups.rst:65 msgid "Interface Groups" msgstr "Interface Groups" @@ -8281,7 +9429,7 @@ msgid "Interface weight" msgstr "Interface weight" #: ../../configuration/interfaces/index.rst:3 -#: ../../configuration/vrf/index.rst:90 +#: ../../configuration/vrf/index.rst:86 msgid "Interfaces" msgstr "Interfaces" @@ -8306,11 +9454,11 @@ msgstr "Interfaces whose DHCP client nameservers to forward requests to." msgid "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." msgstr "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." -#: ../../configuration/system/flow-accounting.rst:70 +#: ../../configuration/system/flow-accounting.rst:74 msgid "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" msgstr "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" -#: ../../configuration/vpn/ipsec.rst:374 +#: ../../configuration/vpn/ipsec.rst:394 msgid "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." @@ -8318,7 +9466,7 @@ msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response msgid "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." msgstr "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." -#: ../../configuration/trafficpolicy/index.rst:791 +#: ../../configuration/trafficpolicy/index.rst:841 msgid "Internetwork Control" msgstr "Internetwork Control" @@ -8326,6 +9474,10 @@ msgstr "Internetwork Control" msgid "Interval" msgstr "Interval" +#: ../../configuration/system/syslog.rst:25 +msgid "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." +msgstr "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." + #: ../../configuration/protocols/bfd.rst:53 msgid "Interval in milliseconds" msgstr "Interval in milliseconds" @@ -8338,6 +9490,10 @@ msgstr "Interval in minutes between updates (default: 60)" msgid "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect” routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." msgstr "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect” routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." +#: ../../configuration/service/suricata.rst:14 +msgid "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" +msgstr "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" + #: ../../configuration/interfaces/openvpn.rst:22 msgid "It's easy to setup and offers very flexible split tunneling" msgstr "It's easy to setup and offers very flexible split tunneling" @@ -8350,15 +9506,19 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" -#: ../../configuration/firewall/flowtables.rst:167 +#: ../../configuration/firewall/flowtables.rst:168 msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" -#: ../../configuration/system/option.rst:141 +#: ../../configuration/firewall/flowtables.rst:168 +msgid "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" +msgstr "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" + +#: ../../configuration/system/option.rst:161 msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." -#: ../../configuration/system/option.rst:132 +#: ../../configuration/system/option.rst:152 msgid "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." msgstr "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." @@ -8366,12 +9526,16 @@ msgstr "It enables transparent huge pages, and uses cpupower to set the performa msgid "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." msgstr "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +#: ../../configuration/service/dhcp-server.rst:657 +msgid "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." +msgstr "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." + #: ../../configuration/protocols/ospf.rst:532 #: ../../configuration/protocols/ospf.rst:1244 msgid "It helps to support as HELPER only for planned restarts." msgstr "It helps to support as HELPER only for planned restarts." -#: ../../configuration/firewall/zone.rst:106 +#: ../../configuration/firewall/zone.rst:103 msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" @@ -8379,10 +9543,14 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b msgid "It is compatible with Cisco (R) AnyConnect (R) clients." msgstr "It is compatible with Cisco (R) AnyConnect (R) clients." -#: ../../configuration/service/dhcp-server.rst:649 +#: ../../configuration/service/dhcp-server.rst:678 msgid "It is connected to ``eth1``" msgstr "It is connected to ``eth1``" +#: ../../configuration/service/dhcp-server.rst:655 +msgid "It is connected to ``eth1``." +msgstr "It is connected to ``eth1``." + #: ../../configuration/system/login.rst:46 msgid "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." msgstr "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." @@ -8399,11 +9567,11 @@ msgstr "It is important to note that when creating firewall rules, the DNAT tran msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." -#: ../../configuration/vrf/index.rst:524 +#: ../../configuration/vrf/index.rst:520 msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." -#: ../../configuration/vrf/index.rst:132 +#: ../../configuration/vrf/index.rst:128 msgid "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." @@ -8415,7 +9583,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." -#: ../../configuration/vrf/index.rst:515 +#: ../../configuration/vrf/index.rst:511 msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." @@ -8428,6 +9596,10 @@ msgstr "It is possible to specify a static route for ipv6 prefixes using an SRv6 msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" +#: ../../configuration/service/conntrack-sync.rst:30 +msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" +msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" + #: ../../configuration/vpn/dmvpn.rst:112 msgid "It is very easy to misconfigure multicast repeating if you have multiple NHSes." msgstr "It is very easy to misconfigure multicast repeating if you have multiple NHSes." @@ -8436,7 +9608,7 @@ msgstr "It is very easy to misconfigure multicast repeating if you have multiple msgid "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" msgstr "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" -#: ../../configuration/trafficpolicy/index.rst:454 +#: ../../configuration/trafficpolicy/index.rst:504 msgid "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." @@ -8444,7 +9616,7 @@ msgstr "It uses a stochastic model to classify incoming packets into different f msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." -#: ../../configuration/vrf/index.rst:239 +#: ../../configuration/vrf/index.rst:235 msgid "Join a given VRF. This will open a new subshell within the specified VRF." msgstr "Join a given VRF. This will open a new subshell within the specified VRF." @@ -8452,7 +9624,7 @@ msgstr "Join a given VRF. This will open a new subshell within the specified VRF msgid "Jump to a different rule in this route-map on a match." msgstr "Jump to a different rule in this route-map on a match." -#: ../../configuration/interfaces/bonding.rst:352 +#: ../../configuration/interfaces/bonding.rst:405 msgid "Juniper EX Switch" msgstr "Juniper EX Switch" @@ -8460,7 +9632,11 @@ msgstr "Juniper EX Switch" msgid "Kernel" msgstr "Kernel" -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/container/index.rst:177 +msgid "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" +msgstr "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" + +#: ../../configuration/system/syslog.rst:130 msgid "Kernel messages" msgstr "Kernel messages" @@ -8480,7 +9656,7 @@ msgstr "Key Management" msgid "Key Parameters:" msgstr "Key Parameters:" -#: ../../configuration/firewall/zone.rst:50 +#: ../../configuration/firewall/zone.rst:47 msgid "Key Points:" msgstr "Key Points:" @@ -8488,7 +9664,7 @@ msgstr "Key Points:" msgid "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." msgstr "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." -#: ../../configuration/vpn/ipsec.rst:381 +#: ../../configuration/vpn/ipsec.rst:401 msgid "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." msgstr "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." @@ -8496,7 +9672,7 @@ msgstr "Key exchange and payload encryption is still done using IKE and ESP prop msgid "Key usage (CLI)" msgstr "Key usage (CLI)" -#: ../../configuration/system/option.rst:88 +#: ../../configuration/system/option.rst:108 msgid "Keyboard Layout" msgstr "Keyboard Layout" @@ -8504,11 +9680,15 @@ msgstr "Keyboard Layout" msgid "Keypairs" msgstr "Keypairs" -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 msgid "Keyword" msgstr "Keyword" +#: ../../configuration/service/config-sync.rst:112 +msgid "Known issues" +msgstr "Known issues" + #: ../../configuration/vpn/l2tp.rst:5 msgid "L2TP" msgstr "L2TP" @@ -8541,11 +9721,11 @@ msgstr "L2TPv3 is described in :rfc:`3931`." msgid "L2TPv3 options" msgstr "L2TPv3 options" -#: ../../configuration/vrf/index.rst:418 +#: ../../configuration/vrf/index.rst:414 msgid "L3VPN VRFs" msgstr "L3VPN VRFs" -#: ../../configuration/interfaces/openvpn.rst:443 +#: ../../configuration/interfaces/openvpn.rst:447 #: ../../configuration/service/webproxy.rst:203 msgid "LDAP" msgstr "LDAP" @@ -8570,7 +9750,7 @@ msgstr "LLDP performs functions similar to several proprietary protocols, such a msgid "LNS (L2TP Network Server)" msgstr "LNS (L2TP Network Server)" -#: ../../configuration/vpn/l2tp.rst:272 +#: ../../configuration/vpn/l2tp.rst:275 msgid "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." @@ -8578,6 +9758,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/service/monitoring.rst:157 +msgid "Label to use for the metric name when sending metrics." +msgstr "Label to use for the metric name when sending metrics." + #: ../../configuration/pki/index.rst:447 msgid "Lastly, we can create the leaf certificates that devices and users will utilise." msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." @@ -8586,7 +9770,7 @@ msgstr "Lastly, we can create the leaf certificates that devices and users will msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." -#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:681 msgid "Lease time will be left at the default value which is 24 hours" msgstr "Lease time will be left at the default value which is 24 hours" @@ -8599,6 +9783,10 @@ msgid "Legacy Firewall" msgstr "Legacy Firewall" #: ../../configuration/interfaces/vxlan.rst:133 +msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." +msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." + +#: ../../configuration/interfaces/vxlan.rst:133 msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." @@ -8618,11 +9806,11 @@ msgstr "Let's expand the example from above and add weight to the interfaces. Th msgid "Let SNMP daemon listen only on IP address 192.0.2.1" msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" -#: ../../configuration/interfaces/bonding.rst:402 +#: ../../configuration/interfaces/bonding.rst:455 msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:230 +#: ../../configuration/loadbalancing/haproxy.rst:282 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8638,11 +9826,11 @@ msgstr "Lifetime in days; default is 365" msgid "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" msgstr "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" -#: ../../configuration/vpn/ipsec.rst:535 +#: ../../configuration/vpn/ipsec.rst:555 msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:202 +#: ../../configuration/loadbalancing/haproxy.rst:191 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8654,27 +9842,31 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:197 +#: ../../configuration/loadbalancing/haproxy.rst:186 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" -#: ../../configuration/trafficpolicy/index.rst:544 +#: ../../configuration/trafficpolicy/index.rst:594 msgid "Limiter" msgstr "Limiter" -#: ../../configuration/trafficpolicy/index.rst:549 +#: ../../configuration/trafficpolicy/index.rst:599 msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." -#: ../../configuration/system/login.rst:385 +#: ../../configuration/system/login.rst:391 msgid "Limits" msgstr "Limits" -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "Line printer subsystem" msgstr "Line printer subsystem" #: ../../configuration/service/router-advert.rst:1 +msgid "Link MTU value placed in RAs, excluded in RAs if unset" +msgstr "Link MTU value placed in RAs, excluded in RAs if unset" + +#: ../../configuration/service/router-advert.rst:1 msgid "Link MTU value placed in RAs, exluded in RAs if unset" msgstr "Link MTU value placed in RAs, exluded in RAs if unset" @@ -8690,22 +9882,26 @@ msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confu msgid "List all MACsec interfaces." msgstr "List all MACsec interfaces." -#: ../../configuration/system/syslog.rst:98 +#: ../../configuration/system/syslog.rst:116 msgid "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." msgstr "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." -#: ../../configuration/service/ntp.rst:78 +#: ../../configuration/service/ntp.rst:85 msgid "List of networks or client addresses permitted to contact this NTP server." msgstr "List of networks or client addresses permitted to contact this NTP server." -#: ../../configuration/service/ssh.rst:73 +#: ../../configuration/service/ssh.rst:74 msgid "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" msgstr "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" -#: ../../configuration/service/ssh.rst:96 +#: ../../configuration/service/ssh.rst:97 msgid "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." +#: ../../configuration/service/ssh.rst:118 +msgid "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" +msgstr "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" + #: ../../configuration/service/ssh.rst:53 msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" @@ -8718,7 +9914,7 @@ msgstr "List of well-known communities" msgid "Listen for DHCP requests on interface ``eth1``." msgstr "Listen for DHCP requests on interface ``eth1``." -#: ../../configuration/vrf/index.rst:137 +#: ../../configuration/vrf/index.rst:133 msgid "Lists VRFs that have been created" msgstr "Lists VRFs that have been created" @@ -8726,7 +9922,7 @@ msgstr "Lists VRFs that have been created" msgid "Load-balancing" msgstr "Load-balancing" -#: ../../configuration/loadbalancing/reverse-proxy.rst:100 +#: ../../configuration/loadbalancing/haproxy.rst:112 msgid "Load-balancing algorithms to be used for distributed requests among the available servers" msgstr "Load-balancing algorithms to be used for distributed requests among the available servers" @@ -8734,7 +9930,7 @@ msgstr "Load-balancing algorithms to be used for distributed requests among the msgid "Load-balancing algorithms to be used for distributind requests among the vailable servers" msgstr "Load-balancing algorithms to be used for distributind requests among the vailable servers" -#: ../../configuration/highavailability/index.rst:357 +#: ../../configuration/highavailability/index.rst:361 msgid "Load-balancing schedule algorithm:" msgstr "Load-balancing schedule algorithm:" @@ -8742,11 +9938,11 @@ msgstr "Load-balancing schedule algorithm:" msgid "Load Balance" msgstr "Load Balance" -#: ../../configuration/service/pppoe-server.rst:317 +#: ../../configuration/service/pppoe-server.rst:336 msgid "Load Balancing" msgstr "Load Balancing" -#: ../../configuration/system/login.rst:426 +#: ../../configuration/system/login.rst:432 msgid "Load the container image in op-mode." msgstr "Load the container image in op-mode." @@ -8754,8 +9950,8 @@ msgstr "Load the container image in op-mode." msgid "Local" msgstr "Local" -#: ../../configuration/interfaces/openvpn.rst:134 -#: ../../configuration/interfaces/openvpn.rst:241 +#: ../../configuration/interfaces/openvpn.rst:135 +#: ../../configuration/interfaces/openvpn.rst:243 msgid "Local Configuration:" msgstr "Local Configuration:" @@ -8791,7 +9987,7 @@ msgstr "Local Route IPv6" msgid "Local Route Policy" msgstr "Local Route Policy" -#: ../../configuration/system/syslog.rst:83 +#: ../../configuration/system/syslog.rst:101 msgid "Local User Account" msgstr "Local User Account" @@ -8819,49 +10015,57 @@ msgstr "Locally connect to serial port identified by `<device>`." msgid "Locally significant administrative distance." msgstr "Locally significant administrative distance." -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "Log alert" msgstr "Log alert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "Log audit" msgstr "Log audit" -#: ../../configuration/system/syslog.rst:169 +#: ../../configuration/protocols/openfabric.rst:84 +msgid "Log changes in adjacency state." +msgstr "Log changes in adjacency state." + +#: ../../configuration/system/syslog.rst:187 msgid "Log everything" msgstr "Log everything" -#: ../../configuration/system/syslog.rst:212 +#: ../../configuration/system/syslog.rst:230 msgid "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" msgstr "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" -#: ../../configuration/system/syslog.rst:25 +#: ../../configuration/system/syslog.rst:43 msgid "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/syslog.rst:36 +#: ../../configuration/system/syslog.rst:54 msgid "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/syslog.rst:64 +#: ../../configuration/system/syslog.rst:82 msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/conntrack.rst:224 +#: ../../configuration/system/conntrack.rst:198 msgid "Log the connection tracking events per protocol." msgstr "Log the connection tracking events per protocol." +#: ../../configuration/system/conntrack.rst:183 +msgid "Log the connection tracking events per type." +msgstr "Log the connection tracking events per type." + #: ../../configuration/system/syslog.rst:14 msgid "Logging" msgstr "Logging" -#: ../../configuration/firewall/bridge.rst:151 -#: ../../configuration/firewall/ipv4.rst:198 -#: ../../configuration/firewall/ipv6.rst:198 +#: ../../configuration/firewall/bridge.rst:205 +#: ../../configuration/firewall/ipv4.rst:222 +#: ../../configuration/firewall/ipv6.rst:222 msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." -#: ../../configuration/system/syslog.rst:56 +#: ../../configuration/system/syslog.rst:74 msgid "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." msgstr "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." @@ -8869,14 +10073,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact, msgid "Login/User Management" msgstr "Login/User Management" -#: ../../configuration/system/login.rst:367 +#: ../../configuration/system/login.rst:373 msgid "Login Banner" msgstr "Login Banner" -#: ../../configuration/system/login.rst:387 +#: ../../configuration/system/login.rst:393 msgid "Login limits" msgstr "Login limits" +#: ../../configuration/service/monitoring.rst:134 +msgid "Loki" +msgstr "Loki" + #: ../../configuration/protocols/isis.rst:306 msgid "Loop Free Alternate (LFA)" msgstr "Loop Free Alternate (LFA)" @@ -8889,10 +10097,10 @@ msgstr "Loopback" msgid "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." msgstr "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:275 -#: ../../configuration/trafficpolicy/index.rst:281 -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:325 +#: ../../configuration/trafficpolicy/index.rst:331 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Low" msgstr "Low" @@ -8904,7 +10112,7 @@ msgstr "MAC/PHY information" msgid "MACVLAN - Pseudo Ethernet" msgstr "MACVLAN - Pseudo Ethernet" -#: ../../configuration/firewall/groups.rst:109 +#: ../../configuration/firewall/groups.rst:108 msgid "MAC Groups" msgstr "MAC Groups" @@ -8920,6 +10128,10 @@ msgstr "MACsec" msgid "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." msgstr "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." +#: ../../configuration/interfaces/macsec.rst:245 +msgid "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." +msgstr "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." + #: ../../configuration/interfaces/macsec.rst:39 msgid "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." msgstr "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." @@ -8928,6 +10140,10 @@ msgstr "MACsec only provides authentication by default, encryption is optional. msgid "MACsec options" msgstr "MACsec options" +#: ../../configuration/interfaces/macsec.rst:243 +msgid "MACsec over wan" +msgstr "MACsec over wan" + #: ../../configuration/service/lldp.rst:32 msgid "MDI power" msgstr "MDI power" @@ -8936,6 +10152,10 @@ msgstr "MDI power" msgid "MFA/2FA authentication using OTP (one time passwords)" msgstr "MFA/2FA authentication using OTP (one time passwords)" +#: ../../configuration/interfaces/openvpn.rst:723 +msgid "MFA TOTP options" +msgstr "MFA TOTP options" + #: ../../configuration/protocols/mpls.rst:5 msgid "MPLS" msgstr "MPLS" @@ -8959,7 +10179,7 @@ msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 msgid "MTU" msgstr "MTU" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "Mail system" msgstr "Mail system" @@ -8979,19 +10199,32 @@ msgstr "Main structure is shown next:" msgid "Maintenance mode" msgstr "Maintenance mode" +#: ../../configuration/service/config-sync.rst:85 +msgid "Make config-sync relevant changes to Router A's configuration" +msgstr "Make config-sync relevant changes to Router A's configuration" + #: ../../configuration/service/conntrack-sync.rst:116 msgid "Make sure conntrack is enabled by running and show connection tracking table." msgstr "Make sure conntrack is enabled by running and show connection tracking table." +#: ../../configuration/system/conntrack.rst:206 +msgid "Manage internal queue size, default size is 4096 events." +msgstr "Manage internal queue size, default size is 4096 events." + +#: ../../configuration/system/conntrack.rst:210 +msgid "Manage log level" +msgstr "Manage log level" + #: ../../configuration/service/snmp.rst:38 msgid "Managed devices" msgstr "Managed devices" -#: ../../configuration/interfaces/wireless.rst:85 +#: ../../configuration/interfaces/wireless.rst:97 msgid "Management Frame Protection (MFP) according to IEEE 802.11w" msgstr "Management Frame Protection (MFP) according to IEEE 802.11w" #: ../../configuration/protocols/isis.rst:31 +#: ../../configuration/protocols/openfabric.rst:23 msgid "Mandatory Settings" msgstr "Mandatory Settings" @@ -9007,8 +10240,8 @@ msgstr "Manually trigger certificate renewal. This will be done twice a day." msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." -#: ../../configuration/service/ipoe-server.rst:166 -#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/service/ipoe-server.rst:165 +#: ../../configuration/service/pppoe-server.rst:132 #: ../../configuration/vpn/l2tp.rst:171 #: ../../configuration/vpn/pptp.rst:111 #: ../../configuration/vpn/sstp.rst:144 @@ -9031,8 +10264,8 @@ msgstr "Match BGP large communities." msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." -#: ../../configuration/firewall/ipv4.rst:463 -#: ../../configuration/firewall/ipv6.rst:447 +#: ../../configuration/firewall/ipv4.rst:488 +#: ../../configuration/firewall/ipv6.rst:475 msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -9044,22 +10277,35 @@ msgstr "Match RPKI validation result." msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." -#: ../../configuration/firewall/ipv4.rst:796 -#: ../../configuration/firewall/ipv6.rst:783 +#: ../../configuration/firewall/ipv4.rst:849 +#: ../../configuration/firewall/ipv6.rst:840 msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:854 -#: ../../configuration/firewall/ipv6.rst:840 +#: ../../configuration/firewall/ipv4.rst:905 +#: ../../configuration/firewall/ipv6.rst:895 msgid "Match against the state of a packet." msgstr "Match against the state of a packet." -#: ../../configuration/firewall/ipv4.rst:336 +#: ../../configuration/firewall/bridge.rst:373 +msgid "Match based on VLAN identifier. Range is also supported." +msgstr "Match based on VLAN identifier. Range is also supported." + +#: ../../configuration/firewall/bridge.rst:386 +msgid "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." +msgstr "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." + +#: ../../configuration/firewall/ipv4.rst:350 +#: ../../configuration/firewall/ipv6.rst:350 +msgid "Match based on connection mark." +msgstr "Match based on connection mark." + +#: ../../configuration/firewall/ipv4.rst:361 msgid "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." msgstr "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." -#: ../../configuration/firewall/ipv4.rst:643 -#: ../../configuration/firewall/ipv6.rst:630 +#: ../../configuration/firewall/ipv4.rst:687 +#: ../../configuration/firewall/ipv6.rst:678 msgid "Match based on dscp value." msgstr "Match based on dscp value." @@ -9067,24 +10313,37 @@ msgstr "Match based on dscp value." msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:654 -#: ../../configuration/firewall/ipv6.rst:641 +#: ../../configuration/firewall/ipv4.rst:699 +#: ../../configuration/firewall/ipv6.rst:690 msgid "Match based on fragment criteria." msgstr "Match based on fragment criteria." -#: ../../configuration/firewall/ipv4.rst:665 +#: ../../configuration/firewall/ipv4.rst:698 +#: ../../configuration/firewall/ipv6.rst:689 +msgid "Match based on fragmentation." +msgstr "Match based on fragmentation." + +#: ../../configuration/firewall/ipv4.rst:709 msgid "Match based on icmp code and type." msgstr "Match based on icmp code and type." -#: ../../configuration/firewall/ipv4.rst:676 +#: ../../configuration/firewall/ipv4.rst:720 +msgid "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv4.rst:721 msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:663 +#: ../../configuration/firewall/ipv6.rst:711 +msgid "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv6.rst:712 msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:652 +#: ../../configuration/firewall/ipv6.rst:700 #: ../../configuration/policy/route.rst:131 msgid "Match based on icmp|icmpv6 code and type." msgstr "Match based on icmp|icmpv6 code and type." @@ -9111,17 +10370,40 @@ msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:241 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:730 +#: ../../configuration/firewall/ipv6.rst:721 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:248 #: ../../configuration/firewall/ipv4.rst:697 #: ../../configuration/firewall/ipv6.rst:684 msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:730 -#: ../../configuration/firewall/ipv6.rst:717 +#: ../../configuration/firewall/bridge.rst:250 +msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:782 +#: ../../configuration/firewall/ipv6.rst:773 +msgid "Match based on ipsec." +msgstr "Match based on ipsec." + +#: ../../configuration/firewall/ipv4.rst:783 +#: ../../configuration/firewall/ipv6.rst:774 msgid "Match based on ipsec criteria." msgstr "Match based on ipsec criteria." +#: ../../configuration/firewall/ipv4.rst:339 +#: ../../configuration/firewall/ipv6.rst:339 +msgid "Match based on nat connection status." +msgstr "Match based on nat connection status." + #: ../../configuration/firewall/general.rst:999 msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" @@ -9132,79 +10414,126 @@ msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For exampl msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:258 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:755 +#: ../../configuration/firewall/ipv6.rst:746 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:265 #: ../../configuration/firewall/ipv4.rst:718 #: ../../configuration/firewall/ipv6.rst:705 msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:773 -#: ../../configuration/firewall/ipv6.rst:760 +#: ../../configuration/firewall/bridge.rst:267 +msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:770 +#: ../../configuration/firewall/ipv6.rst:761 +msgid "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + #: ../../configuration/policy/route.rst:176 msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:785 -#: ../../configuration/firewall/ipv6.rst:772 #: ../../configuration/policy/route.rst:184 msgid "Match based on packet type criteria." msgstr "Match based on packet type criteria." -#: ../../configuration/firewall/ipv4.rst:752 -#: ../../configuration/firewall/ipv6.rst:739 +#: ../../configuration/firewall/ipv4.rst:848 +#: ../../configuration/firewall/ipv6.rst:839 +msgid "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." +msgstr "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." + +#: ../../configuration/firewall/ipv4.rst:875 +msgid "Match based on recently seen sources." +msgstr "Match based on recently seen sources." + +#: ../../configuration/firewall/ipv6.rst:370 +msgid "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." +msgstr "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." + +#: ../../configuration/firewall/bridge.rst:347 +msgid "Match based on the Ethernet type of the packet." +msgstr "Match based on the Ethernet type of the packet." + +#: ../../configuration/firewall/bridge.rst:360 +msgid "Match based on the Ethernet type of the packet when it is VLAN tagged." +msgstr "Match based on the Ethernet type of the packet when it is VLAN tagged." + +#: ../../configuration/firewall/ipv4.rst:745 +#: ../../configuration/firewall/ipv6.rst:736 +msgid "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:804 +#: ../../configuration/firewall/ipv6.rst:795 msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" -#: ../../configuration/firewall/ipv4.rst:741 -#: ../../configuration/firewall/ipv6.rst:728 +#: ../../configuration/firewall/ipv4.rst:793 +#: ../../configuration/firewall/ipv6.rst:784 msgid "Match based on the maximum number of packets to allow in excess of rate." msgstr "Match based on the maximum number of packets to allow in excess of rate." -#: ../../configuration/firewall/bridge.rst:273 +#: ../../configuration/firewall/ipv4.rst:825 +#: ../../configuration/firewall/ipv6.rst:816 +msgid "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." +msgstr "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." + +#: ../../configuration/firewall/ipv4.rst:837 +#: ../../configuration/firewall/ipv6.rst:828 +msgid "Match based on the packet type." +msgstr "Match based on the packet type." + +#: ../../configuration/firewall/bridge.rst:275 msgid "Match based on vlan ID. Range is also supported." msgstr "Match based on vlan ID. Range is also supported." -#: ../../configuration/firewall/bridge.rst:280 +#: ../../configuration/firewall/bridge.rst:282 msgid "Match based on vlan priority(pcp). Range is also supported." msgstr "Match based on vlan priority(pcp). Range is also supported." -#: ../../configuration/firewall/ipv4.rst:824 -#: ../../configuration/firewall/ipv6.rst:810 +#: ../../configuration/firewall/ipv6.rst:865 msgid "Match bases on recently seen sources." msgstr "Match bases on recently seen sources." -#: ../../configuration/firewall/ipv4.rst:325 -#: ../../configuration/firewall/ipv6.rst:325 +#: ../../configuration/firewall/ipv4.rst:349 +#: ../../configuration/firewall/ipv6.rst:349 msgid "Match criteria based on connection mark." msgstr "Match criteria based on connection mark." -#: ../../configuration/firewall/ipv4.rst:314 -#: ../../configuration/firewall/ipv6.rst:314 +#: ../../configuration/firewall/ipv4.rst:338 +#: ../../configuration/firewall/ipv6.rst:338 msgid "Match criteria based on nat connection status." msgstr "Match criteria based on nat connection status." -#: ../../configuration/firewall/ipv4.rst:368 -#: ../../configuration/firewall/ipv6.rst:345 +#: ../../configuration/firewall/ipv4.rst:393 msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." -#: ../../configuration/firewall/bridge.rst:232 +#: ../../configuration/firewall/bridge.rst:234 msgid "Match criteria based on source and/or destination mac-address." msgstr "Match criteria based on source and/or destination mac-address." -#: ../../configuration/loadbalancing/reverse-proxy.rst:58 +#: ../../configuration/loadbalancing/haproxy.rst:70 msgid "Match domain name" msgstr "Match domain name" -#: ../../configuration/service/ipoe-server.rst:382 -#: ../../configuration/service/pppoe-server.rst:571 -#: ../../configuration/vpn/l2tp.rst:506 +#: ../../configuration/service/ipoe-server.rst:381 +#: ../../configuration/service/pppoe-server.rst:596 +#: ../../configuration/vpn/l2tp.rst:511 #: ../../configuration/vpn/pptp.rst:430 -#: ../../configuration/vpn/sstp.rst:464 +#: ../../configuration/vpn/sstp.rst:469 msgid "Match firewall mark value" msgstr "Match firewall mark value" -#: ../../configuration/firewall/ipv6.rst:894 #: ../../configuration/policy/route.rst:234 msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." @@ -9217,19 +10546,26 @@ msgstr "Match local preference." msgid "Match route metric." msgstr "Match route metric." -#: ../../configuration/firewall/ipv4.rst:908 +#: ../../configuration/firewall/ipv6.rst:949 +msgid "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + +#: ../../configuration/firewall/ipv4.rst:959 +msgid "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + #: ../../configuration/policy/route.rst:229 msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." -#: ../../configuration/firewall/ipv4.rst:929 -#: ../../configuration/firewall/ipv6.rst:915 +#: ../../configuration/firewall/ipv4.rst:980 +#: ../../configuration/firewall/ipv6.rst:970 msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." -#: ../../configuration/firewall/bridge.rst:219 -#: ../../configuration/firewall/ipv4.rst:301 -#: ../../configuration/firewall/ipv6.rst:301 +#: ../../configuration/firewall/bridge.rst:324 +#: ../../configuration/firewall/ipv4.rst:326 +#: ../../configuration/firewall/ipv6.rst:326 #: ../../configuration/policy/route.rst:38 msgid "Matching criteria" msgstr "Matching criteria" @@ -9238,23 +10574,28 @@ msgstr "Matching criteria" msgid "Matching traffic" msgstr "Matching traffic" -#: ../../configuration/interfaces/wireless.rst:199 +#: ../../configuration/interfaces/wireless.rst:230 msgid "Maximum A-MSDU length 3839 (default) or 7935 octets" msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets" -#: ../../configuration/vpn/l2tp.rst:492 +#: ../../configuration/vpn/l2tp.rst:497 #: ../../configuration/vpn/pptp.rst:416 msgid "Maximum Transmission Unit (MTU) (default: **1436**)" msgstr "Maximum Transmission Unit (MTU) (default: **1436**)" -#: ../../configuration/service/pppoe-server.rst:538 +#: ../../configuration/service/pppoe-server.rst:563 msgid "Maximum Transmission Unit (MTU) (default: **1492**)" msgstr "Maximum Transmission Unit (MTU) (default: **1492**)" -#: ../../configuration/vpn/sstp.rst:450 +#: ../../configuration/vpn/sstp.rst:455 msgid "Maximum Transmission Unit (MTU) (default: **1500**)" msgstr "Maximum Transmission Unit (MTU) (default: **1500**)" +#: ../../configuration/vpn/l2tp.rst:489 +#: ../../configuration/vpn/sstp.rst:447 +msgid "Maximum accepted connection rate (e.g. 1/min, 60/sec)" +msgstr "Maximum accepted connection rate (e.g. 1/min, 60/sec)" + #: ../../configuration/service/dns.rst:108 msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." @@ -9267,15 +10608,15 @@ msgstr "Maximum number of IPv4 nameservers" msgid "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." msgstr "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." -#: ../../configuration/service/ipoe-server.rst:372 -#: ../../configuration/service/pppoe-server.rst:542 -#: ../../configuration/vpn/l2tp.rst:496 +#: ../../configuration/service/ipoe-server.rst:371 +#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/vpn/l2tp.rst:501 #: ../../configuration/vpn/pptp.rst:420 -#: ../../configuration/vpn/sstp.rst:454 +#: ../../configuration/vpn/sstp.rst:459 msgid "Maximum number of concurrent session start attempts" msgstr "Maximum number of concurrent session start attempts" -#: ../../configuration/interfaces/wireless.rst:77 +#: ../../configuration/interfaces/wireless.rst:89 msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." @@ -9283,18 +10624,18 @@ msgstr "Maximum number of stations allowed in station table. New stations will b msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." -#: ../../configuration/service/ipoe-server.rst:190 -#: ../../configuration/service/pppoe-server.rst:152 +#: ../../configuration/service/ipoe-server.rst:189 +#: ../../configuration/service/pppoe-server.rst:162 #: ../../configuration/vpn/l2tp.rst:195 #: ../../configuration/vpn/pptp.rst:135 #: ../../configuration/vpn/sstp.rst:168 msgid "Maximum number of tries to send Access-Request/Accounting-Request queries" msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries" -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:277 -#: ../../configuration/trafficpolicy/index.rst:283 -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:333 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Medium" msgstr "Medium" @@ -9303,11 +10644,11 @@ msgstr "Medium" msgid "Member Interfaces" msgstr "Member Interfaces" -#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:204 msgid "Member interfaces `eth1` and VLAN 10 on interface `eth2`" msgstr "Member interfaces `eth1` and VLAN 10 on interface `eth2`" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/system/syslog.rst:140 msgid "Messages generated internally by syslogd" msgstr "Messages generated internally by syslogd" @@ -9315,7 +10656,11 @@ msgstr "Messages generated internally by syslogd" msgid "Metris version, the default is ``2``" msgstr "Metris version, the default is ``2``" -#: ../../configuration/vpn/ipsec.rst:510 +#: ../../configuration/vpn/ipsec.rst:519 +msgid "Microsoft Windows (10+)" +msgstr "Microsoft Windows (10+)" + +#: ../../configuration/vpn/ipsec.rst:530 msgid "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." @@ -9323,6 +10668,10 @@ msgstr "Microsoft Windows expects the server name to be also used in the server' msgid "Min and max intervals between unsolicited multicast RAs" msgstr "Min and max intervals between unsolicited multicast RAs" +#: ../../configuration/firewall/flowtables.rst:107 +msgid "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." +msgstr "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." + #: ../../configuration/firewall/flowtables.rst:106 msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." @@ -9347,12 +10696,16 @@ msgstr "Modify the time that pim will register suppress a FHR will send register msgid "Monitor, the system passively monitors any kind of wireless traffic" msgstr "Monitor, the system passively monitors any kind of wireless traffic" -#: ../../configuration/service/ipoe-server.rst:390 +#: ../../configuration/interfaces/wireless.rst:22 +msgid "Monitor mode lets the system passively monitor wireless traffic" +msgstr "Monitor mode lets the system passively monitor wireless traffic" + +#: ../../configuration/service/ipoe-server.rst:389 #: ../../configuration/service/monitoring.rst:2 -#: ../../configuration/service/pppoe-server.rst:583 -#: ../../configuration/vpn/l2tp.rst:518 +#: ../../configuration/service/pppoe-server.rst:608 +#: ../../configuration/vpn/l2tp.rst:523 #: ../../configuration/vpn/pptp.rst:442 -#: ../../configuration/vpn/sstp.rst:538 +#: ../../configuration/vpn/sstp.rst:548 msgid "Monitoring" msgstr "Monitoring" @@ -9368,7 +10721,7 @@ msgstr "More details about the IPsec and VTI issue and option disable-route-auto msgid "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." msgstr "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." -#: ../../configuration/container/index.rst:85 +#: ../../configuration/container/index.rst:110 msgid "Mount a volume into the container" msgstr "Mount a volume into the container" @@ -9380,6 +10733,14 @@ msgstr "Multi" msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +#: ../../configuration/interfaces/openvpn.rst:331 +msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." + +#: ../../configuration/interfaces/openvpn.rst:716 +msgid "Multi-factor Authentication" +msgstr "Multi-factor Authentication" + #: ../../configuration/nat/nat66.rst:42 msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." @@ -9412,6 +10773,10 @@ msgstr "Multicast VXLAN" msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +#: ../../configuration/interfaces/vxlan.rst:120 +msgid "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +msgstr "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." + #: ../../configuration/service/conntrack-sync.rst:83 msgid "Multicast group to use for syncing conntrack entries." msgstr "Multicast group to use for syncing conntrack entries." @@ -9452,20 +10817,24 @@ msgstr "Multiple aliases can pe specified per host-name." msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" -#: ../../configuration/system/conntrack.rst:150 +#: ../../configuration/system/conntrack.rst:118 msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" +#: ../../configuration/nat/cgnat.rst:129 +msgid "Multiple external addresses" +msgstr "Multiple external addresses" + #: ../../configuration/service/dhcp-relay.rst:143 msgid "Multiple interfaces may be specified." msgstr "Multiple interfaces may be specified." -#: ../../configuration/service/ntp.rst:80 +#: ../../configuration/service/ntp.rst:87 msgid "Multiple networks/client IP addresses can be configured." msgstr "Multiple networks/client IP addresses can be configured." -#: ../../configuration/system/login.rst:252 -#: ../../configuration/system/login.rst:321 +#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:327 msgid "Multiple servers can be specified." msgstr "Multiple servers can be specified." @@ -9473,12 +10842,12 @@ msgstr "Multiple servers can be specified." msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!" -#: ../../configuration/firewall/ipv4.rst:517 -#: ../../configuration/firewall/ipv6.rst:500 +#: ../../configuration/firewall/ipv4.rst:540 +#: ../../configuration/firewall/ipv6.rst:527 msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" -#: ../../configuration/interfaces/bonding.rst:268 +#: ../../configuration/interfaces/bonding.rst:273 msgid "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." msgstr "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." @@ -9506,7 +10875,7 @@ msgstr "Multiprotocol extensions enable BGP to carry routing information for mul msgid "N" msgstr "N" -#: ../../configuration/highavailability/index.rst:373 +#: ../../configuration/highavailability/index.rst:377 #: ../../configuration/nat/index.rst:5 msgid "NAT" msgstr "NAT" @@ -9583,7 +10952,11 @@ msgstr "NTP is intended to synchronize all participating computers to within a f msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/service/ntp.rst:78 +msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." +msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." + +#: ../../configuration/system/syslog.rst:154 msgid "NTP subsystem" msgstr "NTP subsystem" @@ -9619,7 +10992,7 @@ msgstr "Name or IPv4 address of TFTP server" msgid "NetBIOS over TCP/IP name server" msgstr "NetBIOS over TCP/IP name server" -#: ../../configuration/system/flow-accounting.rst:92 +#: ../../configuration/system/flow-accounting.rst:96 msgid "NetFlow" msgstr "NetFlow" @@ -9627,7 +11000,7 @@ msgstr "NetFlow" msgid "NetFlow / IPFIX" msgstr "NetFlow / IPFIX" -#: ../../configuration/system/flow-accounting.rst:115 +#: ../../configuration/system/flow-accounting.rst:119 msgid "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." msgstr "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." @@ -9639,7 +11012,7 @@ msgstr "NetFlow is a feature that was introduced on Cisco routers around 1996 th msgid "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." -#: ../../configuration/system/flow-accounting.rst:166 +#: ../../configuration/system/flow-accounting.rst:170 msgid "NetFlow v5 example:" msgstr "NetFlow v5 example:" @@ -9648,12 +11021,12 @@ msgid "Netfilter based" msgstr "Netfilter based" #: ../../configuration/policy/prefix-list.rst:43 -#: ../../configuration/policy/prefix-list.rst:76 +#: ../../configuration/policy/prefix-list.rst:92 msgid "Netmask greater than length." msgstr "Netmask greater than length." #: ../../configuration/policy/prefix-list.rst:47 -#: ../../configuration/policy/prefix-list.rst:80 +#: ../../configuration/policy/prefix-list.rst:96 msgid "Netmask less than length" msgstr "Netmask less than length" @@ -9661,26 +11034,30 @@ msgstr "Netmask less than length" msgid "Network Advertisement Configuration" msgstr "Network Advertisement Configuration" -#: ../../configuration/trafficpolicy/index.rst:789 +#: ../../configuration/trafficpolicy/index.rst:839 msgid "Network Control" msgstr "Network Control" -#: ../../configuration/trafficpolicy/index.rst:619 +#: ../../configuration/trafficpolicy/index.rst:669 msgid "Network Emulator" msgstr "Network Emulator" -#: ../../configuration/firewall/groups.rst:42 +#: ../../configuration/firewall/groups.rst:41 msgid "Network Groups" msgstr "Network Groups" -#: ../../configuration/interfaces/wireless.rst:350 +#: ../../configuration/interfaces/wireless.rst:461 msgid "Network ID (SSID) ``Enterprise-TEST``" msgstr "Network ID (SSID) ``Enterprise-TEST``" -#: ../../configuration/interfaces/wireless.rst:550 +#: ../../configuration/interfaces/wireless.rst:674 msgid "Network ID (SSID) ``TEST``" msgstr "Network ID (SSID) ``TEST``" +#: ../../configuration/interfaces/wireless.rst:729 +msgid "Network ID (SSID) ``test.ax``" +msgstr "Network ID (SSID) ``test.ax``" + #: ../../configuration/protocols/pim.rst:-1 msgid "Network Topology Diagram" msgstr "Network Topology Diagram" @@ -9689,7 +11066,7 @@ msgstr "Network Topology Diagram" msgid "Network management station (NMS) - software which runs on the manager" msgstr "Network management station (NMS) - software which runs on the manager" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/system/syslog.rst:144 msgid "Network news subsystem" msgstr "Network news subsystem" @@ -9727,7 +11104,7 @@ msgstr "Nexthop IPv6 address to match." #: ../../configuration/system/ip.rst:47 #: ../../configuration/system/ipv6.rst:43 -#: ../../configuration/vrf/index.rst:71 +#: ../../configuration/vrf/index.rst:67 msgid "Nexthop Tracking" msgstr "Nexthop Tracking" @@ -9737,6 +11114,12 @@ msgstr "Nexthop Tracking" msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." +#: ../../configuration/system/ip.rst:49 +#: ../../configuration/system/ipv6.rst:45 +#: ../../configuration/vrf/index.rst:69 +msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." +msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." + #: ../../configuration/protocols/rpki.rst:57 msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." @@ -9773,28 +11156,32 @@ msgstr "Non-transparent proxying requires that the client browsers be configured msgid "None of the operating systems have client software installed by default" msgstr "None of the operating systems have client software installed by default" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." msgstr "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." +#: ../../configuration/nat/cgnat.rst:22 +msgid "Not all :rfc:`6888` requirements are implemented in CGNAT." +msgstr "Not all :rfc:`6888` requirements are implemented in CGNAT." + #: ../../configuration/interfaces/bonding.rst:51 msgid "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." msgstr "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." -#: ../../configuration/interfaces/openvpn.rst:127 +#: ../../configuration/interfaces/openvpn.rst:128 msgid "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." msgstr "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." -#: ../../configuration/system/syslog.rst:246 +#: ../../configuration/system/syslog.rst:264 msgid "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." msgstr "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." -#: ../../configuration/vpn/ipsec.rst:298 +#: ../../configuration/vpn/ipsec.rst:318 #: ../../configuration/vpn/rsa-keys.rst:35 msgid "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." msgstr "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Notice" msgstr "Notice" @@ -9802,15 +11189,23 @@ msgstr "Notice" msgid "Now configure conntrack-sync service on ``router1`` **and** ``router2``" msgstr "Now configure conntrack-sync service on ``router1`` **and** ``router2``" -#: ../../configuration/vpn/ipsec.rst:301 +#: ../../configuration/vpn/ipsec.rst:321 msgid "Now the noted public keys should be entered on the opposite routers." msgstr "Now the noted public keys should be entered on the opposite routers." +#: ../../configuration/firewall/groups.rst:393 +msgid "Now the user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now the user can connect through ssh to the router (assuming ssh is configured)." + +#: ../../configuration/firewall/groups.rst:393 +msgid "Now user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now user can connect through ssh to the router (assuming ssh is configured)." + #: ../../configuration/service/dhcp-server.rst:503 msgid "Now we add the option to the scope, adapt to your setup" msgstr "Now we add the option to the scope, adapt to your setup" -#: ../../configuration/interfaces/openvpn.rst:385 +#: ../../configuration/interfaces/openvpn.rst:389 msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." @@ -9822,11 +11217,11 @@ msgstr "Now when connecting the user will first be asked for the password and th msgid "Now you are ready to setup IPsec. The key points:" msgstr "Now you are ready to setup IPsec. The key points:" -#: ../../configuration/vpn/ipsec.rst:315 +#: ../../configuration/vpn/ipsec.rst:335 msgid "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." msgstr "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." -#: ../../configuration/interfaces/wireless.rst:224 +#: ../../configuration/interfaces/wireless.rst:255 msgid "Number of antennas on this card" msgstr "Number of antennas on this card" @@ -9834,7 +11229,7 @@ msgstr "Number of antennas on this card" msgid "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." msgstr "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." -#: ../../configuration/system/syslog.rst:231 +#: ../../configuration/system/syslog.rst:249 msgid "Number of lines to be displayed, default 10" msgstr "Number of lines to be displayed, default 10" @@ -9866,7 +11261,7 @@ msgstr "OSPFv3 (IPv6)" msgid "OTP-key generation" msgstr "OTP-key generation" -#: ../../configuration/interfaces/ethernet.rst:57 +#: ../../configuration/interfaces/ethernet.rst:65 msgid "Offloading" msgstr "Offloading" @@ -9874,11 +11269,11 @@ msgstr "Offloading" msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" -#: ../../configuration/trafficpolicy/index.rst:302 +#: ../../configuration/trafficpolicy/index.rst:352 msgid "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." msgstr "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." -#: ../../configuration/trafficpolicy/index.rst:219 +#: ../../configuration/trafficpolicy/index.rst:269 msgid "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." msgstr "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." @@ -9886,15 +11281,15 @@ msgstr "Often you will also have to configure your *default* traffic in the same msgid "On active router run:" msgstr "On active router run:" -#: ../../configuration/interfaces/openvpn.rst:83 +#: ../../configuration/interfaces/openvpn.rst:84 msgid "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." msgstr "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." -#: ../../configuration/trafficpolicy/index.rst:487 +#: ../../configuration/trafficpolicy/index.rst:537 msgid "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." msgstr "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." -#: ../../configuration/highavailability/index.rst:226 +#: ../../configuration/highavailability/index.rst:230 msgid "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." msgstr "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." @@ -9906,29 +11301,29 @@ msgstr "On standby router run:" msgid "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." msgstr "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." -#: ../../configuration/vpn/ipsec.rst:185 -#: ../../configuration/vpn/ipsec.rst:243 -#: ../../configuration/vpn/ipsec.rst:303 +#: ../../configuration/vpn/ipsec.rst:205 +#: ../../configuration/vpn/ipsec.rst:263 +#: ../../configuration/vpn/ipsec.rst:323 #: ../../configuration/vpn/rsa-keys.rst:40 msgid "On the LEFT:" msgstr "On the LEFT:" -#: ../../configuration/vpn/ipsec.rst:318 +#: ../../configuration/vpn/ipsec.rst:338 #: ../../configuration/vpn/rsa-keys.rst:59 msgid "On the LEFT (static address):" msgstr "On the LEFT (static address):" -#: ../../configuration/vpn/ipsec.rst:225 +#: ../../configuration/vpn/ipsec.rst:245 msgid "On the RIGHT, setup by analogy and swap local and remote addresses." msgstr "On the RIGHT, setup by analogy and swap local and remote addresses." -#: ../../configuration/vpn/ipsec.rst:254 -#: ../../configuration/vpn/ipsec.rst:309 +#: ../../configuration/vpn/ipsec.rst:274 +#: ../../configuration/vpn/ipsec.rst:329 #: ../../configuration/vpn/rsa-keys.rst:46 msgid "On the RIGHT:" msgstr "On the RIGHT:" -#: ../../configuration/vpn/ipsec.rst:343 +#: ../../configuration/vpn/ipsec.rst:363 #: ../../configuration/vpn/rsa-keys.rst:84 msgid "On the RIGHT (dynamic address):" msgstr "On the RIGHT (dynamic address):" @@ -9953,7 +11348,7 @@ msgstr "On the last hop router if it is desired to not switch over to the SPT tr msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." -#: ../../configuration/trafficpolicy/index.rst:229 +#: ../../configuration/trafficpolicy/index.rst:279 msgid "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." @@ -9965,15 +11360,23 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1220 +#: ../../configuration/trafficpolicy/index.rst:1270 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" +#: ../../configuration/system/login.rst:237 +msgid "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" +msgstr "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" + #: ../../configuration/interfaces/pseudo-ethernet.rst:27 msgid "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" msgstr "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" -#: ../../configuration/system/flow-accounting.rst:177 +#: ../../configuration/firewall/groups.rst:172 +msgid "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." +msgstr "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." + +#: ../../configuration/system/flow-accounting.rst:181 msgid "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." msgstr "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." @@ -9981,7 +11384,7 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." -#: ../../configuration/firewall/flowtables.rst:38 +#: ../../configuration/firewall/flowtables.rst:39 msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" @@ -9989,7 +11392,7 @@ msgstr "Once the first packet of the flow successfully goes through the IP forwa msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." -#: ../../configuration/trafficpolicy/index.rst:576 +#: ../../configuration/trafficpolicy/index.rst:626 msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." @@ -9997,7 +11400,7 @@ msgstr "Once the matching rules are set for a class, you can start configuring h msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." -#: ../../configuration/service/pppoe-server.rst:285 +#: ../../configuration/service/pppoe-server.rst:304 msgid "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." @@ -10009,7 +11412,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." -#: ../../configuration/vpn/sstp.rst:478 +#: ../../configuration/vpn/sstp.rst:488 msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." @@ -10033,7 +11436,7 @@ msgstr "One implicit environment exists." msgid "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." msgstr "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." -#: ../../configuration/trafficpolicy/index.rst:411 +#: ../../configuration/trafficpolicy/index.rst:461 msgid "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." @@ -10049,8 +11452,8 @@ msgstr "Only VRRP is supported. Required option." msgid "Only allow certain IP addresses or prefixes to access the https webserver." msgstr "Only allow certain IP addresses or prefixes to access the https webserver." -#: ../../configuration/firewall/ipv4.rst:482 -#: ../../configuration/firewall/ipv6.rst:466 +#: ../../configuration/firewall/ipv4.rst:506 +#: ../../configuration/firewall/ipv6.rst:494 msgid "Only in the source criteria, you can specify a mac-address." msgstr "Only in the source criteria, you can specify a mac-address." @@ -10078,7 +11481,7 @@ msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note t msgid "Only works with a VXLAN device with external flag set." msgstr "Only works with a VXLAN device with external flag set." -#: ../../configuration/highavailability/index.rst:467 +#: ../../configuration/highavailability/index.rst:471 msgid "Op-mode check virtual-server status" msgstr "Op-mode check virtual-server status" @@ -10087,6 +11490,10 @@ msgid "OpenConnect" msgstr "OpenConnect" #: ../../configuration/vpn/openconnect.rst:7 +msgid "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." +msgstr "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." + +#: ../../configuration/vpn/openconnect.rst:7 msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." @@ -10102,27 +11509,51 @@ msgstr "OpenConnect server matches the filename in a case sensitive manner, make msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." +#: ../../configuration/protocols/openfabric.rst:5 +msgid "OpenFabric" +msgstr "OpenFabric" + +#: ../../configuration/protocols/openfabric.rst:7 +msgid "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." +msgstr "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." + +#: ../../configuration/protocols/openfabric.rst:65 +msgid "OpenFabric Global Configuration" +msgstr "OpenFabric Global Configuration" + +#: ../../configuration/protocols/openfabric.rst:12 +msgid "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." +msgstr "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." + #: ../../configuration/interfaces/openvpn.rst:7 #: ../../configuration/pki/index.rst:119 msgid "OpenVPN" msgstr "OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:407 +#: ../../configuration/interfaces/openvpn.rst:411 msgid "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" msgstr "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" -#: ../../configuration/interfaces/openvpn.rst:669 +#: ../../configuration/interfaces/openvpn.rst:810 +msgid "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." +msgstr "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." + +#: ../../configuration/interfaces/openvpn.rst:757 msgid "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." msgstr "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." -#: ../../configuration/interfaces/openvpn.rst:658 +#: ../../configuration/interfaces/openvpn.rst:799 msgid "OpenVPN Data Channel Offload (DCO)" msgstr "OpenVPN Data Channel Offload (DCO)" -#: ../../configuration/interfaces/openvpn.rst:660 +#: ../../configuration/interfaces/openvpn.rst:801 msgid "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." msgstr "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." +#: ../../configuration/interfaces/openvpn.rst:865 +msgid "OpenVPN Logs" +msgstr "OpenVPN Logs" + #: ../../configuration/interfaces/openvpn.rst:64 msgid "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." msgstr "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." @@ -10131,7 +11562,7 @@ msgstr "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latenc msgid "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." msgstr "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." -#: ../../configuration/interfaces/openvpn.rst:320 +#: ../../configuration/interfaces/openvpn.rst:324 msgid "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." msgstr "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." @@ -10143,15 +11574,15 @@ msgstr "Openconnect Configuration" msgid "Operating Modes" msgstr "Operating Modes" -#: ../../configuration/interfaces/bonding.rst:512 +#: ../../configuration/interfaces/bonding.rst:565 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:148 +#: ../../configuration/interfaces/ethernet.rst:164 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 #: ../../configuration/interfaces/sstp-client.rst:117 #: ../../configuration/interfaces/virtual-ethernet.rst:55 -#: ../../configuration/interfaces/wireless.rst:416 +#: ../../configuration/interfaces/wireless.rst:534 #: ../../configuration/interfaces/wwan.rst:79 #: ../../configuration/pki/index.rst:321 #: ../../configuration/protocols/igmp-proxy.rst:73 @@ -10163,38 +11594,44 @@ msgstr "Operating Modes" #: ../../configuration/service/dns.rst:276 #: ../../configuration/service/lldp.rst:71 #: ../../configuration/service/mdns.rst:79 -#: ../../configuration/service/ssh.rst:145 +#: ../../configuration/service/ssh.rst:165 #: ../../configuration/service/webproxy.rst:330 #: ../../configuration/system/default-route.rst:25 -#: ../../configuration/system/flow-accounting.rst:175 -#: ../../configuration/vrf/index.rst:130 -#: ../../configuration/vrf/index.rst:342 -#: ../../configuration/vrf/index.rst:522 +#: ../../configuration/system/flow-accounting.rst:179 +#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:338 +#: ../../configuration/vrf/index.rst:518 msgid "Operation" msgstr "Operation" -#: ../../configuration/firewall/groups.rst:186 -#: ../../configuration/firewall/zone.rst:128 +#: ../../configuration/firewall/groups.rst:397 +#: ../../configuration/firewall/zone.rst:125 msgid "Operation-mode" msgstr "Operation-mode" -#: ../../configuration/firewall/bridge.rst:284 -#: ../../configuration/firewall/ipv4.rst:977 -#: ../../configuration/firewall/ipv6.rst:962 +#: ../../configuration/firewall/bridge.rst:449 +#: ../../configuration/firewall/ipv4.rst:1081 +#: ../../configuration/firewall/ipv6.rst:1071 msgid "Operation-mode Firewall" msgstr "Operation-mode Firewall" -#: ../../configuration/container/index.rst:179 +#: ../../configuration/container/index.rst:234 msgid "Operation Commands" msgstr "Operation Commands" #: ../../configuration/service/dhcp-server.rst:471 -#: ../../configuration/service/dhcp-server.rst:725 +#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/suricata.rst:78 #: ../../configuration/system/acceleration.rst:42 +#: ../../configuration/vpn/ipsec.rst:592 msgid "Operation Mode" msgstr "Operation Mode" -#: ../../configuration/interfaces/wireless.rst:89 +#: ../../configuration/nat/cgnat.rst:155 +msgid "Operation commands" +msgstr "Operation commands" + +#: ../../configuration/interfaces/wireless.rst:110 msgid "Operation mode of wireless radio." msgstr "Operation mode of wireless radio." @@ -10272,18 +11709,18 @@ msgstr "Optional Configuration" msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." -#: ../../configuration/container/index.rst:47 +#: ../../configuration/container/index.rst:71 msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." -#: ../../configuration/interfaces/openvpn.rst:631 +#: ../../configuration/interfaces/openvpn.rst:639 #: ../../configuration/service/dhcp-relay.rst:53 #: ../../configuration/service/dhcp-relay.rst:160 #: ../../configuration/service/dhcp-server.rst:280 msgid "Options" msgstr "Options" -#: ../../configuration/vpn/ipsec.rst:162 +#: ../../configuration/vpn/ipsec.rst:166 msgid "Options (Global IPsec settings) Attributes" msgstr "Options (Global IPsec settings) Attributes" @@ -10307,7 +11744,7 @@ msgstr "Order conntrackd to request a complete conntrack table resync against th msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." -#: ../../configuration/service/pppoe-server.rst:312 +#: ../../configuration/service/pppoe-server.rst:331 msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." @@ -10351,12 +11788,21 @@ msgstr "Over UDP" msgid "Override static-mapping's name-server with a custom one that will be sent only to this host." msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host." -#: ../../configuration/firewall/bridge.rst:13 +#: ../../configuration/container/index.rst:37 +msgid "Override the default command from the image for a container." +msgstr "Override the default command from the image for a container." + +#: ../../configuration/container/index.rst:33 +msgid "Override the default entrypoint from the image for a container." +msgstr "Override the default entrypoint from the image for a container." + +#: ../../configuration/firewall/bridge.rst:11 #: ../../configuration/firewall/flowtables.rst:13 #: ../../configuration/firewall/global-options.rst:11 #: ../../configuration/firewall/ipv4.rst:11 #: ../../configuration/firewall/ipv6.rst:11 #: ../../configuration/firewall/zone.rst:11 +#: ../../configuration/nat/cgnat.rst:15 #: ../../configuration/nat/nat44.rst:68 #: ../../configuration/nat/nat64.rst:18 #: ../../configuration/nat/nat66.rst:15 @@ -10367,24 +11813,31 @@ msgstr "Overview" msgid "Overview and basic concepts" msgstr "Overview and basic concepts" -#: ../../configuration/firewall/groups.rst:190 -#: ../../configuration/firewall/ipv6.rst:1117 +#: ../../configuration/firewall/groups.rst:402 +msgid "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." +msgstr "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." + +#: ../../configuration/firewall/ipv6.rst:1227 msgid "Overview of defined groups. You see the type, the members, and where the group is used." msgstr "Overview of defined groups. You see the type, the members, and where the group is used." +#: ../../configuration/system/syslog.rst:35 +msgid "Overwrites the local system host name used in syslogs." +msgstr "Overwrites the local system host name used in syslogs." + #: ../../configuration/policy/examples.rst:106 msgid "PBR multiple uplinks" msgstr "PBR multiple uplinks" -#: ../../configuration/vrf/index.rst:263 +#: ../../configuration/vrf/index.rst:259 msgid "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" msgstr "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" -#: ../../configuration/vrf/index.rst:264 +#: ../../configuration/vrf/index.rst:260 msgid "PC2 is in VRF ``blue`` which is the development department" msgstr "PC2 is in VRF ``blue`` which is the development department" -#: ../../configuration/vrf/index.rst:265 +#: ../../configuration/vrf/index.rst:261 msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." @@ -10424,14 +11877,14 @@ msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in ev msgid "PKI" msgstr "PKI" -#: ../../configuration/interfaces/wireless.rst:130 +#: ../../configuration/interfaces/wireless.rst:156 msgid "PPDU" msgstr "PPDU" -#: ../../configuration/service/pppoe-server.rst:453 -#: ../../configuration/vpn/l2tp.rst:407 +#: ../../configuration/service/pppoe-server.rst:477 +#: ../../configuration/vpn/l2tp.rst:410 #: ../../configuration/vpn/pptp.rst:331 -#: ../../configuration/vpn/sstp.rst:365 +#: ../../configuration/vpn/sstp.rst:368 msgid "PPP Advanced Options" msgstr "PPP Advanced Options" @@ -10455,10 +11908,28 @@ msgstr "PPPoE options" msgid "PPTP-Server" msgstr "PPTP-Server" +#: ../../configuration/service/ntp.rst:174 +msgid "PTP Transport of NTP Packets" +msgstr "PTP Transport of NTP Packets" + #: ../../configuration/loadbalancing/wan.rst:104 msgid "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" msgstr "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" +#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv6.rst:974 +msgid "Packet Modifications" +msgstr "Packet Modifications" + +#: ../../configuration/container/index.rst:179 +msgid "Parameters beginning with fs.mqueue.*" +msgstr "Parameters beginning with fs.mqueue.*" + +#: ../../configuration/container/index.rst:180 +msgid "Parameters beginning with net.* (only if user-defined network is used)" +msgstr "Parameters beginning with net.* (only if user-defined network is used)" + #: ../../configuration/protocols/rpki.rst:69 msgid "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." msgstr "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." @@ -10515,19 +11986,19 @@ msgstr "Per default, interfaces used in a load balancing pool replace the source msgid "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." -#: ../../configuration/system/flow-accounting.rst:127 +#: ../../configuration/system/flow-accounting.rst:131 msgid "Per default every packet is sampled (that is, the sampling rate is 1)." msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." -#: ../../configuration/service/pppoe-server.rst:556 +#: ../../configuration/service/pppoe-server.rst:581 msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." -#: ../../configuration/trafficpolicy/index.rst:1200 +#: ../../configuration/trafficpolicy/index.rst:1250 msgid "Perform NAT lookup before applying flow-isolation rules." msgstr "Perform NAT lookup before applying flow-isolation rules." -#: ../../configuration/system/option.rst:108 +#: ../../configuration/system/option.rst:128 msgid "Performance" msgstr "Performance" @@ -10535,11 +12006,11 @@ msgstr "Performance" msgid "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." msgstr "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." -#: ../../configuration/vrf/index.rst:216 +#: ../../configuration/vrf/index.rst:212 msgid "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." msgstr "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." -#: ../../configuration/vrf/index.rst:202 +#: ../../configuration/vrf/index.rst:198 msgid "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." msgstr "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." @@ -10559,7 +12030,7 @@ msgstr "Play an audible beep to the system speaker when system is ready." msgid "Please, refer to appropiate section for more information about firewall configuration:" msgstr "Please, refer to appropiate section for more information about firewall configuration:" -#: ../../configuration/firewall/index.rst:138 +#: ../../configuration/firewall/index.rst:185 msgid "Please, refer to appropriate section for more information about firewall configuration:" msgstr "Please, refer to appropriate section for more information about firewall configuration:" @@ -10627,24 +12098,36 @@ msgstr "Policy for checking targets" msgid "Policy to track previously established connections." msgstr "Policy to track previously established connections." -#: ../../configuration/firewall/groups.rst:84 +#: ../../configuration/firewall/groups.rst:83 msgid "Port Groups" msgstr "Port Groups" -#: ../../configuration/interfaces/bonding.rst:282 -#: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:140 +#: ../../configuration/interfaces/bonding.rst:287 +#: ../../configuration/interfaces/bridge.rst:187 +#: ../../configuration/interfaces/ethernet.rst:156 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" -#: ../../configuration/service/ipoe-server.rst:182 -#: ../../configuration/service/pppoe-server.rst:144 +#: ../../configuration/nat/cgnat.rst:52 +msgid "Port calculation" +msgstr "Port calculation" + +#: ../../configuration/service/ipoe-server.rst:181 +#: ../../configuration/service/pppoe-server.rst:152 #: ../../configuration/vpn/l2tp.rst:187 #: ../../configuration/vpn/pptp.rst:127 #: ../../configuration/vpn/sstp.rst:160 msgid "Port for Dynamic Authorization Extension server (DM/CoA)" msgstr "Port for Dynamic Authorization Extension server (DM/CoA)" +#: ../../configuration/service/suricata.rst:53 +msgid "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." +msgstr "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/firewall/groups.rst:283 +msgid "Port knocking example" +msgstr "Port knocking example" + #: ../../configuration/service/lldp.rst:27 msgid "Port name and description" msgstr "Port name and description" @@ -10665,12 +12148,12 @@ msgstr "Port to listen for HTTPS requests; default 443" msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." -#: ../../configuration/interfaces/openvpn.rst:169 +#: ../../configuration/interfaces/openvpn.rst:170 msgid "Pre-shared keys" msgstr "Pre-shared keys" -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "Precedence" msgstr "Precedence" @@ -10778,24 +12261,32 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's msgid "Principle of SNMP Communication" msgstr "Principle of SNMP Communication" -#: ../../configuration/vrf/index.rst:551 +#: ../../configuration/vrf/index.rst:547 msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination." msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination." -#: ../../configuration/vrf/index.rst:530 +#: ../../configuration/vrf/index.rst:526 msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:801 +#: ../../configuration/vpn/ipsec.rst:622 +msgid "Print out the list of existing crypto policies" +msgstr "Print out the list of existing crypto policies" + +#: ../../configuration/vpn/ipsec.rst:635 +msgid "Print out the list of existing in-kernel crypto state" +msgstr "Print out the list of existing in-kernel crypto state" + +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:851 msgid "Priority" msgstr "Priority" -#: ../../configuration/trafficpolicy/index.rst:688 +#: ../../configuration/trafficpolicy/index.rst:738 msgid "Priority Queue" msgstr "Priority Queue" -#: ../../configuration/trafficpolicy/index.rst:698 +#: ../../configuration/trafficpolicy/index.rst:748 msgid "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." @@ -10803,7 +12294,7 @@ msgstr "Priority Queue, as other non-shaping policies, is only useful if your ou msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." -#: ../../configuration/vpn/ipsec.rst:544 +#: ../../configuration/vpn/ipsec.rst:564 msgid "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." msgstr "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." @@ -10811,7 +12302,7 @@ msgstr "Profile generation happens from the operational level and is as simple a msgid "Prometheus-client" msgstr "Prometheus-client" -#: ../../configuration/service/ssh.rst:114 +#: ../../configuration/service/ssh.rst:134 msgid "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." msgstr "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." @@ -10831,7 +12322,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp." msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." -#: ../../configuration/firewall/groups.rst:39 +#: ../../configuration/firewall/groups.rst:38 msgid "Provide a IPv4 or IPv6 address group description" msgstr "Provide a IPv4 or IPv6 address group description" @@ -10839,25 +12330,26 @@ msgstr "Provide a IPv4 or IPv6 address group description" msgid "Provide a IPv4 or IPv6 network group description." msgstr "Provide a IPv4 or IPv6 network group description." -#: ../../configuration/firewall/ipv4.rst:285 -#: ../../configuration/firewall/ipv6.rst:285 +#: ../../configuration/firewall/bridge.rst:307 +#: ../../configuration/firewall/ipv4.rst:310 +#: ../../configuration/firewall/ipv6.rst:310 #: ../../configuration/policy/route.rst:30 msgid "Provide a description for each rule." msgstr "Provide a description for each rule." -#: ../../configuration/firewall/flowtables.rst:75 +#: ../../configuration/firewall/flowtables.rst:76 msgid "Provide a description to the flow table." msgstr "Provide a description to the flow table." -#: ../../configuration/firewall/groups.rst:141 +#: ../../configuration/firewall/groups.rst:140 msgid "Provide a domain group description." msgstr "Provide a domain group description." -#: ../../configuration/firewall/groups.rst:124 +#: ../../configuration/firewall/groups.rst:123 msgid "Provide a mac group description." msgstr "Provide a mac group description." -#: ../../configuration/firewall/groups.rst:106 +#: ../../configuration/firewall/groups.rst:105 msgid "Provide a port group description." msgstr "Provide a port group description." @@ -10865,17 +12357,17 @@ msgstr "Provide a port group description." msgid "Provide a rule-set description." msgstr "Provide a rule-set description." -#: ../../configuration/firewall/bridge.rst:205 -#: ../../configuration/firewall/ipv4.rst:275 -#: ../../configuration/firewall/ipv6.rst:275 +#: ../../configuration/firewall/bridge.rst:294 +#: ../../configuration/firewall/ipv4.rst:300 +#: ../../configuration/firewall/ipv6.rst:300 msgid "Provide a rule-set description to a custom firewall chain." msgstr "Provide a rule-set description to a custom firewall chain." -#: ../../configuration/firewall/groups.rst:63 +#: ../../configuration/firewall/groups.rst:62 msgid "Provide an IPv4 or IPv6 network group description." msgstr "Provide an IPv4 or IPv6 network group description." -#: ../../configuration/firewall/groups.rst:81 +#: ../../configuration/firewall/groups.rst:80 msgid "Provide an interface group description" msgstr "Provide an interface group description" @@ -10911,17 +12403,17 @@ msgstr "Pseudo-Ethernet or MACVLAN interfaces can be seen as subinterfaces to re msgid "Pseudo Ethernet/MACVLAN options" msgstr "Pseudo Ethernet/MACVLAN options" -#: ../../configuration/container/index.rst:74 +#: ../../configuration/container/index.rst:99 msgid "Publish a port for the container." msgstr "Publish a port for the container." -#: ../../configuration/container/index.rst:183 +#: ../../configuration/container/index.rst:238 msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:133 +#: ../../configuration/interfaces/ethernet.rst:149 #: ../../configuration/interfaces/virtual-ethernet.rst:39 -#: ../../configuration/interfaces/wireless.rst:408 +#: ../../configuration/interfaces/wireless.rst:526 msgid "QinQ (802.1ad)" msgstr "QinQ (802.1ad)" @@ -10941,7 +12433,7 @@ msgstr "Queue size for syncing conntrack entries in MB." msgid "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." msgstr "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." -#: ../../configuration/nat/nat66.rst:118 +#: ../../configuration/nat/nat66.rst:130 msgid "R1:" msgstr "R1:" @@ -10949,11 +12441,11 @@ msgstr "R1:" msgid "R1 has 192.0.2.1/24 & 2001:db8::1/64" msgstr "R1 has 192.0.2.1/24 & 2001:db8::1/64" -#: ../../configuration/vrf/index.rst:267 +#: ../../configuration/vrf/index.rst:263 msgid "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" msgstr "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" -#: ../../configuration/nat/nat66.rst:131 +#: ../../configuration/nat/nat66.rst:143 msgid "R2:" msgstr "R2:" @@ -10961,7 +12453,7 @@ msgstr "R2:" msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64" msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64" -#: ../../configuration/system/login.rst:238 +#: ../../configuration/system/login.rst:244 msgid "RADIUS" msgstr "RADIUS" @@ -10973,8 +12465,8 @@ msgstr "RADIUS Setup" msgid "RADIUS advanced features" msgstr "RADIUS advanced features" -#: ../../configuration/service/ipoe-server.rst:158 -#: ../../configuration/service/pppoe-server.rst:120 +#: ../../configuration/service/ipoe-server.rst:157 +#: ../../configuration/service/pppoe-server.rst:122 #: ../../configuration/vpn/l2tp.rst:163 #: ../../configuration/vpn/pptp.rst:103 #: ../../configuration/vpn/sstp.rst:136 @@ -10993,22 +12485,42 @@ msgstr "RADIUS bandwidth shaping attribute" msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address." msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address." -#: ../../configuration/interfaces/wireless.rst:354 +#: ../../configuration/interfaces/wireless.rst:465 msgid "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" msgstr "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" -#: ../../configuration/system/login.rst:270 +#: ../../configuration/system/login.rst:276 msgid "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." msgstr "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." -#: ../../configuration/service/ipoe-server.rst:144 -#: ../../configuration/service/pppoe-server.rst:106 +#: ../../configuration/service/ipoe-server.rst:143 +#: ../../configuration/service/pppoe-server.rst:107 #: ../../configuration/vpn/l2tp.rst:149 #: ../../configuration/vpn/pptp.rst:89 #: ../../configuration/vpn/sstp.rst:122 msgid "RADIUS source address" msgstr "RADIUS source address" +#: ../../configuration/nat/cgnat.rst:26 +msgid "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." +msgstr "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." + +#: ../../configuration/nat/cgnat.rst:30 +msgid "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." +msgstr "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." + +#: ../../configuration/nat/cgnat.rst:32 +msgid "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" +msgstr "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" + +#: ../../configuration/service/https.rst:71 +msgid "REST" +msgstr "REST" + +#: ../../configuration/highavailability/index.rst:223 +msgid "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." +msgstr "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." + #: ../../configuration/highavailability/index.rst:202 msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." @@ -11045,11 +12557,11 @@ msgstr "RSA-Keys" msgid "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." msgstr "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." -#: ../../configuration/trafficpolicy/index.rst:763 +#: ../../configuration/trafficpolicy/index.rst:813 msgid "Random-Detect" msgstr "Random-Detect" -#: ../../configuration/trafficpolicy/index.rst:807 +#: ../../configuration/trafficpolicy/index.rst:857 msgid "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." msgstr "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." @@ -11064,15 +12576,15 @@ msgstr "Range is 1 to 255, default is 1." msgid "Range is 1 to 300, default is 10." msgstr "Range is 1 to 300, default is 10." -#: ../../configuration/trafficpolicy/index.rst:952 +#: ../../configuration/trafficpolicy/index.rst:1002 msgid "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." msgstr "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." -#: ../../configuration/trafficpolicy/index.rst:918 +#: ../../configuration/trafficpolicy/index.rst:968 msgid "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." msgstr "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." -#: ../../configuration/trafficpolicy/index.rst:913 +#: ../../configuration/trafficpolicy/index.rst:963 msgid "Rate Control" msgstr "Rate Control" @@ -11080,6 +12592,19 @@ msgstr "Rate Control" msgid "Rate limit" msgstr "Rate limit" +#: ../../configuration/vpn/l2tp.rst:389 +#: ../../configuration/vpn/sstp.rst:347 +msgid "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." + +#: ../../configuration/vpn/l2tp.rst:394 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" + +#: ../../configuration/vpn/sstp.rst:352 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." + #: ../../configuration/service/dhcp-server.rst:395 #: ../../configuration/service/dhcp-server.rst:471 msgid "Raw Parameters" @@ -11089,11 +12614,11 @@ msgstr "Raw Parameters" msgid "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" msgstr "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" -#: ../../configuration/service/ssh.rst:162 +#: ../../configuration/service/ssh.rst:182 msgid "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." msgstr "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." -#: ../../configuration/service/ssh.rst:154 +#: ../../configuration/service/ssh.rst:174 msgid "Re-generated the public/private keyportion which SSH uses to secure connections." msgstr "Re-generated the public/private keyportion which SSH uses to secure connections." @@ -11101,15 +12626,15 @@ msgstr "Re-generated the public/private keyportion which SSH uses to secure conn msgid "Reachable Time" msgstr "Reachable Time" -#: ../../configuration/highavailability/index.rst:398 +#: ../../configuration/highavailability/index.rst:402 msgid "Real server" msgstr "Real server" -#: ../../configuration/highavailability/index.rst:399 +#: ../../configuration/highavailability/index.rst:403 msgid "Real server IP address and port" msgstr "Real server IP address and port" -#: ../../configuration/highavailability/index.rst:414 +#: ../../configuration/highavailability/index.rst:418 msgid "Real server is auto-excluded if port check with this server fail." msgstr "Real server is auto-excluded if port check with this server fail." @@ -11117,8 +12642,8 @@ msgstr "Real server is auto-excluded if port check with this server fail." msgid "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." msgstr "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." -#: ../../configuration/service/ipoe-server.rst:227 -#: ../../configuration/service/pppoe-server.rst:189 +#: ../../configuration/service/ipoe-server.rst:226 +#: ../../configuration/service/pppoe-server.rst:206 #: ../../configuration/vpn/l2tp.rst:232 #: ../../configuration/vpn/pptp.rst:172 #: ../../configuration/vpn/sstp.rst:205 @@ -11133,7 +12658,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:211 +#: ../../configuration/loadbalancing/haproxy.rst:263 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11145,7 +12670,7 @@ msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." -#: ../../configuration/loadbalancing/reverse-proxy.rst:91 +#: ../../configuration/loadbalancing/haproxy.rst:103 msgid "Redirect URL to a new location" msgstr "Redirect URL to a new location" @@ -11165,9 +12690,9 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:126 +#: ../../configuration/interfaces/ethernet.rst:142 #: ../../configuration/interfaces/virtual-ethernet.rst:33 -#: ../../configuration/interfaces/wireless.rst:401 +#: ../../configuration/interfaces/wireless.rst:519 msgid "Regular VLANs (802.1q)" msgstr "Regular VLANs (802.1q)" @@ -11191,7 +12716,7 @@ msgstr "Regular expression to match against an extended community list, where te msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." -#: ../../configuration/service/ssh.rst:135 +#: ../../configuration/service/ssh.rst:155 msgid "Remember source IP in seconds before reset their score. The default is 1800." msgstr "Remember source IP in seconds before reset their score. The default is 1800." @@ -11207,8 +12732,8 @@ msgstr "Remote Access \"RoadWarrior\" Example" msgid "Remote Access \"RoadWarrior\" clients" msgstr "Remote Access \"RoadWarrior\" clients" -#: ../../configuration/interfaces/openvpn.rst:152 -#: ../../configuration/interfaces/openvpn.rst:247 +#: ../../configuration/interfaces/openvpn.rst:153 +#: ../../configuration/interfaces/openvpn.rst:249 msgid "Remote Configuration:" msgstr "Remote Configuration:" @@ -11216,10 +12741,18 @@ msgstr "Remote Configuration:" msgid "Remote Configuration - Annotated:" msgstr "Remote Configuration - Annotated:" -#: ../../configuration/system/syslog.rst:54 +#: ../../configuration/system/syslog.rst:72 msgid "Remote Host" msgstr "Remote Host" +#: ../../configuration/service/monitoring.rst:140 +msgid "Remote Loki port" +msgstr "Remote Loki port" + +#: ../../configuration/service/monitoring.rst:146 +msgid "Remote Loki url" +msgstr "Remote Loki url" + #: ../../configuration/service/monitoring.rst:130 msgid "Remote URL" msgstr "Remote URL" @@ -11256,14 +12789,14 @@ msgstr "Remote port" msgid "Remote transmission interval will be multiplied by this value" msgstr "Remote transmission interval will be multiplied by this value" -#: ../../configuration/service/pppoe-server.rst:217 -#: ../../configuration/vpn/l2tp.rst:260 +#: ../../configuration/service/pppoe-server.rst:236 +#: ../../configuration/vpn/l2tp.rst:263 #: ../../configuration/vpn/pptp.rst:200 -#: ../../configuration/vpn/sstp.rst:233 +#: ../../configuration/vpn/sstp.rst:236 msgid "Renaming clients interfaces by RADIUS" msgstr "Renaming clients interfaces by RADIUS" -#: ../../configuration/interfaces/openvpn.rst:129 +#: ../../configuration/interfaces/openvpn.rst:130 msgid "Repeat the procedure on the other router." msgstr "Repeat the procedure on the other router." @@ -11279,10 +12812,10 @@ msgstr "Request only a temporary address and not form an IA_NA (Identity Associa msgid "Requests are forwarded through ``eth2`` as the `upstream interface`" msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`" -#: ../../configuration/service/pppoe-server.rst:442 -#: ../../configuration/vpn/l2tp.rst:396 +#: ../../configuration/service/pppoe-server.rst:465 +#: ../../configuration/vpn/l2tp.rst:399 #: ../../configuration/vpn/pptp.rst:320 -#: ../../configuration/vpn/sstp.rst:354 +#: ../../configuration/vpn/sstp.rst:357 msgid "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." msgstr "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." @@ -11294,20 +12827,32 @@ msgstr "Requirements" msgid "Requirements:" msgstr "Requirements:" -#: ../../configuration/firewall/ipv4.rst:949 -#: ../../configuration/firewall/ipv6.rst:935 +#: ../../configuration/firewall/ipv4.rst:1054 +#: ../../configuration/firewall/ipv6.rst:1044 msgid "Requirements to enable synproxy:" msgstr "Requirements to enable synproxy:" +#: ../../configuration/nat/cgnat.rst:59 +msgid "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." +msgstr "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." + #: ../../configuration/protocols/bgp.rst:1086 #: ../../configuration/protocols/mpls.rst:248 msgid "Reset" msgstr "Reset" -#: ../../configuration/interfaces/openvpn.rst:725 +#: ../../configuration/interfaces/openvpn.rst:878 msgid "Reset OpenVPN" msgstr "Reset OpenVPN" +#: ../../configuration/vpn/ipsec.rst:647 +msgid "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." +msgstr "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." + +#: ../../configuration/vpn/ipsec.rst:652 +msgid "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." +msgstr "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." + #: ../../configuration/system/ipv6.rst:163 msgid "Reset commands" msgstr "Reset commands" @@ -11328,7 +12873,7 @@ msgstr "Restart DHCP relay service" msgid "Restart DHCPv6 relay agent immediately." msgstr "Restart DHCPv6 relay agent immediately." -#: ../../configuration/container/index.rst:203 +#: ../../configuration/container/index.rst:258 msgid "Restart a given container" msgstr "Restart a given container" @@ -11344,7 +12889,11 @@ msgstr "Restart the DHCP server" msgid "Restart the IGMP proxy process." msgstr "Restart the IGMP proxy process." -#: ../../configuration/service/ssh.rst:149 +#: ../../configuration/vpn/ipsec.rst:643 +msgid "Restart the IPsec VPN process and re-establishes the connection." +msgstr "Restart the IPsec VPN process and re-establishes the connection." + +#: ../../configuration/service/ssh.rst:169 msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." @@ -11352,9 +12901,15 @@ msgstr "Restart the SSH daemon process, the current session is not affected, onl msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." -#: ../../configuration/interfaces/wireless.rst:315 -#: ../../configuration/interfaces/wireless.rst:369 -#: ../../configuration/interfaces/wireless.rst:567 +#: ../../configuration/service/suricata.rst:88 +msgid "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." +msgstr "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." + +#: ../../configuration/interfaces/wireless.rst:423 +#: ../../configuration/interfaces/wireless.rst:483 +#: ../../configuration/interfaces/wireless.rst:691 +#: ../../configuration/interfaces/wireless.rst:771 +#: ../../configuration/interfaces/wireless.rst:861 msgid "Resulting in" msgstr "Resulting in" @@ -11382,7 +12937,7 @@ msgstr "Retrieve public key portion from configured WIreGuard interface." msgid "Reverse-proxy" msgstr "Reverse-proxy" -#: ../../configuration/trafficpolicy/index.rst:958 +#: ../../configuration/trafficpolicy/index.rst:1008 msgid "Round Robin" msgstr "Round Robin" @@ -11466,7 +13021,7 @@ msgstr "Router Lifetime" msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." -#: ../../configuration/vrf/index.rst:444 +#: ../../configuration/vrf/index.rst:440 msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" @@ -11490,11 +13045,11 @@ msgstr "Routes with a distance of 255 are effectively disabled and not installed msgid "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." msgstr "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." -#: ../../configuration/trafficpolicy/index.rst:803 +#: ../../configuration/trafficpolicy/index.rst:853 msgid "Routine" msgstr "Routine" -#: ../../configuration/vrf/index.rst:101 +#: ../../configuration/vrf/index.rst:97 msgid "Routing" msgstr "Routing" @@ -11506,43 +13061,43 @@ msgstr "Routing tables that will be used in this example are:" msgid "Rule-Sets" msgstr "Rule-Sets" -#: ../../configuration/firewall/bridge.rst:287 -#: ../../configuration/firewall/ipv4.rst:980 -#: ../../configuration/firewall/ipv6.rst:965 +#: ../../configuration/firewall/bridge.rst:452 +#: ../../configuration/firewall/ipv4.rst:1084 +#: ../../configuration/firewall/ipv6.rst:1074 msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:258 +#: ../../configuration/loadbalancing/haproxy.rst:310 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/haproxy.rst:348 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." -#: ../../configuration/firewall/flowtables.rst:151 +#: ../../configuration/firewall/flowtables.rst:152 msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:298 +#: ../../configuration/loadbalancing/haproxy.rst:351 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:261 +#: ../../configuration/loadbalancing/haproxy.rst:313 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" -#: ../../configuration/firewall/bridge.rst:208 -#: ../../configuration/firewall/ipv4.rst:288 -#: ../../configuration/firewall/ipv6.rst:288 +#: ../../configuration/firewall/bridge.rst:310 +#: ../../configuration/firewall/ipv4.rst:313 +#: ../../configuration/firewall/ipv6.rst:313 msgid "Rule Status" msgstr "Rule Status" -#: ../../configuration/loadbalancing/reverse-proxy.rst:50 +#: ../../configuration/loadbalancing/haproxy.rst:62 msgid "Rules" msgstr "Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:51 +#: ../../configuration/loadbalancing/haproxy.rst:63 msgid "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." msgstr "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." @@ -11611,6 +13166,10 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used." #: ../../_include/interface-mirror.txt:1 +msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." +msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." + +#: ../../_include/interface-mirror.txt:1 msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." @@ -11627,7 +13186,7 @@ msgstr "SSH :ref:`ssh_key_based_authentication`" msgid "SSH :ref:`ssh_operation`" msgstr "SSH :ref:`ssh_operation`" -#: ../../configuration/system/option.rst:74 +#: ../../configuration/system/option.rst:94 msgid "SSH client" msgstr "SSH client" @@ -11643,11 +13202,11 @@ msgstr "SSH username to establish an SSH connection to the cache server." msgid "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." msgstr "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." -#: ../../configuration/interfaces/wireless.rst:114 +#: ../../configuration/interfaces/wireless.rst:140 msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:333 +#: ../../configuration/loadbalancing/haproxy.rst:387 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11659,7 +13218,7 @@ msgstr "SSL Certificates" msgid "SSL Certificates generation" msgstr "SSL Certificates generation" -#: ../../configuration/loadbalancing/reverse-proxy.rst:67 +#: ../../configuration/loadbalancing/haproxy.rst:79 msgid "SSL match Server Name Indication (SNI) option:" msgstr "SSL match Server Name Indication (SNI) option:" @@ -11699,6 +13258,10 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." +#: ../../configuration/firewall/bridge.rst:333 +msgid "Same specific matching criteria that can be used in bridge firewall are described in this section:" +msgstr "Same specific matching criteria that can be used in bridge firewall are described in this section:" + #: ../../configuration/interfaces/vxlan.rst:174 msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." @@ -11707,7 +13270,7 @@ msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgid "Sample configuration to setup LDP on VyOS" msgstr "Sample configuration to setup LDP on VyOS" -#: ../../configuration/interfaces/wireless.rst:515 +#: ../../configuration/interfaces/wireless.rst:639 msgid "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." msgstr "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." @@ -11715,44 +13278,59 @@ msgstr "Scanning is not supported on all wireless drivers and wireless hardware. msgid "Script execution" msgstr "Script execution" -#: ../../configuration/service/ipoe-server.rst:299 -#: ../../configuration/service/pppoe-server.rst:417 -#: ../../configuration/vpn/l2tp.rst:361 +#: ../../configuration/service/ipoe-server.rst:298 +#: ../../configuration/service/pppoe-server.rst:439 #: ../../configuration/vpn/pptp.rst:285 -#: ../../configuration/vpn/sstp.rst:319 msgid "Script to run before session interface comes up" msgstr "Script to run before session interface comes up" -#: ../../configuration/service/ipoe-server.rst:291 -#: ../../configuration/service/pppoe-server.rst:409 -#: ../../configuration/vpn/l2tp.rst:353 +#: ../../configuration/vpn/l2tp.rst:364 +#: ../../configuration/vpn/sstp.rst:322 +msgid "Script to run before the session interface comes up" +msgstr "Script to run before the session interface comes up" + +#: ../../configuration/service/ipoe-server.rst:290 +#: ../../configuration/service/pppoe-server.rst:431 #: ../../configuration/vpn/pptp.rst:277 -#: ../../configuration/vpn/sstp.rst:311 msgid "Script to run when session interface changed by RADIUS CoA handling" msgstr "Script to run when session interface changed by RADIUS CoA handling" -#: ../../configuration/service/ipoe-server.rst:295 -#: ../../configuration/service/pppoe-server.rst:413 -#: ../../configuration/vpn/l2tp.rst:357 +#: ../../configuration/service/ipoe-server.rst:294 +#: ../../configuration/service/pppoe-server.rst:435 #: ../../configuration/vpn/pptp.rst:281 -#: ../../configuration/vpn/sstp.rst:315 msgid "Script to run when session interface going to terminate" msgstr "Script to run when session interface going to terminate" -#: ../../configuration/service/ipoe-server.rst:303 -#: ../../configuration/service/pppoe-server.rst:421 -#: ../../configuration/vpn/l2tp.rst:365 +#: ../../configuration/service/ipoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:443 #: ../../configuration/vpn/pptp.rst:289 -#: ../../configuration/vpn/sstp.rst:323 msgid "Script to run when session interface is completely configured and started" msgstr "Script to run when session interface is completely configured and started" -#: ../../configuration/highavailability/index.rst:299 -#: ../../configuration/service/ipoe-server.rst:287 -#: ../../configuration/service/pppoe-server.rst:405 -#: ../../configuration/vpn/l2tp.rst:349 +#: ../../configuration/vpn/sstp.rst:318 +msgid "Script to run when the session interface about to terminate" +msgstr "Script to run when the session interface about to terminate" + +#: ../../configuration/vpn/l2tp.rst:360 +msgid "Script to run when the session interface is about to terminate" +msgstr "Script to run when the session interface is about to terminate" + +#: ../../configuration/vpn/l2tp.rst:356 +#: ../../configuration/vpn/sstp.rst:314 +msgid "Script to run when the session interface is changed by RADIUS CoA handling" +msgstr "Script to run when the session interface is changed by RADIUS CoA handling" + +#: ../../configuration/vpn/l2tp.rst:368 +#: ../../configuration/vpn/sstp.rst:326 +msgid "Script to run when the session interface is completely configured and started" +msgstr "Script to run when the session interface is completely configured and started" + +#: ../../configuration/highavailability/index.rst:303 +#: ../../configuration/service/ipoe-server.rst:286 +#: ../../configuration/service/pppoe-server.rst:427 +#: ../../configuration/vpn/l2tp.rst:352 #: ../../configuration/vpn/pptp.rst:273 -#: ../../configuration/vpn/sstp.rst:307 +#: ../../configuration/vpn/sstp.rst:310 msgid "Scripting" msgstr "Scripting" @@ -11764,20 +13342,20 @@ msgstr "Second scenario: apply source NAT for all outgoing connections from LAN msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." -#: ../../configuration/service/ipoe-server.rst:186 -#: ../../configuration/service/pppoe-server.rst:148 +#: ../../configuration/service/ipoe-server.rst:185 +#: ../../configuration/service/pppoe-server.rst:157 #: ../../configuration/vpn/l2tp.rst:191 #: ../../configuration/vpn/pptp.rst:131 #: ../../configuration/vpn/sstp.rst:164 msgid "Secret for Dynamic Authorization Extension server (DM/CoA)" msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/interfaces/wireless.rst:334 +#: ../../configuration/interfaces/wireless.rst:445 msgid "Security" msgstr "Security" -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:150 msgid "Security/authentication messages" msgstr "Security/authentication messages" @@ -11821,7 +13399,7 @@ msgstr "Select TLS version used." msgid "Select cipher suite used for cryptographic operations. This setting is mandatory." msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory." -#: ../../configuration/vrf/index.rst:487 +#: ../../configuration/vrf/index.rst:483 msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." @@ -11829,11 +13407,11 @@ msgstr "Select how labels are allocated in the given VRF. By default, the per-vr msgid "Self Signed CA" msgstr "Self Signed CA" -#: ../../configuration/loadbalancing/reverse-proxy.rst:140 +#: ../../configuration/loadbalancing/haproxy.rst:147 msgid "Send a Proxy Protocol version 1 header (text format)" msgstr "Send a Proxy Protocol version 1 header (text format)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:145 +#: ../../configuration/loadbalancing/haproxy.rst:152 msgid "Send a Proxy Protocol version 2 header (binary format)" msgstr "Send a Proxy Protocol version 2 header (binary format)" @@ -11841,11 +13419,15 @@ msgstr "Send a Proxy Protocol version 2 header (binary format)" msgid "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." msgstr "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." -#: ../../configuration/interfaces/wireless.rst:57 +#: ../../configuration/interfaces/wireless.rst:69 msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." -#: ../../configuration/vpn/l2tp.rst:276 +#: ../../configuration/interfaces/wireless.rst:69 +msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." +msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." + +#: ../../configuration/vpn/l2tp.rst:279 msgid "Sent to the client (LAC) in the Host-Name attribute" msgstr "Sent to the client (LAC) in the Host-Name attribute" @@ -11857,7 +13439,7 @@ msgstr "Serial Console" msgid "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." -#: ../../configuration/interfaces/openvpn.rst:325 +#: ../../configuration/interfaces/openvpn.rst:329 msgid "Server" msgstr "Server" @@ -11873,10 +13455,18 @@ msgstr "Server Certificate" msgid "Server Configuration" msgstr "Server Configuration" -#: ../../configuration/interfaces/openvpn.rst:588 +#: ../../configuration/interfaces/openvpn.rst:592 msgid "Server Side" msgstr "Server Side" +#: ../../configuration/interfaces/openvpn.rst:679 +msgid "Server Side:" +msgstr "Server Side:" + +#: ../../configuration/interfaces/openvpn.rst:670 +msgid "Server bridge" +msgstr "Server bridge" + #: ../../configuration/service/ipoe-server.rst:157 msgid "Server configuration" msgstr "Server configuration" @@ -11885,12 +13475,12 @@ msgstr "Server configuration" msgid "Server names for virtual hosts it can be exact, wildcard or regex." msgstr "Server names for virtual hosts it can be exact, wildcard or regex." -#: ../../configuration/loadbalancing/reverse-proxy.rst:21 +#: ../../configuration/loadbalancing/haproxy.rst:21 #: ../../configuration/service/index.rst:3 msgid "Service" msgstr "Service" -#: ../../configuration/loadbalancing/reverse-proxy.rst:16 +#: ../../configuration/loadbalancing/haproxy.rst:16 msgid "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." msgstr "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." @@ -11950,12 +13540,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne msgid "Set SSL certeficate <name> for service <name>" msgstr "Set SSL certeficate <name> for service <name>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:46 +#: ../../configuration/loadbalancing/haproxy.rst:46 msgid "Set SSL certificate <name> for service <name>" msgstr "Set SSL certificate <name> for service <name>" -#: ../../configuration/firewall/ipv4.rst:941 -#: ../../configuration/firewall/ipv6.rst:927 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" @@ -11967,19 +13557,19 @@ msgstr "Set TTL to 300 seconds" msgid "Set Virtual Tunnel Interface" msgstr "Set Virtual Tunnel Interface" -#: ../../configuration/container/index.rst:54 +#: ../../configuration/container/index.rst:79 msgid "Set a container description" msgstr "Set a container description" -#: ../../configuration/trafficpolicy/index.rst:1169 +#: ../../configuration/trafficpolicy/index.rst:1219 msgid "Set a description for the shaper." msgstr "Set a description for the shaper." -#: ../../configuration/system/conntrack.rst:113 +#: ../../configuration/system/conntrack.rst:81 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" -#: ../../configuration/system/conntrack.rst:142 +#: ../../configuration/system/conntrack.rst:110 msgid "Set a destination and/or source port. Accepted input:" msgstr "Set a destination and/or source port. Accepted input:" @@ -11987,11 +13577,11 @@ msgstr "Set a destination and/or source port. Accepted input:" msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." -#: ../../configuration/system/login.rst:391 +#: ../../configuration/system/login.rst:397 msgid "Set a limit on the maximum number of concurrent logged-in users on the system." msgstr "Set a limit on the maximum number of concurrent logged-in users on the system." -#: ../../configuration/firewall/zone.rst:98 +#: ../../configuration/firewall/zone.rst:95 msgid "Set a meaningful description." msgstr "Set a meaningful description." @@ -11999,7 +13589,7 @@ msgstr "Set a meaningful description." msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." -#: ../../configuration/system/conntrack.rst:106 +#: ../../configuration/system/conntrack.rst:74 msgid "Set a rule description." msgstr "Set a rule description." @@ -12011,6 +13601,18 @@ msgstr "Set a specific connection mark." msgid "Set a specific packet mark." msgstr "Set a specific packet mark." +#: ../../configuration/firewall/bridge.rst:404 +#: ../../configuration/firewall/ipv4.rst:1006 +#: ../../configuration/firewall/ipv6.rst:996 +msgid "Set a specific packet mark value." +msgstr "Set a specific packet mark value." + +#: ../../configuration/firewall/bridge.rst:399 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 +msgid "Set a specific value of Differentiated Services Codepoint (DSCP)." +msgstr "Set a specific value of Differentiated Services Codepoint (DSCP)." + #: ../../configuration/policy/route-map.rst:25 msgid "Set action for the route-map policy." msgstr "Set action for the route-map policy." @@ -12062,32 +13664,53 @@ msgstr "Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword." msgid "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." msgstr "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." +#: ../../configuration/nat/cgnat.rst:77 +msgid "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." +msgstr "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." + #: ../../configuration/service/ipoe-server.rst:60 -#: ../../configuration/service/ipoe-server.rst:88 -#: ../../configuration/service/pppoe-server.rst:38 +#: ../../configuration/service/pppoe-server.rst:37 #: ../../configuration/vpn/l2tp.rst:26 #: ../../configuration/vpn/pptp.rst:27 #: ../../configuration/vpn/sstp.rst:53 msgid "Set authentication backend. The configured authentication backend is used for all queries." msgstr "Set authentication backend. The configured authentication backend is used for all queries." -#: ../../configuration/container/index.rst:122 +#: ../../configuration/firewall/bridge.rst:424 +#: ../../configuration/firewall/ipv4.rst:1031 +#: ../../configuration/firewall/ipv6.rst:1021 +msgid "Set connection mark value." +msgstr "Set connection mark value." + +#: ../../configuration/container/index.rst:160 msgid "Set container capabilities or permissions." msgstr "Set container capabilities or permissions." -#: ../../configuration/highavailability/index.rst:247 +#: ../../configuration/container/index.rst:173 +msgid "Set container sysctl values." +msgstr "Set container sysctl values." + +#: ../../configuration/loadbalancing/haproxy.rst:51 +msgid "Set custom HTTP headers to be included in all responses" +msgstr "Set custom HTTP headers to be included in all responses" + +#: ../../configuration/loadbalancing/haproxy.rst:168 +msgid "Set custom HTTP headers to be included in all responses using the backend" +msgstr "Set custom HTTP headers to be included in all responses using the backend" + +#: ../../configuration/highavailability/index.rst:251 msgid "Set delay between gratuitous ARP messages sent on an interface." msgstr "Set delay between gratuitous ARP messages sent on an interface." -#: ../../configuration/highavailability/index.rst:255 +#: ../../configuration/highavailability/index.rst:259 msgid "Set delay for second set of gratuitous ARPs after transition to MASTER." msgstr "Set delay for second set of gratuitous ARPs after transition to MASTER." -#: ../../configuration/service/ipoe-server.rst:356 -#: ../../configuration/service/pppoe-server.rst:522 -#: ../../configuration/vpn/l2tp.rst:476 +#: ../../configuration/service/ipoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:547 +#: ../../configuration/vpn/l2tp.rst:481 #: ../../configuration/vpn/pptp.rst:400 -#: ../../configuration/vpn/sstp.rst:434 +#: ../../configuration/vpn/sstp.rst:439 msgid "Set description." msgstr "Set description." @@ -12119,7 +13742,7 @@ msgstr "Set description for large-community-list policy." msgid "Set description for rule." msgstr "Set description for rule." -#: ../../configuration/policy/prefix-list.rst:67 +#: ../../configuration/policy/prefix-list.rst:83 msgid "Set description for rule in IPv6 prefix-list." msgstr "Set description for rule in IPv6 prefix-list." @@ -12131,7 +13754,7 @@ msgstr "Set description for rule in the prefix-list." msgid "Set description for the IPv6 access list." msgstr "Set description for the IPv6 access list." -#: ../../configuration/policy/prefix-list.rst:58 +#: ../../configuration/policy/prefix-list.rst:74 msgid "Set description for the IPv6 prefix-list policy." msgstr "Set description for the IPv6 prefix-list policy." @@ -12176,7 +13799,16 @@ msgstr "Set execution time in common cron_ time format. A cron `<spec>` of ``30 msgid "Set extcommunity bandwidth" msgstr "Set extcommunity bandwidth" -#: ../../configuration/interfaces/wireless.rst:229 +#: ../../configuration/nat/cgnat.rst:82 +msgid "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." +msgstr "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." + +#: ../../configuration/firewall/bridge.rst:419 +#: ../../configuration/firewall/ipv6.rst:1014 +msgid "Set hop limit value." +msgstr "Set hop limit value." + +#: ../../configuration/interfaces/wireless.rst:260 msgid "Set if antenna pattern does not change during the lifetime of an association" msgstr "Set if antenna pattern does not change during the lifetime of an association" @@ -12185,7 +13817,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa msgid "Set inbound interface to match." msgstr "Set inbound interface to match." -#: ../../configuration/firewall/zone.rst:84 +#: ../../configuration/firewall/zone.rst:81 msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." @@ -12237,7 +13869,7 @@ msgstr "Set maximum hop count before packets are discarded, default: 10" msgid "Set maximum number of packets to alow in excess of rate." msgstr "Set maximum number of packets to alow in excess of rate." -#: ../../configuration/highavailability/index.rst:265 +#: ../../configuration/highavailability/index.rst:269 msgid "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." @@ -12245,11 +13877,11 @@ msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgid "Set mode for IPsec authentication between VyOS and L2TP clients." msgstr "Set mode for IPsec authentication between VyOS and L2TP clients." -#: ../../configuration/highavailability/index.rst:285 +#: ../../configuration/highavailability/index.rst:289 msgid "Set number of gratuitous ARP messages to send at a time after transition to MASTER." msgstr "Set number of gratuitous ARP messages to send at a time after transition to MASTER." -#: ../../configuration/highavailability/index.rst:275 +#: ../../configuration/highavailability/index.rst:279 msgid "Set number of gratuitous ARP messages to send at a time while MASTER." msgstr "Set number of gratuitous ARP messages to send at a time while MASTER." @@ -12300,7 +13932,7 @@ msgstr "Set routing table to forward packet to." msgid "Set rule action to drop." msgstr "Set rule action to drop." -#: ../../configuration/loadbalancing/reverse-proxy.rst:26 +#: ../../configuration/loadbalancing/haproxy.rst:26 msgid "Set service to bind on IP address, by default listen on any IPv4 and IPv6" msgstr "Set service to bind on IP address, by default listen on any IPv4 and IPv6" @@ -12350,7 +13982,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel." msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/firewall/global-options.rst:99 +#: ../../configuration/firewall/global-options.rst:104 msgid "Set the IPv4 source validation mode. The following system parameter will be altered:" msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:" @@ -12399,7 +14031,23 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." -#: ../../configuration/container/index.rst:99 +#: ../../configuration/firewall/bridge.rst:409 +#: ../../configuration/firewall/ipv4.rst:1015 +#: ../../configuration/firewall/ipv6.rst:1005 +msgid "Set the TCP-MSS (TCP maximum segment size) for the connection." +msgstr "Set the TCP-MSS (TCP maximum segment size) for the connection." + +#: ../../configuration/firewall/ipv4.rst:1045 +#: ../../configuration/firewall/ipv6.rst:1035 +msgid "Set the TCP-MSS (maximum segment size) for the connection" +msgstr "Set the TCP-MSS (maximum segment size) for the connection" + +#: ../../configuration/firewall/bridge.rst:414 +#: ../../configuration/firewall/ipv4.rst:1024 +msgid "Set the TTL (Time to Live) value." +msgstr "Set the TTL (Time to Live) value." + +#: ../../configuration/container/index.rst:124 msgid "Set the User ID or Group ID of the container" msgstr "Set the User ID or Group ID of the container" @@ -12415,27 +14063,31 @@ msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the p msgid "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." msgstr "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." -#: ../../configuration/service/ssh.rst:106 +#: ../../configuration/service/ssh.rst:107 msgid "Set the ``sshd`` log level. The default is ``info``." msgstr "Set the ``sshd`` log level. The default is ``info``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:130 +#: ../../configuration/loadbalancing/haproxy.rst:137 msgid "Set the address of the backend port" msgstr "Set the address of the backend port" -#: ../../configuration/loadbalancing/reverse-proxy.rst:124 +#: ../../configuration/loadbalancing/haproxy.rst:131 msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" -#: ../../configuration/service/https.rst:94 +#: ../../configuration/service/https.rst:97 msgid "Set the authentication type for GraphQL, default option is key. Available options are:" msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" -#: ../../configuration/service/https.rst:106 +#: ../../configuration/service/https.rst:109 msgid "Set the byte length of the JWT secret. Default is 32." msgstr "Set the byte length of the JWT secret. Default is 32." -#: ../../configuration/highavailability/index.rst:295 +#: ../../configuration/container/index.rst:41 +msgid "Set the command arguments for a container." +msgstr "Set the command arguments for a container." + +#: ../../configuration/highavailability/index.rst:299 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12459,19 +14111,23 @@ msgstr "Set the distance for the default gateway sent by the SSTP server." msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." -#: ../../configuration/firewall/global-options.rst:127 +#: ../../configuration/firewall/global-options.rst:132 msgid "Set the global setting for an established connection." msgstr "Set the global setting for an established connection." -#: ../../configuration/firewall/global-options.rst:137 +#: ../../configuration/firewall/global-options.rst:142 msgid "Set the global setting for invalid packets." msgstr "Set the global setting for invalid packets." -#: ../../configuration/firewall/global-options.rst:147 +#: ../../configuration/firewall/global-options.rst:152 msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." -#: ../../configuration/service/https.rst:102 +#: ../../configuration/container/index.rst:45 +msgid "Set the host name for a container." +msgstr "Set the host name for a container." + +#: ../../configuration/service/https.rst:105 msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." @@ -12483,7 +14139,7 @@ msgstr "Set the listen port of the local API, this has no effect on the webserve msgid "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." -#: ../../configuration/interfaces/wireless.rst:277 +#: ../../configuration/interfaces/wireless.rst:313 msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" @@ -12507,6 +14163,10 @@ msgstr "Set the name of the x509 client keypair used to authenticate against the msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" +#: ../../configuration/interfaces/bridge.rst:157 +msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." +msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." + #: ../../configuration/policy/route-map.rst:287 msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value" msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value" @@ -12547,7 +14207,19 @@ msgstr "Set the peer's key used to receive (RX) traffic" msgid "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." -#: ../../configuration/container/index.rst:103 +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool." +msgstr "Set the range of external IP addresses for the CGNAT pool." + +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." +msgstr "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." + +#: ../../configuration/nat/cgnat.rst:92 +msgid "Set the range of internal IP addresses for the CGNAT pool." +msgstr "Set the range of internal IP addresses for the CGNAT pool." + +#: ../../configuration/container/index.rst:128 msgid "Set the restart behavior of the container." msgstr "Set the restart behavior of the container." @@ -12559,11 +14231,19 @@ msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a msgid "Set the routing table to forward packet with." msgstr "Set the routing table to forward packet with." +#: ../../configuration/nat/cgnat.rst:96 +msgid "Set the rule for the source pool." +msgstr "Set the rule for the source pool." + +#: ../../configuration/nat/cgnat.rst:100 +msgid "Set the rule for the translation pool." +msgstr "Set the rule for the translation pool." + #: ../../configuration/interfaces/l2tpv3.rst:64 msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." -#: ../../configuration/trafficpolicy/index.rst:1164 +#: ../../configuration/trafficpolicy/index.rst:1214 msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." @@ -12575,6 +14255,14 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes msgid "Set the source IP of forwarded packets, otherwise original senders address is used." msgstr "Set the source IP of forwarded packets, otherwise original senders address is used." +#: ../../configuration/firewall/global-options.rst:184 +msgid "Set the timeout in seconds for a protocol or state." +msgstr "Set the timeout in seconds for a protocol or state." + +#: ../../configuration/system/conntrack.rst:143 +msgid "Set the timeout in seconds for a protocol or state in a custom rule." +msgstr "Set the timeout in seconds for a protocol or state in a custom rule." + #: ../../configuration/system/conntrack.rst:97 msgid "Set the timeout in secounds for a protocol or state." msgstr "Set the timeout in secounds for a protocol or state." @@ -12588,8 +14276,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule." msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." -#: ../../configuration/firewall/ipv4.rst:945 -#: ../../configuration/firewall/ipv6.rst:931 +#: ../../configuration/firewall/ipv4.rst:1050 +#: ../../configuration/firewall/ipv6.rst:1040 msgid "Set the window scale factor for TCP window scaling" msgstr "Set the window scale factor for TCP window scaling" @@ -12597,15 +14285,19 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." -#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +#: ../../configuration/loadbalancing/haproxy.rst:223 msgid "Sets the HTTP method to be used, can be either: option, get, post, put" msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/haproxy.rst:228 msgid "Sets the endpoint to be used for health checks" msgstr "Sets the endpoint to be used for health checks" -#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +#: ../../configuration/loadbalancing/haproxy.rst:233 +msgid "Sets the expected result condition for considering a server healthy." +msgstr "Sets the expected result condition for considering a server healthy." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:187 msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" @@ -12625,6 +14317,10 @@ msgstr "Sets the listening port for a listening address. This overrides the defa msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." +#: ../../configuration/service/https.rst:119 +msgid "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." +msgstr "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." + #: ../../configuration/highavailability/index.rst:96 msgid "Setting VRRP group priority" msgstr "Setting VRRP group priority" @@ -12641,15 +14337,15 @@ msgstr "Setting this up on AWS will require a \"Custom Protocol Rule\" for proto msgid "Setting up IPSec:" msgstr "Setting up IPSec:" -#: ../../configuration/interfaces/openvpn.rst:132 +#: ../../configuration/interfaces/openvpn.rst:133 msgid "Setting up OpenVPN" msgstr "Setting up OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:76 +#: ../../configuration/interfaces/openvpn.rst:77 msgid "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." msgstr "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." -#: ../../configuration/interfaces/openvpn.rst:74 +#: ../../configuration/interfaces/openvpn.rst:75 msgid "Setting up certificates" msgstr "Setting up certificates" @@ -12662,7 +14358,8 @@ msgid "Setting up tunnel:" msgstr "Setting up tunnel:" #: ../../configuration/system/option.rst:42 -#: ../../configuration/system/option.rst:53 +#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:71 msgid "Setting will only become active with the next reboot!" msgstr "Setting will only become active with the next reboot!" @@ -12678,11 +14375,11 @@ msgstr "Setup DHCP failover for network 192.0.2.0/24" msgid "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." msgstr "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." -#: ../../configuration/system/login.rst:266 +#: ../../configuration/system/login.rst:272 msgid "Setup the `<timeout>` in seconds when querying the RADIUS server." msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server." -#: ../../configuration/system/login.rst:335 +#: ../../configuration/system/login.rst:341 msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Setup the `<timeout>` in seconds when querying the TACACS server." @@ -12698,39 +14395,39 @@ msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS p msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." -#: ../../configuration/system/option.rst:61 +#: ../../configuration/system/option.rst:81 msgid "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." msgstr "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." -#: ../../configuration/system/option.rst:66 +#: ../../configuration/system/option.rst:86 msgid "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." msgstr "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:185 msgid "Severity" msgstr "Severity" -#: ../../configuration/system/syslog.rst:164 +#: ../../configuration/system/syslog.rst:182 msgid "Severity Level" msgstr "Severity Level" -#: ../../configuration/trafficpolicy/index.rst:1017 +#: ../../configuration/trafficpolicy/index.rst:1067 msgid "Shaper" msgstr "Shaper" -#: ../../configuration/interfaces/wireless.rst:282 +#: ../../configuration/interfaces/wireless.rst:319 msgid "Short GI capabilities" msgstr "Short GI capabilities" -#: ../../configuration/interfaces/wireless.rst:204 +#: ../../configuration/interfaces/wireless.rst:235 msgid "Short GI capabilities for 20 and 40 MHz" msgstr "Short GI capabilities for 20 and 40 MHz" -#: ../../configuration/trafficpolicy/index.rst:923 +#: ../../configuration/trafficpolicy/index.rst:973 msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." -#: ../../configuration/vrf/index.rst:507 +#: ../../configuration/vrf/index.rst:503 msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." @@ -12739,17 +14436,21 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the msgid "Show" msgstr "Show" +#: ../../configuration/nat/cgnat.rst:170 +msgid "Show CGNAT allocations" +msgstr "Show CGNAT allocations" + #: ../../configuration/service/dhcp-server.rst:475 msgid "Show DHCP server daemon log file" msgstr "Show DHCP server daemon log file" -#: ../../configuration/service/dhcp-server.rst:729 +#: ../../configuration/service/dhcp-server.rst:759 msgid "Show DHCPv6 server daemon log file" msgstr "Show DHCPv6 server daemon log file" -#: ../../configuration/firewall/bridge.rst:306 -#: ../../configuration/firewall/ipv4.rst:1138 -#: ../../configuration/firewall/ipv6.rst:1138 +#: ../../configuration/firewall/bridge.rst:471 +#: ../../configuration/firewall/ipv4.rst:1242 +#: ../../configuration/firewall/ipv6.rst:1248 msgid "Show Firewall log" msgstr "Show Firewall log" @@ -12757,19 +14458,19 @@ msgstr "Show Firewall log" msgid "Show LLDP neighbors connected via interface `<interface>`." msgstr "Show LLDP neighbors connected via interface `<interface>`." -#: ../../configuration/service/ssh.rst:232 +#: ../../configuration/service/ssh.rst:252 msgid "Show SSH dynamic-protection log." msgstr "Show SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:224 +#: ../../configuration/service/ssh.rst:244 msgid "Show SSH server log." msgstr "Show SSH server log." -#: ../../configuration/service/ssh.rst:248 +#: ../../configuration/service/ssh.rst:268 msgid "Show SSH server public key fingerprints, including a visual ASCII art representation." msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation." -#: ../../configuration/service/ssh.rst:244 +#: ../../configuration/service/ssh.rst:264 msgid "Show SSH server public key fingerprints." msgstr "Show SSH server public key fingerprints." @@ -12813,7 +14514,11 @@ msgstr "Show WWAN module model." msgid "Show WWAN module signal strength." msgstr "Show WWAN module signal strength." -#: ../../configuration/container/index.rst:199 +#: ../../configuration/vpn/ipsec.rst:630 +msgid "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." +msgstr "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." + +#: ../../configuration/container/index.rst:254 msgid "Show a list available container networks" msgstr "Show a list available container networks" @@ -12829,11 +14534,43 @@ msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`." msgid "Show a list of installed certificates" msgstr "Show a list of installed certificates" +#: ../../configuration/nat/cgnat.rst:159 +msgid "Show address and port allocations" +msgstr "Show address and port allocations" + #: ../../configuration/protocols/bfd.rst:105 msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:226 +#: ../../configuration/vpn/ipsec.rst:626 +msgid "Show all active IPsec Security Associations (SA)" +msgstr "Show all active IPsec Security Associations (SA)" + +#: ../../configuration/nat/cgnat.rst:163 +msgid "Show all allocations for an external IP address" +msgstr "Show all allocations for an external IP address" + +#: ../../configuration/nat/cgnat.rst:167 +msgid "Show all allocations for an internal IP address" +msgstr "Show all allocations for an internal IP address" + +#: ../../configuration/vpn/ipsec.rst:596 +msgid "Show all currently active IKE Security Associations." +msgstr "Show all currently active IKE Security Associations." + +#: ../../configuration/vpn/ipsec.rst:605 +msgid "Show all currently active IKE Security Associations (SA) for a specific peer." +msgstr "Show all currently active IKE Security Associations (SA) for a specific peer." + +#: ../../configuration/vpn/ipsec.rst:600 +msgid "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." +msgstr "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." + +#: ../../configuration/vpn/ipsec.rst:610 +msgid "Show all the configured pre-shared secret keys." +msgstr "Show all the configured pre-shared secret keys." + +#: ../../configuration/interfaces/ethernet.rst:242 msgid "Show available offloading functions on given `<interface>`" msgstr "Show available offloading functions on given `<interface>`" @@ -12841,17 +14578,17 @@ msgstr "Show available offloading functions on given `<interface>`" msgid "Show binded qat device interrupts to certain core." msgstr "Show binded qat device interrupts to certain core." -#: ../../configuration/interfaces/bridge.rst:292 +#: ../../configuration/interfaces/bridge.rst:291 msgid "Show bridge `<name>` fdb displays the current forwarding table:" msgstr "Show bridge `<name>` fdb displays the current forwarding table:" -#: ../../configuration/interfaces/bridge.rst:319 +#: ../../configuration/interfaces/bridge.rst:318 msgid "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." msgstr "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." -#: ../../configuration/interfaces/bonding.rst:516 +#: ../../configuration/interfaces/bonding.rst:569 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:152 +#: ../../configuration/interfaces/ethernet.rst:168 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12889,13 +14626,13 @@ msgstr "Show detailed information about all learned Segment Routing Nodes" msgid "Show detailed information about prefix-sid and label learned" msgstr "Show detailed information about prefix-sid and label learned" -#: ../../configuration/interfaces/bonding.rst:548 +#: ../../configuration/interfaces/bonding.rst:601 msgid "Show detailed information about the underlaying physical links on given bond `<interface>`." msgstr "Show detailed information about the underlaying physical links on given bond `<interface>`." -#: ../../configuration/interfaces/bonding.rst:531 +#: ../../configuration/interfaces/bonding.rst:584 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:166 +#: ../../configuration/interfaces/ethernet.rst:182 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12911,11 +14648,15 @@ msgstr "Show detailed information on the given loopback interface `lo`." msgid "Show detailed information summary on given `<interface>`" msgstr "Show detailed information summary on given `<interface>`" -#: ../../configuration/system/flow-accounting.rst:182 +#: ../../configuration/vpn/ipsec.rst:618 +msgid "Show details of all available VPN connections" +msgstr "Show details of all available VPN connections" + +#: ../../configuration/system/flow-accounting.rst:186 msgid "Show flow accounting information for given `<interface>`." msgstr "Show flow accounting information for given `<interface>`." -#: ../../configuration/system/flow-accounting.rst:199 +#: ../../configuration/system/flow-accounting.rst:203 msgid "Show flow accounting information for given `<interface>` for a specific host only." msgstr "Show flow accounting information for given `<interface>` for a specific host only." @@ -12927,19 +14668,23 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:185 +#: ../../configuration/interfaces/ethernet.rst:201 msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" -#: ../../configuration/service/ssh.rst:240 +#: ../../configuration/service/ssh.rst:260 msgid "Show list of IPs currently blocked by SSH dynamic-protection." msgstr "Show list of IPs currently blocked by SSH dynamic-protection." +#: ../../configuration/vpn/ipsec.rst:657 +msgid "Show logs for IPsec" +msgstr "Show logs for IPsec" + #: ../../configuration/service/mdns.rst:87 msgid "Show logs for mDNS repeater service." msgstr "Show logs for mDNS repeater service." -#: ../../configuration/container/index.rst:195 +#: ../../configuration/container/index.rst:250 msgid "Show logs from a given container" msgstr "Show logs from a given container" @@ -12947,7 +14692,7 @@ msgstr "Show logs from a given container" msgid "Show logs from all DHCP client processes." msgstr "Show logs from all DHCP client processes." -#: ../../configuration/service/dhcp-server.rst:733 +#: ../../configuration/service/dhcp-server.rst:763 msgid "Show logs from all DHCPv6 client processes." msgstr "Show logs from all DHCPv6 client processes." @@ -12955,7 +14700,7 @@ msgstr "Show logs from all DHCPv6 client processes." msgid "Show logs from specific `interface` DHCP client process." msgstr "Show logs from specific `interface` DHCP client process." -#: ../../configuration/service/dhcp-server.rst:737 +#: ../../configuration/service/dhcp-server.rst:767 msgid "Show logs from specific `interface` DHCPv6 client process." msgstr "Show logs from specific `interface` DHCPv6 client process." @@ -12968,11 +14713,11 @@ msgid "Show only information for specified certificate." msgstr "Show only information for specified certificate." #: ../../configuration/service/dhcp-server.rst:537 -#: ../../configuration/service/dhcp-server.rst:760 +#: ../../configuration/service/dhcp-server.rst:792 msgid "Show only leases in the specified pool." msgstr "Show only leases in the specified pool." -#: ../../configuration/service/dhcp-server.rst:769 +#: ../../configuration/service/dhcp-server.rst:801 msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" @@ -13012,15 +14757,19 @@ msgstr "Show the DHCP server statistics for the specified pool." msgid "Show the console server log." msgstr "Show the console server log." +#: ../../configuration/vpn/ipsec.rst:614 +msgid "Show the detailed status information of IKE charon process." +msgstr "Show the detailed status information of IKE charon process." + #: ../../configuration/system/acceleration.rst:46 msgid "Show the full config uploaded to the QAT device." msgstr "Show the full config uploaded to the QAT device." -#: ../../configuration/container/index.rst:187 +#: ../../configuration/container/index.rst:242 msgid "Show the list of all active containers." msgstr "Show the list of all active containers." -#: ../../configuration/container/index.rst:191 +#: ../../configuration/container/index.rst:246 msgid "Show the local container images." msgstr "Show the local container images." @@ -13028,15 +14777,15 @@ msgstr "Show the local container images." msgid "Show the logs of a specific Rule-Set." msgstr "Show the logs of a specific Rule-Set." -#: ../../configuration/firewall/bridge.rst:316 +#: ../../configuration/firewall/bridge.rst:481 msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv4.rst:1148 +#: ../../configuration/firewall/ipv4.rst:1252 msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv6.rst:1148 +#: ../../configuration/firewall/ipv6.rst:1258 msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." @@ -13045,7 +14794,11 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:258 +#: ../../configuration/vpn/ipsec.rst:639 +msgid "Show the status of running IPsec process and process ID." +msgstr "Show the status of running IPsec process and process ID." + +#: ../../configuration/interfaces/ethernet.rst:274 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13053,7 +14806,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgid "Showing BFD monitored static routes" msgstr "Showing BFD monitored static routes" -#: ../../configuration/service/dhcp-server.rst:745 +#: ../../configuration/service/dhcp-server.rst:775 msgid "Shows status of all assigned leases:" msgstr "Shows status of all assigned leases:" @@ -13085,6 +14838,10 @@ msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgid "Similar combinations are applicable for the dead-peer-detection." msgstr "Similar combinations are applicable for the dead-peer-detection." +#: ../../configuration/interfaces/bonding.rst:335 +msgid "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." +msgstr "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." + #: ../../configuration/protocols/babel.rst:190 msgid "Simple Babel configuration using 2 nodes and redistributing connected interfaces." msgstr "Simple Babel configuration using 2 nodes and redistributing connected interfaces." @@ -13105,16 +14862,28 @@ msgstr "Simple text password authentication is insecure and deprecated in favour msgid "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." msgstr "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." +msgstr "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." + +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." +msgstr "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." + #: ../../configuration/interfaces/openvpn.rst:395 msgid "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." msgstr "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +#: ../../configuration/interfaces/openvpn.rst:399 +msgid "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +msgstr "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." + #: ../../configuration/vpn/l2tp.rst:151 msgid "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." msgstr "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." -#: ../../configuration/service/ipoe-server.rst:131 -#: ../../configuration/service/pppoe-server.rst:93 +#: ../../configuration/service/ipoe-server.rst:130 +#: ../../configuration/service/pppoe-server.rst:94 #: ../../configuration/vpn/l2tp.rst:136 #: ../../configuration/vpn/pptp.rst:76 #: ../../configuration/vpn/sstp.rst:109 @@ -13130,6 +14899,10 @@ msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` record msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." #: ../../configuration/service/ids.rst:98 +msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" +msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" + +#: ../../configuration/service/ids.rst:98 msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" @@ -13137,6 +14910,10 @@ msgstr "Since we are analyzing attacks to and from our internal network, two typ msgid "Single VXLAN device (SVD)" msgstr "Single VXLAN device (SVD)" +#: ../../configuration/nat/cgnat.rst:111 +msgid "Single external address" +msgstr "Single external address" + #: ../../configuration/interfaces/openvpn.rst:39 #: ../../configuration/vpn/site2site_ipsec.rst:4 msgid "Site-to-Site" @@ -13186,8 +14963,8 @@ msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specif msgid "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." msgstr "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." -#: ../../configuration/service/ipoe-server.rst:140 -#: ../../configuration/service/pppoe-server.rst:102 +#: ../../configuration/service/ipoe-server.rst:139 +#: ../../configuration/service/pppoe-server.rst:103 #: ../../configuration/vpn/pptp.rst:85 #: ../../configuration/vpn/sstp.rst:118 msgid "Some RADIUS severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." @@ -13201,7 +14978,7 @@ msgstr "Some RADIUS_ severs use an access control list which allows or denies qu msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." -#: ../../configuration/container/index.rst:171 +#: ../../configuration/container/index.rst:226 msgid "Some container registries require credentials to be used." msgstr "Some container registries require credentials to be used." @@ -13213,14 +14990,18 @@ msgstr "Some firewall settings are global and have an affect on the whole system msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." -#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:377 msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." -#: ../../configuration/trafficpolicy/index.rst:342 +#: ../../configuration/trafficpolicy/index.rst:392 msgid "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." msgstr "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." +#: ../../configuration/loadbalancing/haproxy.rst:237 +msgid "Some possible examples are:" +msgstr "Some possible examples are:" + #: ../../configuration/system/proxy.rst:27 msgid "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." msgstr "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." @@ -13241,11 +15022,11 @@ msgstr "Some services don't work correctly when being handled via a web proxy. S msgid "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." msgstr "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." -#: ../../configuration/interfaces/openvpn.rst:651 +#: ../../configuration/interfaces/openvpn.rst:665 msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." -#: ../../configuration/service/dhcp-server.rst:764 +#: ../../configuration/service/dhcp-server.rst:796 msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" @@ -13261,10 +15042,10 @@ msgstr "Source Address" msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." -#: ../../configuration/service/ipoe-server.rst:152 -#: ../../configuration/service/ipoe-server.rst:208 -#: ../../configuration/service/pppoe-server.rst:114 -#: ../../configuration/service/pppoe-server.rst:170 +#: ../../configuration/service/ipoe-server.rst:151 +#: ../../configuration/service/ipoe-server.rst:207 +#: ../../configuration/service/pppoe-server.rst:116 +#: ../../configuration/service/pppoe-server.rst:184 #: ../../configuration/vpn/l2tp.rst:157 #: ../../configuration/vpn/l2tp.rst:213 #: ../../configuration/vpn/pptp.rst:97 @@ -13282,11 +15063,11 @@ msgstr "Source NAT rules" msgid "Source Prefix" msgstr "Source Prefix" -#: ../../configuration/system/login.rst:280 +#: ../../configuration/system/login.rst:286 msgid "Source all connections to the RADIUS servers from given VRF `<name>`." msgstr "Source all connections to the RADIUS servers from given VRF `<name>`." -#: ../../configuration/system/login.rst:349 +#: ../../configuration/system/login.rst:355 msgid "Source all connections to the TACACS servers from given VRF `<name>`." msgstr "Source all connections to the TACACS servers from given VRF `<name>`." @@ -13294,7 +15075,7 @@ msgstr "Source all connections to the TACACS servers from given VRF `<name>`." msgid "Source protocol to match." msgstr "Source protocol to match." -#: ../../configuration/vpn/ipsec.rst:229 +#: ../../configuration/vpn/ipsec.rst:249 msgid "Source tunnel from dummy interface" msgstr "Source tunnel from dummy interface" @@ -13314,7 +15095,7 @@ msgstr "Spanning Tree Protocol hello advertisement `<interval>` in seconds (defa msgid "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." msgstr "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." -#: ../../configuration/interfaces/wireless.rst:209 +#: ../../configuration/interfaces/wireless.rst:240 msgid "Spatial Multiplexing Power Save (SMPS) settings" msgstr "Spatial Multiplexing Power Save (SMPS) settings" @@ -13322,36 +15103,36 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings" msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." -#: ../../configuration/service/ipoe-server.rst:178 -#: ../../configuration/service/pppoe-server.rst:140 +#: ../../configuration/service/ipoe-server.rst:177 +#: ../../configuration/service/pppoe-server.rst:147 #: ../../configuration/vpn/l2tp.rst:183 #: ../../configuration/vpn/pptp.rst:123 #: ../../configuration/vpn/sstp.rst:156 msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/service/pppoe-server.rst:470 -#: ../../configuration/vpn/l2tp.rst:424 +#: ../../configuration/service/pppoe-server.rst:495 +#: ../../configuration/vpn/l2tp.rst:427 #: ../../configuration/vpn/pptp.rst:348 -#: ../../configuration/vpn/sstp.rst:382 +#: ../../configuration/vpn/sstp.rst:385 msgid "Specifies IPv4 negotiation preference." msgstr "Specifies IPv4 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:345 -#: ../../configuration/vpn/l2tp.rst:289 +#: ../../configuration/service/pppoe-server.rst:365 +#: ../../configuration/vpn/l2tp.rst:292 #: ../../configuration/vpn/pptp.rst:213 -#: ../../configuration/vpn/sstp.rst:247 +#: ../../configuration/vpn/sstp.rst:250 msgid "Specifies IPv6 negotiation preference." msgstr "Specifies IPv6 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:552 +#: ../../configuration/service/pppoe-server.rst:577 msgid "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" msgstr "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" -#: ../../configuration/service/pppoe-server.rst:502 -#: ../../configuration/vpn/l2tp.rst:456 +#: ../../configuration/service/pppoe-server.rst:527 +#: ../../configuration/vpn/l2tp.rst:460 #: ../../configuration/vpn/pptp.rst:380 -#: ../../configuration/vpn/sstp.rst:414 +#: ../../configuration/vpn/sstp.rst:418 msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." @@ -13363,7 +15144,7 @@ msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioatio msgid "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." msgstr "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." -#: ../../configuration/vrf/index.rst:496 +#: ../../configuration/vrf/index.rst:492 msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." @@ -13371,10 +15152,8 @@ msgstr "Specifies an optional route-map to be applied to routes imported or expo msgid "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." msgstr "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." -#: ../../configuration/service/pppoe-server.rst:388 -#: ../../configuration/vpn/l2tp.rst:332 +#: ../../configuration/service/pppoe-server.rst:409 #: ../../configuration/vpn/pptp.rst:256 -#: ../../configuration/vpn/sstp.rst:290 msgid "Specifies fixed or random interface identifier for IPv6. By default is fixed." msgstr "Specifies fixed or random interface identifier for IPv6. By default is fixed." @@ -13382,14 +15161,22 @@ msgstr "Specifies fixed or random interface identifier for IPv6. By default is f msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." +#: ../../configuration/vpn/l2tp.rst:335 +#: ../../configuration/vpn/sstp.rst:293 +msgid "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." +msgstr "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." + #: ../../configuration/interfaces/vxlan.rst:89 msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." -#: ../../configuration/service/pppoe-server.rst:462 -#: ../../configuration/vpn/l2tp.rst:416 +#: ../../configuration/vpn/l2tp.rst:419 +#: ../../configuration/vpn/sstp.rst:377 +msgid "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." +msgstr "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." + +#: ../../configuration/service/pppoe-server.rst:486 #: ../../configuration/vpn/pptp.rst:340 -#: ../../configuration/vpn/sstp.rst:374 msgid "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." msgstr "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." @@ -13397,10 +15184,8 @@ msgstr "Specifies number of interfaces to keep in cache. It means that don’t d msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" -#: ../../configuration/service/pppoe-server.rst:396 -#: ../../configuration/vpn/l2tp.rst:340 +#: ../../configuration/service/pppoe-server.rst:418 #: ../../configuration/vpn/pptp.rst:264 -#: ../../configuration/vpn/sstp.rst:298 msgid "Specifies peer interface identifier for IPv6. By default is fixed." msgstr "Specifies peer interface identifier for IPv6. By default is fixed." @@ -13408,7 +15193,7 @@ msgstr "Specifies peer interface identifier for IPv6. By default is fixed." msgid "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." msgstr "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." -#: ../../configuration/service/ipoe-server.rst:348 +#: ../../configuration/service/ipoe-server.rst:347 msgid "Specifies relay agent IP addre" msgstr "Specifies relay agent IP addre" @@ -13423,11 +15208,11 @@ msgstr "Specifies single `<gateway>` IP address to be used as local address of P msgid "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." msgstr "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." -#: ../../configuration/interfaces/bonding.rst:245 +#: ../../configuration/interfaces/bonding.rst:250 msgid "Specifies the ARP link monitoring `<time>` in seconds." msgstr "Specifies the ARP link monitoring `<time>` in seconds." -#: ../../configuration/interfaces/bonding.rst:264 +#: ../../configuration/interfaces/bonding.rst:269 msgid "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." msgstr "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." @@ -13435,10 +15220,18 @@ msgstr "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:` msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." +#: ../../configuration/service/ssh.rst:69 +msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." +msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." + #: ../../configuration/service/webproxy.rst:207 msgid "Specifies the base DN under which the users are located." msgstr "Specifies the base DN under which the users are located." +#: ../../configuration/service/ipoe-server.rst:88 +msgid "Specifies the client connectivity mode." +msgstr "Specifies the client connectivity mode." + #: ../../configuration/service/dhcp-server.rst:295 msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." @@ -13448,7 +15241,7 @@ msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet decla msgid "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." msgstr "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." -#: ../../configuration/system/flow-accounting.rst:132 +#: ../../configuration/system/flow-accounting.rst:136 msgid "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." msgstr "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." @@ -13464,6 +15257,11 @@ msgstr "Specifies the minimum number of links that must be active before asserti msgid "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." msgstr "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." +#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/vpn/sstp.rst:301 +msgid "Specifies the peer interface identifier for IPv6. The default is fixed." +msgstr "Specifies the peer interface identifier for IPv6. The default is fixed." + #: ../../configuration/interfaces/pseudo-ethernet.rst:59 msgid "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." msgstr "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." @@ -13476,30 +15274,43 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4 msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." -#: ../../configuration/vrf/index.rst:471 +#: ../../configuration/vrf/index.rst:467 msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." -#: ../../configuration/vrf/index.rst:464 +#: ../../configuration/vrf/index.rst:460 msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." -#: ../../configuration/service/ipoe-server.rst:224 -#: ../../configuration/service/pppoe-server.rst:186 -#: ../../configuration/vpn/l2tp.rst:229 -#: ../../configuration/vpn/pptp.rst:169 +#: ../../configuration/service/ssh.rst:115 +msgid "Specifies the signature algorithms that will be accepted for public key authentication" +msgstr "Specifies the signature algorithms that will be accepted for public key authentication" + #: ../../configuration/vpn/sstp.rst:202 +msgid "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/service/ipoe-server.rst:223 +#: ../../configuration/service/pppoe-server.rst:203 +#: ../../configuration/vpn/pptp.rst:169 msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." +#: ../../configuration/vpn/l2tp.rst:229 +msgid "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/vpn/l2tp.rst:447 +#: ../../configuration/vpn/sstp.rst:405 +msgid "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." +msgstr "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." + #: ../../configuration/vpn/sstp.rst:194 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." -#: ../../configuration/service/pppoe-server.rst:490 -#: ../../configuration/vpn/l2tp.rst:444 +#: ../../configuration/service/pppoe-server.rst:515 #: ../../configuration/vpn/pptp.rst:368 -#: ../../configuration/vpn/sstp.rst:402 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." @@ -13515,18 +15326,18 @@ msgstr "Specifies whether the VXLAN device is capable of vni filtering." msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." -#: ../../configuration/service/ipoe-server.rst:212 +#: ../../configuration/service/ipoe-server.rst:211 #: ../../configuration/vpn/l2tp.rst:217 #: ../../configuration/vpn/pptp.rst:157 #: ../../configuration/vpn/sstp.rst:190 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." -#: ../../configuration/service/pppoe-server.rst:174 +#: ../../configuration/service/pppoe-server.rst:189 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." -#: ../../configuration/service/ipoe-server.rst:344 +#: ../../configuration/service/ipoe-server.rst:343 msgid "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." msgstr "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." @@ -13542,11 +15353,16 @@ msgstr "Specify IPv4 and/or IPv6 networks that should be protected/monitored." msgid "Specify IPv4 and/or IPv6 networks which are going to be excluded." msgstr "Specify IPv4 and/or IPv6 networks which are going to be excluded." -#: ../../configuration/firewall/ipv4.rst:424 -#: ../../configuration/firewall/ipv6.rst:408 +#: ../../configuration/firewall/ipv4.rst:448 +#: ../../configuration/firewall/ipv6.rst:436 msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." +#: ../../configuration/firewall/ipv4.rst:449 +#: ../../configuration/firewall/ipv6.rst:436 +msgid "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." +msgstr "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." + #: ../../configuration/service/dhcp-server.rst:609 msgid "Specify a NIS+ server address for DHCPv6 clients." msgstr "Specify a NIS+ server address for DHCPv6 clients." @@ -13567,7 +15383,7 @@ msgstr "Specify a range of group addresses via a prefix-list that forces PIM to msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed." msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed." -#: ../../configuration/service/ssh.rst:94 +#: ../../configuration/service/ssh.rst:95 msgid "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." msgstr "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." @@ -13579,17 +15395,23 @@ msgstr "Specify an alternate AS for this BGP process when interacting with the s msgid "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." msgstr "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." +#: ../../configuration/loadbalancing/haproxy.rst:56 +#: ../../configuration/loadbalancing/haproxy.rst:173 +#: ../../configuration/loadbalancing/haproxy.rst:201 +msgid "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." +msgstr "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." + #: ../../configuration/service/dns.rst:348 msgid "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." msgstr "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." -#: ../../configuration/service/ipoe-server.rst:339 +#: ../../configuration/service/ipoe-server.rst:338 msgid "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" msgstr "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" -#: ../../configuration/service/ntp.rst:84 -#: ../../configuration/service/ssh.rst:110 -#: ../../configuration/system/syslog.rst:79 +#: ../../configuration/service/ntp.rst:91 +#: ../../configuration/service/ssh.rst:111 +#: ../../configuration/system/syslog.rst:97 msgid "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." msgstr "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." @@ -13601,11 +15423,11 @@ msgstr "Specify nexthop on the path to the destination, ``ipv4-address`` can be msgid "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." msgstr "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." -#: ../../configuration/system/login.rst:249 +#: ../../configuration/system/login.rst:255 msgid "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." -#: ../../configuration/system/login.rst:318 +#: ../../configuration/system/login.rst:324 msgid "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." @@ -13617,6 +15439,10 @@ msgstr "Specify the IPv4 source address to use for the BGP session to this neigh msgid "Specify the LDAP server to connect to." msgstr "Specify the LDAP server to connect to." +#: ../../configuration/service/config-sync.rst:29 +msgid "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." +msgstr "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." @@ -13625,7 +15451,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:207 +#: ../../configuration/loadbalancing/haproxy.rst:196 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13637,6 +15463,10 @@ msgstr "Specify the plaintext password user by user `<name>` on this system. The msgid "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." msgstr "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." +#: ../../configuration/service/config-sync.rst:35 +msgid "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." +msgstr "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." + #: ../../configuration/system/time-zone.rst:13 msgid "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." msgstr "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." @@ -13649,15 +15479,19 @@ msgstr "Specify the time interval when `<task>` should be executed. The interval msgid "Specify timeout / update interval to check if IP address changed." msgstr "Specify timeout / update interval to check if IP address changed." -#: ../../configuration/service/ssh.rst:90 +#: ../../configuration/service/ssh.rst:91 msgid "Specify timeout interval for keepalive message in seconds." msgstr "Specify timeout interval for keepalive message in seconds." -#: ../../configuration/service/ipoe-server.rst:97 +#: ../../configuration/service/ipoe-server.rst:96 msgid "Specify where interface is shared by multiple users or it is vlan-per-user." msgstr "Specify where interface is shared by multiple users or it is vlan-per-user." #: ../../configuration/interfaces/vxlan.rst:191 +msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." +msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." + +#: ../../configuration/interfaces/vxlan.rst:191 msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." @@ -13685,6 +15519,24 @@ msgstr "Start Webserver in given VRF." msgid "Start by checking for IPSec SAs (Security Associations) with:" msgstr "Start by checking for IPSec SAs (Security Associations) with:" +#: ../../configuration/firewall/bridge.rst:392 +#: ../../configuration/firewall/ipv4.rst:986 +#: ../../configuration/firewall/ipv6.rst:976 +msgid "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." +msgstr "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + #: ../../configuration/firewall/zone.rst:9 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." @@ -13729,7 +15581,7 @@ msgstr "Static Keys" msgid "Static Routes" msgstr "Static Routes" -#: ../../configuration/interfaces/openvpn.rst:235 +#: ../../configuration/interfaces/openvpn.rst:237 msgid "Static Routing:" msgstr "Static Routing:" @@ -13742,12 +15594,12 @@ msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured man msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." #: ../../configuration/service/dhcp-server.rst:224 -#: ../../configuration/service/dhcp-server.rst:682 +#: ../../configuration/service/dhcp-server.rst:712 msgid "Static mappings" msgstr "Static mappings" #: ../../configuration/service/dhcp-server.rst:519 -#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/dhcp-server.rst:787 msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." @@ -13755,11 +15607,15 @@ msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server msgid "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." msgstr "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." -#: ../../configuration/interfaces/openvpn.rst:237 +#: ../../configuration/interfaces/openvpn.rst:239 msgid "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" msgstr "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" -#: ../../configuration/interfaces/wireless.rst:298 +#: ../../configuration/interfaces/wireless.rst:19 +msgid "Station mode acts as a Wi-Fi client accessing the network through an available WAP" +msgstr "Station mode acts as a Wi-Fi client accessing the network through an available WAP" + +#: ../../configuration/interfaces/wireless.rst:335 msgid "Station supports receiving VHT variant HT Control field" msgstr "Station supports receiving VHT variant HT Control field" @@ -13787,7 +15643,7 @@ msgstr "Summarisation starts only after this delay timer expiry." msgid "Supported Modules" msgstr "Supported Modules" -#: ../../configuration/interfaces/wireless.rst:150 +#: ../../configuration/interfaces/wireless.rst:180 msgid "Supported channel width set." msgstr "Supported channel width set." @@ -13799,7 +15655,7 @@ msgstr "Supported daemons:" msgid "Supported interface types:" msgstr "Supported interface types:" -#: ../../configuration/service/ssh.rst:198 +#: ../../configuration/service/ssh.rst:218 msgid "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." msgstr "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." @@ -13812,11 +15668,11 @@ msgstr "Supported versions of RIP are:" msgid "Supports as HELPER for configured grace period." msgstr "Supports as HELPER for configured grace period." -#: ../../configuration/vpn/ipsec.rst:182 +#: ../../configuration/vpn/ipsec.rst:202 msgid "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" msgstr "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" -#: ../../configuration/interfaces/openvpn.rst:338 +#: ../../configuration/interfaces/openvpn.rst:342 msgid "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." msgstr "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." @@ -13824,6 +15680,14 @@ msgstr "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints msgid "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." msgstr "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." +#: ../../configuration/service/suricata.rst:12 +msgid "Suricata Features" +msgstr "Suricata Features" + +#: ../../configuration/service/suricata.rst:7 +msgid "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." +msgstr "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." + #: ../../configuration/vpn/dmvpn.rst:108 msgid "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." msgstr "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." @@ -13832,18 +15696,22 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect msgid "Sync groups" msgstr "Sync groups" -#: ../../configuration/firewall/ipv4.rst:934 -#: ../../configuration/firewall/ipv6.rst:920 +#: ../../configuration/service/config-sync.rst:63 +msgid "Synchronize the time-zone and OSPF configuration from Router A to Router B" +msgstr "Synchronize the time-zone and OSPF configuration from Router A to Router B" + +#: ../../configuration/firewall/ipv4.rst:1035 +#: ../../configuration/firewall/ipv6.rst:1025 msgid "Synproxy" msgstr "Synproxy" -#: ../../configuration/firewall/ipv4.rst:935 -#: ../../configuration/firewall/ipv6.rst:921 +#: ../../configuration/firewall/ipv4.rst:1036 +#: ../../configuration/firewall/ipv6.rst:1026 msgid "Synproxy connections" msgstr "Synproxy connections" -#: ../../configuration/firewall/ipv4.rst:952 -#: ../../configuration/firewall/ipv6.rst:938 +#: ../../configuration/firewall/ipv4.rst:1057 +#: ../../configuration/firewall/ipv6.rst:1047 msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" @@ -13863,11 +15731,15 @@ msgstr "Syslog" msgid "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." msgstr "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." +#: ../../configuration/system/syslog.rst:66 +msgid "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." +msgstr "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." + #: ../../configuration/system/syslog.rst:48 msgid "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." msgstr "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." -#: ../../configuration/system/syslog.rst:42 +#: ../../configuration/system/syslog.rst:60 msgid "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." msgstr "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." @@ -13891,6 +15763,10 @@ msgstr "System Name and Description" msgid "System Proxy" msgstr "System Proxy" +#: ../../configuration/interfaces/wireless.rst:40 +msgid "System Wide configuration" +msgstr "System Wide configuration" + #: ../../configuration/service/lldp.rst:30 msgid "System capabilities (switching, routing, etc.)" msgstr "System capabilities (switching, routing, etc.)" @@ -13900,43 +15776,52 @@ msgstr "System capabilities (switching, routing, etc.)" msgid "System configuration commands" msgstr "System configuration commands" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "System daemons" msgstr "System daemons" #: ../../configuration/protocols/isis.rst:57 +#: ../../configuration/protocols/openfabric.rst:47 +msgid "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." +msgstr "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." + +#: ../../configuration/protocols/isis.rst:57 msgid "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." msgstr "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "System is unusable - a panic condition" msgstr "System is unusable - a panic condition" -#: ../../configuration/system/login.rst:303 +#: ../../configuration/system/login.rst:309 msgid "TACACS+" msgstr "TACACS+" -#: ../../configuration/system/login.rst:422 +#: ../../configuration/system/login.rst:428 msgid "TACACS Example" msgstr "TACACS Example" -#: ../../configuration/system/login.rst:309 +#: ../../configuration/system/login.rst:315 msgid "TACACS is defined in :rfc:`8907`." msgstr "TACACS is defined in :rfc:`8907`." -#: ../../configuration/system/login.rst:339 +#: ../../configuration/system/login.rst:345 msgid "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." msgstr "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." #: ../../configuration/protocols/static.rst:173 -#: ../../configuration/system/flow-accounting.rst:83 +#: ../../configuration/system/flow-accounting.rst:87 msgid "TBD" msgstr "TBD" -#: ../../configuration/vrf/index.rst:40 +#: ../../configuration/vrf/index.rst:36 msgid "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." msgstr "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." +#: ../../configuration/loadbalancing/haproxy.rst:242 +msgid "TCP checks" +msgstr "TCP checks" + #: ../../configuration/service/tftp-server.rst:5 msgid "TFTP Server" msgstr "TFTP Server" @@ -13953,6 +15838,10 @@ msgstr "Task Scheduler" msgid "Telegraf" msgstr "Telegraf" +#: ../../configuration/service/monitoring.rst:136 +msgid "Telegraf can be used to send logs to Loki using tags as labels." +msgstr "Telegraf can be used to send logs to Loki using tags as labels." + #: ../../configuration/service/monitoring.rst:6 msgid "Telegraf output plugin azure-data-explorer_" msgstr "Telegraf output plugin azure-data-explorer_" @@ -13981,23 +15870,27 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" -#: ../../configuration/service/ipoe-server.rst:170 -#: ../../configuration/service/pppoe-server.rst:132 +#: ../../configuration/interfaces/wireless.rst:343 +msgid "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." +msgstr "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." + +#: ../../configuration/service/ipoe-server.rst:169 +#: ../../configuration/service/pppoe-server.rst:137 #: ../../configuration/vpn/l2tp.rst:175 #: ../../configuration/vpn/pptp.rst:115 #: ../../configuration/vpn/sstp.rst:148 msgid "Temporary disable this RADIUS server." msgstr "Temporary disable this RADIUS server." -#: ../../configuration/system/login.rst:262 +#: ../../configuration/system/login.rst:268 msgid "Temporary disable this RADIUS server. It won't be queried." msgstr "Temporary disable this RADIUS server. It won't be queried." -#: ../../configuration/system/login.rst:331 +#: ../../configuration/system/login.rst:337 msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:286 +#: ../../configuration/loadbalancing/haproxy.rst:338 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -14033,7 +15926,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1262 +#: ../../configuration/trafficpolicy/index.rst:1312 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -14041,7 +15934,7 @@ msgstr "That is how it is possible to do the so-called \"ingress shaping\"." msgid "That looks good - we defined 2 tunnels and they're both up and running." msgstr "That looks good - we defined 2 tunnels and they're both up and running." -#: ../../configuration/interfaces/bonding.rst:247 +#: ../../configuration/interfaces/bonding.rst:252 msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." @@ -14053,14 +15946,19 @@ msgstr "The ASP has documented their IPSec requirements:" msgid "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." msgstr "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." -#: ../../configuration/vrf/index.rst:113 +#: ../../configuration/vrf/index.rst:109 msgid "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." msgstr "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." #: ../../configuration/protocols/isis.rst:50 +#: ../../configuration/protocols/openfabric.rst:40 msgid "The CLNS address consists of the following parts:" msgstr "The CLNS address consists of the following parts:" +#: ../../configuration/interfaces/bonding.rst:328 +msgid "The DF preference is configurable per-ES." +msgstr "The DF preference is configurable per-ES." + #: ../../_include/interface-dhcpv6-options.txt:4 msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." @@ -14073,11 +15971,11 @@ msgstr "The DN and password to bind as while performing searches." msgid "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." msgstr "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." -#: ../../configuration/trafficpolicy/index.rst:446 +#: ../../configuration/trafficpolicy/index.rst:496 msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:256 +#: ../../configuration/loadbalancing/haproxy.rst:308 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14085,7 +15983,7 @@ msgstr "The HTTP service listen on TCP port 80." msgid "The IP address of the internal system we wish to forward traffic to." msgstr "The IP address of the internal system we wish to forward traffic to." -#: ../../configuration/interfaces/wireless.rst:604 +#: ../../configuration/interfaces/wireless.rst:916 msgid "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" msgstr "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" @@ -14101,7 +15999,11 @@ msgstr "The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in Vy msgid "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" -#: ../../configuration/trafficpolicy/index.rst:694 +#: ../../configuration/service/ntp.rst:176 +msgid "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." +msgstr "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." + +#: ../../configuration/trafficpolicy/index.rst:744 msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." @@ -14117,7 +16019,7 @@ msgstr "The RADIUS dictionaries in VyOS are located at ``/usr/share/accel-ppp/ra msgid "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." msgstr "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." -#: ../../configuration/trafficpolicy/index.rst:1023 +#: ../../configuration/trafficpolicy/index.rst:1073 msgid "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." msgstr "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." @@ -14125,6 +16027,10 @@ msgstr "The Shaper policy does not guarantee a low delay, but it does guarantee msgid "The UDP port number used by your apllication. It is mandatory for this kind of operation." msgstr "The UDP port number used by your apllication. It is mandatory for this kind of operation." +#: ../../configuration/service/broadcast-relay.rst:38 +msgid "The UDP port number used by your application. It is mandatory for this kind of operation." +msgstr "The UDP port number used by your application. It is mandatory for this kind of operation." + #: ../../configuration/interfaces/vxlan.rst:23 msgid "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." msgstr "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." @@ -14157,8 +16063,12 @@ msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certif msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." -#: ../../configuration/interfaces/wireless.rst:347 -#: ../../configuration/interfaces/wireless.rst:547 +#: ../../configuration/container/index.rst:7 +msgid "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." +msgstr "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." + +#: ../../configuration/interfaces/wireless.rst:458 +#: ../../configuration/interfaces/wireless.rst:671 msgid "The WAP in this example has the following characteristics:" msgstr "The WAP in this example has the following characteristics:" @@ -14178,6 +16088,10 @@ msgstr "The :abbr:`DNPTv6 (Destination IPv6-to-IPv6 Network Prefix Translation)` msgid "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." msgstr "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." +#: ../../configuration/interfaces/wireless.rst:9 +msgid "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." +msgstr "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." + #: ../../configuration/nat/nat66.rst:75 msgid "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." msgstr "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." @@ -14194,7 +16108,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:345 +#: ../../configuration/loadbalancing/haproxy.rst:399 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14202,11 +16116,11 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:289 +#: ../../configuration/loadbalancing/haproxy.rst:341 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:342 +#: ../../configuration/loadbalancing/haproxy.rst:396 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14214,23 +16128,30 @@ msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." +#: ../../configuration/loadbalancing/haproxy.rst:344 +msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." +msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." + #: ../../configuration/loadbalancing/reverse-proxy.rst:251 msgid "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/interfaces/openvpn.rst:66 +#: ../../configuration/interfaces/openvpn.rst:67 msgid "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." msgstr "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." -#: ../../configuration/service/ipoe-server.rst:154 -#: ../../configuration/service/pppoe-server.rst:116 -#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/service/ipoe-server.rst:153 +#: ../../configuration/service/pppoe-server.rst:118 #: ../../configuration/vpn/pptp.rst:99 -#: ../../configuration/vpn/sstp.rst:132 msgid "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." msgstr "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." -#: ../../configuration/interfaces/bridge.rst:279 +#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/vpn/sstp.rst:132 +msgid "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." +msgstr "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." + +#: ../../configuration/interfaces/bridge.rst:278 msgid "The `show bridge` operational command can be used to display configured bridges:" msgstr "The `show bridge` operational command can be used to display configured bridges:" @@ -14238,11 +16159,15 @@ msgstr "The `show bridge` operational command can be used to display configured msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." -#: ../../configuration/firewall/ipv4.rst:86 -#: ../../configuration/firewall/ipv6.rst:86 +#: ../../configuration/firewall/ipv4.rst:110 +#: ../../configuration/firewall/ipv6.rst:110 msgid "The action can be :" msgstr "The action can be :" +#: ../../configuration/service/config-sync.rst:64 +msgid "The address of Router B is 10.0.20.112 and the port used is 8443" +msgstr "The address of Router B is 10.0.20.112 and the port used is 8443" + #: ../../configuration/pki/index.rst:302 msgid "The address the server listens to during http-01 challenge" msgstr "The address the server listens to during http-01 challenge" @@ -14263,10 +16188,30 @@ msgstr "The amount of Duplicate Address Detection probes to send." msgid "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." msgstr "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/system/option.rst:57 +msgid "The available modes are:" +msgstr "The available modes are:" + +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "The available options for <match> are:" msgstr "The available options for <match> are:" +#: ../../configuration/firewall/ipv4.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." + #: ../../configuration/vpn/dmvpn.rst:175 msgid "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." msgstr "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." @@ -14275,11 +16220,20 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1247 +#: ../../configuration/trafficpolicy/index.rst:1297 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" -#: ../../configuration/service/pppoe-server.rst:644 +#: ../../configuration/service/ntp.rst:126 +msgid "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." +msgstr "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." + +#: ../../configuration/vpn/l2tp.rst:257 +#: ../../configuration/vpn/sstp.rst:230 +msgid "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." +msgstr "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." + +#: ../../configuration/service/pppoe-server.rst:669 msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." @@ -14299,7 +16253,11 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." -#: ../../configuration/service/pppoe-server.rst:305 +#: ../../configuration/interfaces/wireguard.rst:412 +msgid "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." +msgstr "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." + +#: ../../configuration/service/pppoe-server.rst:324 msgid "The command below enables it, assuming the RADIUS connection has been setup and is working." msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working." @@ -14311,20 +16269,36 @@ msgstr "The command displays current RIP status. It includes RIP timer, filterin msgid "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." +#: ../../configuration/container/index.rst:145 +msgid "The command translates to \"--cpus=<num>\" when the container is created." +msgstr "The command translates to \"--cpus=<num>\" when the container is created." + +#: ../../configuration/container/index.rst:60 +msgid "The command translates to \"--net host\" when the container is created." +msgstr "The command translates to \"--net host\" when the container is created." + +#: ../../configuration/container/index.rst:53 +msgid "The command translates to \"--pid host\" when the container is created." +msgstr "The command translates to \"--pid host\" when the container is created." + #: ../../configuration/nat/nat44.rst:32 msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" #: ../../configuration/service/dhcp-server.rst:266 -#: ../../configuration/service/dhcp-server.rst:661 -#: ../../configuration/service/dhcp-server.rst:705 +#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:735 msgid "The configuration will look as follows:" msgstr "The configuration will look as follows:" -#: ../../configuration/interfaces/openvpn.rst:253 +#: ../../configuration/interfaces/openvpn.rst:255 msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +#: ../../configuration/interfaces/openvpn.rst:255 +msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" + #: ../../configuration/service/conntrack-sync.rst:14 msgid "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." msgstr "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." @@ -14337,11 +16311,15 @@ msgstr "The connection tracking expect table contains one entry for each expecte msgid "The connection tracking table contains one entry for each connection being tracked by the system." msgstr "The connection tracking table contains one entry for each connection being tracked by the system." +#: ../../configuration/container/index.rst:49 +msgid "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." +msgstr "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." + #: ../../configuration/service/pppoe-server.rst:225 msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" -#: ../../configuration/service/pppoe-server.rst:299 +#: ../../configuration/service/pppoe-server.rst:318 msgid "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" msgstr "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" @@ -14421,7 +16399,7 @@ msgstr "The default value is 86400 seconds which corresponds to one day." msgid "The default value is slow." msgstr "The default value is slow." -#: ../../configuration/trafficpolicy/index.rst:859 +#: ../../configuration/trafficpolicy/index.rst:909 msgid "The default values for the minimum-threshold depend on IP precedence:" msgstr "The default values for the minimum-threshold depend on IP precedence:" @@ -14467,7 +16445,7 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." -#: ../../configuration/service/pppoe-server.rst:627 +#: ../../configuration/service/pppoe-server.rst:652 msgid "The example below covers a dual-stack configuration." msgstr "The example below covers a dual-stack configuration." @@ -14475,15 +16453,19 @@ msgstr "The example below covers a dual-stack configuration." msgid "The example below covers a dual-stack configuration via pppoe-server." msgstr "The example below covers a dual-stack configuration via pppoe-server." -#: ../../configuration/service/pppoe-server.rst:606 +#: ../../configuration/service/pppoe-server.rst:631 msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." #: ../../configuration/service/ipoe-server.rst:34 +msgid "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." +msgstr "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." + +#: ../../configuration/service/ipoe-server.rst:34 msgid "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." msgstr "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." -#: ../../configuration/interfaces/wireless.rst:303 +#: ../../configuration/interfaces/wireless.rst:411 msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." @@ -14499,7 +16481,7 @@ msgstr "The firewall supports the creation of groups for addresses, domains, int msgid "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." msgstr "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." -#: ../../configuration/container/index.rst:50 +#: ../../configuration/container/index.rst:74 msgid "The first IP in the container network is reserved by the engine and cannot be used" msgstr "The first IP in the container network is reserved by the engine and cannot be used" @@ -14507,7 +16489,7 @@ msgstr "The first IP in the container network is reserved by the engine and cann msgid "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." msgstr "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." -#: ../../configuration/vpn/ipsec.rst:178 +#: ../../configuration/vpn/ipsec.rst:198 msgid "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." @@ -14523,10 +16505,14 @@ msgstr "The first ip address is the RP's address and the second value is the mat msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." -#: ../../configuration/vpn/sstp.rst:484 +#: ../../configuration/vpn/sstp.rst:494 msgid "The following PPP configuration tests MSCHAP-v2:" msgstr "The following PPP configuration tests MSCHAP-v2:" +#: ../../configuration/service/ntp.rst:158 +msgid "The following `receive-filter` modes can be selected:" +msgstr "The following `receive-filter` modes can be selected:" + #: ../../configuration/system/login.rst:147 msgid "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" msgstr "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" @@ -14535,11 +16521,11 @@ msgstr "The following command can be used to generate the OTP key as well as the msgid "The following command uses the explicit-null label value for all the BGP instances." msgstr "The following command uses the explicit-null label value for all the BGP instances." -#: ../../configuration/interfaces/openvpn.rst:708 +#: ../../configuration/interfaces/openvpn.rst:849 msgid "The following commands let you check tunnel status." msgstr "The following commands let you check tunnel status." -#: ../../configuration/interfaces/openvpn.rst:727 +#: ../../configuration/interfaces/openvpn.rst:880 msgid "The following commands let you reset OpenVPN." msgstr "The following commands let you reset OpenVPN." @@ -14547,11 +16533,11 @@ msgstr "The following commands let you reset OpenVPN." msgid "The following commands translate to \"--net host\" when the container is created" msgstr "The following commands translate to \"--net host\" when the container is created" -#: ../../configuration/vrf/index.rst:120 +#: ../../configuration/vrf/index.rst:116 msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:253 +#: ../../configuration/loadbalancing/haproxy.rst:305 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14559,7 +16545,7 @@ msgstr "The following configuration demonstrates how to use VyOS to achieve load msgid "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" msgstr "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" -#: ../../configuration/interfaces/bonding.rst:293 +#: ../../configuration/interfaces/bonding.rst:346 msgid "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." msgstr "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." @@ -14567,11 +16553,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:287 +#: ../../configuration/loadbalancing/haproxy.rst:339 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:334 +#: ../../configuration/loadbalancing/haproxy.rst:388 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14587,7 +16573,7 @@ msgstr "The following configuration will setup a PPPoE session source from eth1 msgid "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." msgstr "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." -#: ../../configuration/interfaces/wireless.rst:543 +#: ../../configuration/interfaces/wireless.rst:667 msgid "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." msgstr "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." @@ -14595,7 +16581,7 @@ msgstr "The following example creates a WAP. When configuring multiple WAP inter msgid "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." msgstr "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." -#: ../../configuration/vrf/index.rst:256 +#: ../../configuration/vrf/index.rst:252 msgid "The following example topology was built using EVE-NG." msgstr "The following example topology was built using EVE-NG." @@ -14607,6 +16593,10 @@ msgstr "The following example will show how VyOS can be used to redirect web tra msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." +#: ../../configuration/interfaces/wireless.rst:726 +msgid "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" +msgstr "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" + #: ../../configuration/interfaces/wwan.rst:309 msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" @@ -14615,11 +16605,11 @@ msgstr "The following hardware modules have been tested successfully in an :ref: msgid "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." msgstr "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." -#: ../../configuration/vrf/index.rst:54 +#: ../../configuration/vrf/index.rst:50 msgid "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" msgstr "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" -#: ../../configuration/vrf/index.rst:64 +#: ../../configuration/vrf/index.rst:60 msgid "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" msgstr "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" @@ -14627,7 +16617,7 @@ msgstr "The following protocols can be used: any, babel, bgp, connected, isis, k msgid "The following structure respresent the cli structure." msgstr "The following structure respresent the cli structure." -#: ../../configuration/interfaces/bonding.rst:205 +#: ../../configuration/interfaces/bonding.rst:210 msgid "The formula for unfragmented TCP and UDP packets is" msgstr "The formula for unfragmented TCP and UDP packets is" @@ -14668,7 +16658,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w msgid "The hostname or IP address of the master" msgstr "The hostname or IP address of the master" -#: ../../configuration/service/dhcp-server.rst:693 +#: ../../configuration/service/dhcp-server.rst:723 msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." @@ -14680,6 +16670,10 @@ msgstr "The individual spoke configurations only differ in the local IP address msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." +#: ../../configuration/service/suricata.rst:64 +msgid "The interface that will be monitored by the Suricata service." +msgstr "The interface that will be monitored by the Suricata service." + #: ../../configuration/nat/nat44.rst:523 msgid "The interface traffic will be coming in on;" msgstr "The interface traffic will be coming in on;" @@ -14708,7 +16702,7 @@ msgstr "The last step is to define an interface route for 192.168.2.0/24 to get msgid "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." msgstr "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." -#: ../../configuration/trafficpolicy/index.rst:552 +#: ../../configuration/trafficpolicy/index.rst:602 msgid "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." msgstr "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." @@ -14724,7 +16718,7 @@ msgstr "The local IPv4 or IPv6 addresses to bind the DNS forwarder to. The forwa msgid "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." msgstr "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." -#: ../../configuration/interfaces/openvpn.rst:62 +#: ../../configuration/interfaces/openvpn.rst:63 msgid "The local site will have a subnet of 10.0.0.0/16." msgstr "The local site will have a subnet of 10.0.0.0/16." @@ -14732,7 +16726,11 @@ msgstr "The local site will have a subnet of 10.0.0.0/16." msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." -#: ../../configuration/firewall/index.rst:20 +#: ../../configuration/service/config-sync.rst:11 +msgid "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." +msgstr "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." + +#: ../../configuration/firewall/index.rst:25 msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" @@ -14740,11 +16738,11 @@ msgstr "The main points regarding this packet flow and terminology used in VyOS msgid "The main structure VyOS firewall cli is shown next:" msgstr "The main structure VyOS firewall cli is shown next:" -#: ../../configuration/firewall/index.rst:92 +#: ../../configuration/firewall/index.rst:125 msgid "The main structure of the VyOS firewall CLI is shown next:" msgstr "The main structure of the VyOS firewall CLI is shown next:" -#: ../../configuration/interfaces/bonding.rst:271 +#: ../../configuration/interfaces/bonding.rst:276 msgid "The maximum number of targets that can be specified is 16. The default value is no IP address." msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address." @@ -14752,7 +16750,7 @@ msgstr "The maximum number of targets that can be specified is 16. The default v msgid "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." msgstr "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." -#: ../../configuration/interfaces/bridge.rst:239 +#: ../../configuration/interfaces/bridge.rst:238 msgid "The member interface `eth1` is a trunk that allows VLAN 10 to pass" msgstr "The member interface `eth1` is a trunk that allows VLAN 10 to pass" @@ -14772,7 +16770,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:222 +#: ../../configuration/loadbalancing/haproxy.rst:274 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -14804,7 +16802,7 @@ msgstr "The number of milliseconds to wait for a remote authoritative server to msgid "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." msgstr "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." -#: ../../configuration/interfaces/openvpn.rst:64 +#: ../../configuration/interfaces/openvpn.rst:65 msgid "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." msgstr "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." @@ -14832,7 +16830,7 @@ msgstr "The outgoing interface to perform the translation on" msgid "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." msgstr "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." -#: ../../configuration/vpn/ipsec.rst:239 +#: ../../configuration/vpn/ipsec.rst:259 msgid "The peer names RIGHT and LEFT are used as informational text." msgstr "The peer names RIGHT and LEFT are used as informational text." @@ -14840,7 +16838,7 @@ msgstr "The peer names RIGHT and LEFT are used as informational text." msgid "The peer with lower priority will become the key server and start distributing SAKs." msgstr "The peer with lower priority will become the key server and start distributing SAKs." -#: ../../configuration/vrf/index.rst:200 +#: ../../configuration/vrf/index.rst:196 msgid "The ping command is used to test whether a network host is reachable or not." msgstr "The ping command is used to test whether a network host is reachable or not." @@ -14848,7 +16846,7 @@ msgstr "The ping command is used to test whether a network host is reachable or msgid "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." msgstr "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." -#: ../../configuration/interfaces/openvpn.rst:50 +#: ../../configuration/interfaces/openvpn.rst:51 msgid "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." msgstr "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." @@ -14868,7 +16866,7 @@ msgstr "The primary DHCP server uses address `192.168.189.252`" msgid "The primary and secondary statements determines whether the server is primary or secondary." msgstr "The primary and secondary statements determines whether the server is primary or secondary." -#: ../../configuration/interfaces/bonding.rst:240 +#: ../../configuration/interfaces/bonding.rst:245 msgid "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." msgstr "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." @@ -14880,7 +16878,7 @@ msgstr "The priority must be an integer number from 1 to 255. Higher priority va msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" -#: ../../configuration/vrf/index.rst:241 +#: ../../configuration/vrf/index.rst:237 msgid "The prompt is adjusted to reflect this change in both config and op-mode." msgstr "The prompt is adjusted to reflect this change in both config and op-mode." @@ -14900,11 +16898,11 @@ msgstr "The protocol overhead of L2TPv3 is also significantly bigger than MPLS." msgid "The proxy service in VyOS is based on Squid_ and some related modules." msgstr "The proxy service in VyOS is based on Squid_ and some related modules." -#: ../../configuration/interfaces/openvpn.rst:59 +#: ../../configuration/interfaces/openvpn.rst:60 msgid "The public IP address of the local side of the VPN will be 198.51.100.10." msgstr "The public IP address of the local side of the VPN will be 198.51.100.10." -#: ../../configuration/interfaces/openvpn.rst:60 +#: ../../configuration/interfaces/openvpn.rst:61 msgid "The public IP address of the remote side of the VPN will be 203.0.113.11." msgstr "The public IP address of the remote side of the VPN will be 203.0.113.11." @@ -14921,7 +16919,7 @@ msgstr "The regular expression matches if and only if the entire string matches msgid "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" msgstr "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" -#: ../../configuration/interfaces/openvpn.rst:63 +#: ../../configuration/interfaces/openvpn.rst:64 msgid "The remote site will have a subnet of 10.1.0.0/16." msgstr "The remote site will have a subnet of 10.1.0.0/16." @@ -14933,7 +16931,7 @@ msgstr "The remote user will use the openconnect client to connect to the router msgid "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." msgstr "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." -#: ../../configuration/interfaces/openvpn.rst:458 +#: ../../configuration/interfaces/openvpn.rst:462 msgid "The required config file may look like this:" msgstr "The required config file may look like this:" @@ -14949,7 +16947,7 @@ msgstr "The resulting configuration will look like:" msgid "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." msgstr "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." -#: ../../configuration/trafficpolicy/index.rst:963 +#: ../../configuration/trafficpolicy/index.rst:1013 msgid "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." msgstr "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." @@ -14977,7 +16975,7 @@ msgstr "The sFlow accounting based on hsflowd https://sflow.net/" msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." -#: ../../configuration/vpn/ipsec.rst:231 +#: ../../configuration/vpn/ipsec.rst:251 msgid "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." msgstr "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." @@ -15013,6 +17011,18 @@ msgstr "The speed (baudrate) of the console device. Supported values are:" msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." +#: ../../configuration/container/index.rst:175 +msgid "The subset of possible parameters are:" +msgstr "The subset of possible parameters are:" + +#: ../../configuration/interfaces/ethernet.rst:60 +msgid "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" +msgstr "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" + +#: ../../configuration/interfaces/bonding.rst:307 +msgid "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." +msgstr "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." + #: ../../configuration/system/lcd.rst:7 msgid "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." msgstr "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." @@ -15033,7 +17043,7 @@ msgstr "The task scheduler allows you to execute tasks on a given schedule. It m msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." -#: ../../configuration/interfaces/openvpn.rst:61 +#: ../../configuration/interfaces/openvpn.rst:62 msgid "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." msgstr "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." @@ -15049,10 +17059,10 @@ msgstr "The ultimate goal of classifying traffic is to give each class a differe msgid "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." -#: ../../configuration/service/pppoe-server.rst:222 -#: ../../configuration/vpn/l2tp.rst:265 +#: ../../configuration/service/pppoe-server.rst:241 +#: ../../configuration/vpn/l2tp.rst:268 #: ../../configuration/vpn/pptp.rst:205 -#: ../../configuration/vpn/sstp.rst:238 +#: ../../configuration/vpn/sstp.rst:241 msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." @@ -15072,10 +17082,18 @@ msgstr "The well known NAT64 prefix is ``64:ff9b::/96``" msgid "The window size must be between 1 and 21." msgstr "The window size must be between 1 and 21." -#: ../../configuration/interfaces/wireless.rst:340 +#: ../../configuration/interfaces/wireless.rst:343 msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +#: ../../configuration/interfaces/wireless.rst:451 +msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." + +#: ../../configuration/service/config-sync.rst:15 +msgid "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." +msgstr "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." + #: ../../configuration/service/ids.rst:125 msgid "Then, FastNetMon configuration:" msgstr "Then, FastNetMon configuration:" @@ -15088,11 +17106,15 @@ msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for th msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." -#: ../../configuration/interfaces/openvpn.rst:196 +#: ../../configuration/interfaces/openvpn.rst:363 +msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." +msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." + +#: ../../configuration/interfaces/openvpn.rst:198 msgid "Then you need to install the key on the remote router:" msgstr "Then you need to install the key on the remote router:" -#: ../../configuration/interfaces/openvpn.rst:202 +#: ../../configuration/interfaces/openvpn.rst:204 msgid "Then you need to set the key in your OpenVPN interface settings:" msgstr "Then you need to set the key in your OpenVPN interface settings:" @@ -15109,12 +17131,15 @@ msgstr "There are 3 default NTP server set. You are able to change them." msgid "There are a lot of matching criteria against which the package can be tested." msgstr "There are a lot of matching criteria against which the package can be tested." -#: ../../configuration/firewall/bridge.rst:221 -#: ../../configuration/firewall/ipv4.rst:303 -#: ../../configuration/firewall/ipv6.rst:303 +#: ../../configuration/firewall/ipv4.rst:328 +#: ../../configuration/firewall/ipv6.rst:328 msgid "There are a lot of matching criteria against which the packet can be tested." msgstr "There are a lot of matching criteria against which the packet can be tested." +#: ../../configuration/firewall/bridge.rst:326 +msgid "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." +msgstr "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." + #: ../../configuration/policy/route.rst:40 msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." @@ -15123,7 +17148,7 @@ msgstr "There are a lot of matching criteria options available, both for ``polic msgid "There are different parameters for getting prefix-list information:" msgstr "There are different parameters for getting prefix-list information:" -#: ../../configuration/interfaces/wireless.rst:157 +#: ../../configuration/interfaces/wireless.rst:188 msgid "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" msgstr "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" @@ -15131,7 +17156,7 @@ msgstr "There are limits on which channels can be used with HT40- and HT40+. Fol msgid "There are many parameters you will be able to use in order to match the traffic you want for a class:" msgstr "There are many parameters you will be able to use in order to match the traffic you want for a class:" -#: ../../configuration/system/flow-accounting.rst:96 +#: ../../configuration/system/flow-accounting.rst:100 msgid "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" msgstr "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" @@ -15183,7 +17208,11 @@ msgstr "These are the commands for a basic setup." msgid "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." msgstr "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." -#: ../../configuration/highavailability/index.rst:238 +#: ../../configuration/service/suricata.rst:29 +msgid "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." +msgstr "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." + +#: ../../configuration/highavailability/index.rst:242 msgid "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." msgstr "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." @@ -15199,6 +17228,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u msgid "They can be **decimal** prefixes." msgstr "They can be **decimal** prefixes." +#: ../../configuration/firewall/flowtables.rst:103 +msgid "Things to be considered in this setup:" +msgstr "Things to be considered in this setup:" + #: ../../configuration/firewall/flowtables.rst:102 msgid "Things to be considred in this setup:" msgstr "Things to be considred in this setup:" @@ -15207,20 +17240,20 @@ msgstr "Things to be considred in this setup:" msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/interfaces/bonding.rst:172 -#: ../../configuration/interfaces/bonding.rst:198 +#: ../../configuration/interfaces/bonding.rst:177 +#: ../../configuration/interfaces/bonding.rst:203 msgid "This algorithm is 802.3ad compliant." msgstr "This algorithm is 802.3ad compliant." -#: ../../configuration/interfaces/bonding.rst:224 +#: ../../configuration/interfaces/bonding.rst:229 msgid "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." msgstr "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." -#: ../../configuration/interfaces/bonding.rst:169 +#: ../../configuration/interfaces/bonding.rst:174 msgid "This algorithm will place all traffic to a particular network peer on the same slave." msgstr "This algorithm will place all traffic to a particular network peer on the same slave." -#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:195 msgid "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." @@ -15244,6 +17277,10 @@ msgstr "This article touches on 'classic' IP tunneling protocols." msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +#: ../../configuration/vpn/dmvpn.rst:164 +msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." + #: ../../configuration/policy/examples.rst:78 msgid "This can be confirmed using the ``show ip route table 100`` operational command." msgstr "This can be confirmed using the ``show ip route table 100`` operational command." @@ -15409,6 +17446,10 @@ msgstr "This command changes the eBGP behavior of FRR. By default FRR enables :r msgid "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." msgstr "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." +#: ../../configuration/protocols/openfabric.rst:70 +msgid "This command configures the authentication password for a routing domain, as clear text or md5 one." +msgstr "This command configures the authentication password for a routing domain, as clear text or md5 one." + #: ../../configuration/protocols/isis.rst:196 msgid "This command configures the authentication password for the interface." msgstr "This command configures the authentication password for the interface." @@ -15433,7 +17474,7 @@ msgstr "This command creates a new route-map policy, identified by <text>." msgid "This command creates a new rule in the IPv6 access list and defines an action." msgstr "This command creates a new rule in the IPv6 access list and defines an action." -#: ../../configuration/policy/prefix-list.rst:62 +#: ../../configuration/policy/prefix-list.rst:78 msgid "This command creates a new rule in the IPv6 prefix-list and defines an action." msgstr "This command creates a new rule in the IPv6 prefix-list and defines an action." @@ -15449,7 +17490,7 @@ msgstr "This command creates a new rule in the prefix-list and defines an action msgid "This command creates the new IPv6 access list, identified by <text>" msgstr "This command creates the new IPv6 access list, identified by <text>" -#: ../../configuration/policy/prefix-list.rst:54 +#: ../../configuration/policy/prefix-list.rst:70 msgid "This command creates the new IPv6 prefix-list policy, identified by <text>." msgstr "This command creates the new IPv6 prefix-list policy, identified by <text>." @@ -15669,6 +17710,10 @@ msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Spe msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." +#: ../../configuration/protocols/openfabric.rst:61 +msgid "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." +msgstr "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." + #: ../../configuration/protocols/rip.rst:27 msgid "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." msgstr "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." @@ -15677,6 +17722,10 @@ msgstr "This command enables RIP and sets the RIP enable interface by NETWORK. T msgid "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." msgstr "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." +#: ../../configuration/protocols/openfabric.rst:75 +msgid "This command enables :rfc:`6232` purge originator identification." +msgstr "This command enables :rfc:`6232` purge originator identification." + #: ../../configuration/protocols/isis.rst:106 msgid "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." msgstr "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." @@ -15697,10 +17746,22 @@ msgstr "This command enables sending timestamps with each Hello and IHU message msgid "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." msgstr "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." +#: ../../configuration/firewall/bridge.rst:437 +msgid "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" +msgstr "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" + +#: ../../configuration/firewall/bridge.rst:443 +msgid "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" +msgstr "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" + #: ../../configuration/protocols/bgp.rst:897 msgid "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." msgstr "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." +#: ../../configuration/protocols/openfabric.rst:116 +msgid "This command enables the passive mode for this interface." +msgstr "This command enables the passive mode for this interface." + #: ../../configuration/protocols/bgp.rst:467 msgid "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." msgstr "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." @@ -15717,7 +17778,7 @@ msgstr "This command forces the BGP speaker to report itself as the next hop for msgid "This command generate a default route into the RIP." msgstr "This command generate a default route into the RIP." -#: ../../configuration/interfaces/wireless.rst:484 +#: ../../configuration/interfaces/wireless.rst:608 msgid "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." @@ -15760,7 +17821,7 @@ msgstr "This command is specific to FRR and VyOS. The route command makes a stat msgid "This command is used for advertising IPv4 or IPv6 networks." msgstr "This command is used for advertising IPv4 or IPv6 networks." -#: ../../configuration/interfaces/wireless.rst:511 +#: ../../configuration/interfaces/wireless.rst:635 msgid "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." msgstr "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." @@ -15852,14 +17913,26 @@ msgstr "This command set the channel number that diversity routing uses for this msgid "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." msgstr "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." +#: ../../configuration/protocols/openfabric.rst:126 +msgid "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." +msgstr "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." + #: ../../configuration/protocols/isis.rst:275 msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +#: ../../configuration/protocols/openfabric.rst:150 +msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." + #: ../../configuration/protocols/isis.rst:266 msgid "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." msgstr "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." +#: ../../configuration/protocols/openfabric.rst:145 +msgid "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." +msgstr "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." + #: ../../configuration/protocols/ospf.rst:368 msgid "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." msgstr "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." @@ -15868,36 +17941,66 @@ msgstr "This command sets OSPF authentication key to a simple password. After se msgid "This command sets PSNP interval in seconds. The interval range is 0 to 127." msgstr "This command sets PSNP interval in seconds. The interval range is 0 to 127." +#: ../../configuration/protocols/openfabric.rst:132 +msgid "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." +msgstr "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." + #: ../../configuration/protocols/ospf.rst:443 #: ../../configuration/protocols/ospf.rst:1180 msgid "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." msgstr "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." +#: ../../configuration/protocols/openfabric.rst:88 +msgid "This command sets a static tier number to advertise as location in the fabric." +msgstr "This command sets a static tier number to advertise as location in the fabric." + #: ../../configuration/protocols/rip.rst:69 msgid "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." msgstr "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." +#: ../../configuration/protocols/openfabric.rst:111 +msgid "This command sets default metric for circuit. The metric range is 1 to 16777215." +msgstr "This command sets default metric for circuit. The metric range is 1 to 16777215." + #: ../../configuration/protocols/isis.rst:160 msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600." msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600." +#: ../../configuration/protocols/openfabric.rst:98 +msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." +msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." + #: ../../configuration/protocols/ospf.rst:391 #: ../../configuration/protocols/ospf.rst:1143 msgid "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." msgstr "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." +#: ../../configuration/protocols/openfabric.rst:140 +msgid "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." +msgstr "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:284 msgid "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." msgstr "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." +#: ../../configuration/protocols/openfabric.rst:159 +msgid "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." +msgstr "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:261 msgid "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." msgstr "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." #: ../../configuration/protocols/isis.rst:166 +#: ../../configuration/protocols/openfabric.rst:105 msgid "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." msgstr "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." +#: ../../configuration/protocols/isis.rst:42 +#: ../../configuration/protocols/openfabric.rst:32 +msgid "This command sets network entity title (NET) provided in ISO format." +msgstr "This command sets network entity title (NET) provided in ISO format." + #: ../../configuration/protocols/ospf.rst:458 #: ../../configuration/protocols/ospf.rst:1202 msgid "This command sets number of seconds for InfTransDelay value. It allows to set and adjust for each interface the delay interval before starting the synchronizing process of the router's database with all neighbors. The default value is 1 seconds. The interval range is 3 to 65535." @@ -15916,6 +18019,10 @@ msgstr "This command sets old-style (ISO 10589) or new style packet formats:" msgid "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." msgstr "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." +#: ../../configuration/protocols/openfabric.rst:79 +msgid "This command sets overload bit to avoid any transit traffic through this router." +msgstr "This command sets overload bit to avoid any transit traffic through this router." + #: ../../configuration/protocols/isis.rst:118 msgid "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." msgstr "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." @@ -15928,6 +18035,10 @@ msgstr "This command sets priority for the interface for :abbr:`DIS (Designated msgid "This command sets the administrative distance for a particular route. The distance range is 1 to 255." msgstr "This command sets the administrative distance for a particular route. The distance range is 1 to 255." +#: ../../configuration/protocols/openfabric.rst:121 +msgid "This command sets the authentication password for the interface." +msgstr "This command sets the authentication password for the interface." + #: ../../configuration/protocols/ospf.rst:239 msgid "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." msgstr "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." @@ -15980,7 +18091,7 @@ msgstr "This command sets the specified interface to passive mode. On passive mo msgid "This command should NOT be set normally." msgstr "This command should NOT be set normally." -#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:584 msgid "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." @@ -16282,11 +18393,11 @@ msgstr "This command will generate a default-route in L1 database." msgid "This command will generate a default-route in L2 database." msgstr "This command will generate a default-route in L2 database." -#: ../../configuration/firewall/ipv6.rst:1113 +#: ../../configuration/firewall/ipv6.rst:1223 msgid "This command will give an overview of a rule in a single rule-set" msgstr "This command will give an overview of a rule in a single rule-set" -#: ../../configuration/firewall/ipv4.rst:1114 +#: ../../configuration/firewall/ipv4.rst:1218 msgid "This command will give an overview of a rule in a single rule-set, plus information for default action." msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action." @@ -16294,8 +18405,8 @@ msgstr "This command will give an overview of a rule in a single rule-set, plus msgid "This command will give an overview of a rule in a single rule-set." msgstr "This command will give an overview of a rule in a single rule-set." -#: ../../configuration/firewall/ipv4.rst:1095 -#: ../../configuration/firewall/ipv6.rst:1088 +#: ../../configuration/firewall/ipv4.rst:1199 +#: ../../configuration/firewall/ipv6.rst:1198 msgid "This command will give an overview of a single rule-set." msgstr "This command will give an overview of a single rule-set." @@ -16315,11 +18426,11 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +#: ../../configuration/loadbalancing/haproxy.rst:421 msgid "This configuration enables HTTP health checks on backend servers." msgstr "This configuration enables HTTP health checks on backend servers." -#: ../../configuration/loadbalancing/reverse-proxy.rst:232 +#: ../../configuration/loadbalancing/haproxy.rst:284 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." @@ -16327,7 +18438,7 @@ msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/haproxy.rst:266 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16352,7 +18463,7 @@ msgstr "This configuration parameter lets you specify a vendor-option for the en msgid "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" msgstr "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" -#: ../../configuration/trafficpolicy/index.rst:628 +#: ../../configuration/trafficpolicy/index.rst:678 msgid "This could be helpful if you want to test how an application behaves under certain network conditions." msgstr "This could be helpful if you want to test how an application behaves under certain network conditions." @@ -16364,11 +18475,11 @@ msgstr "This creates a route policy called FILTER-WEB with one rule to set the r msgid "This defaults to 10000." msgstr "This defaults to 10000." -#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:264 msgid "This defaults to 1812." msgstr "This defaults to 1812." -#: ../../configuration/interfaces/wireless.rst:81 +#: ../../configuration/interfaces/wireless.rst:93 msgid "This defaults to 2007." msgstr "This defaults to 2007." @@ -16380,7 +18491,7 @@ msgstr "This defaults to 300 seconds." msgid "This defaults to 30 seconds." msgstr "This defaults to 30 seconds." -#: ../../configuration/system/login.rst:327 +#: ../../configuration/system/login.rst:333 msgid "This defaults to 49." msgstr "This defaults to 49." @@ -16400,11 +18511,11 @@ msgstr "This defaults to both 1.2 and 1.3." msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory" msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory" -#: ../../configuration/interfaces/wireless.rst:101 +#: ../../configuration/interfaces/wireless.rst:125 msgid "This defaults to phy0." msgstr "This defaults to phy0." -#: ../../configuration/interfaces/wireless.rst:65 +#: ../../configuration/interfaces/wireless.rst:77 msgid "This depends on the driver capabilities and may not be available with all drivers." msgstr "This depends on the driver capabilities and may not be available with all drivers." @@ -16420,7 +18531,7 @@ msgstr "This diagram corresponds with the example site to site configuration bel msgid "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." msgstr "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." -#: ../../configuration/interfaces/wireless.rst:186 +#: ../../configuration/interfaces/wireless.rst:217 msgid "This enables the greenfield option which sets the ``[GF]`` option" msgstr "This enables the greenfield option which sets the ``[GF]`` option" @@ -16428,15 +18539,19 @@ msgstr "This enables the greenfield option which sets the ``[GF]`` option" msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." +#: ../../configuration/policy/prefix-list.rst:52 +msgid "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." +msgstr "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." + #: ../../configuration/policy/examples.rst:189 msgid "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." msgstr "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." -#: ../../configuration/vpn/ipsec.rst:392 +#: ../../configuration/vpn/ipsec.rst:412 msgid "This example uses CACert as certificate authority." msgstr "This example uses CACert as certificate authority." -#: ../../configuration/vpn/ipsec.rst:386 +#: ../../configuration/vpn/ipsec.rst:406 msgid "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." msgstr "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." @@ -16452,8 +18567,8 @@ msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Su msgid "This functionality is controlled by adding the following configuration:" msgstr "This functionality is controlled by adding the following configuration:" -#: ../../configuration/firewall/ipv4.rst:399 -#: ../../configuration/firewall/ipv6.rst:378 +#: ../../configuration/firewall/ipv4.rst:424 +#: ../../configuration/firewall/ipv6.rst:403 msgid "This functions for both individual addresses and address groups." msgstr "This functions for both individual addresses and address groups." @@ -16473,6 +18588,10 @@ msgstr "This gives us MPLS segment routing enabled and labels for far end loopba msgid "This gives us the following neighborships, Level 1 and Level 2:" msgstr "This gives us the following neighborships, Level 1 and Level 2:" +#: ../../configuration/protocols/openfabric.rst:194 +msgid "This gives us the following neighborships:" +msgstr "This gives us the following neighborships:" + #: ../../configuration/vpn/dmvpn.rst:139 msgid "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." @@ -16507,7 +18626,7 @@ msgstr "This is a mandatory option" msgid "This is a mandatory setting." msgstr "This is a mandatory setting." -#: ../../configuration/trafficpolicy/index.rst:780 +#: ../../configuration/trafficpolicy/index.rst:830 msgid "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." msgstr "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." @@ -16585,6 +18704,10 @@ msgstr "This is the name of the physical interface used to connect to your LCD d msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +#: ../../configuration/trafficpolicy/index.rst:421 +msgid "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +msgstr "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" + #: ../../configuration/service/dhcp-server.rst:251 msgid "This is useful, for example, in combination with hostfile update." msgstr "This is useful, for example, in combination with hostfile update." @@ -16614,10 +18737,18 @@ msgstr "This mode provides fault tolerance. The :cfgcmd:`primary` option, docume msgid "This mode provides load balancing and fault tolerance." msgstr "This mode provides load balancing and fault tolerance." -#: ../../configuration/interfaces/wireless.rst:107 +#: ../../configuration/interfaces/wireless.rst:131 msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." +#: ../../configuration/interfaces/wireless.rst:132 +msgid "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." +msgstr "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." + +#: ../../configuration/interfaces/bonding.rst:161 +msgid "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." +msgstr "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." + #: ../../configuration/service/dhcp-server.rst:135 msgid "This option can be specified multiple times." msgstr "This option can be specified multiple times." @@ -16626,7 +18757,8 @@ msgstr "This option can be specified multiple times." msgid "This option can be supplied multiple times." msgstr "This option can be supplied multiple times." -#: ../../configuration/interfaces/wireless.rst:53 +#: ../../configuration/interfaces/wireless.rst:48 +#: ../../configuration/interfaces/wireless.rst:59 msgid "This option is mandatory in Access-Point mode." msgstr "This option is mandatory in Access-Point mode." @@ -16642,7 +18774,7 @@ msgstr "This option is used by some DHCP clients as a way for users to specify i msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." -#: ../../configuration/system/login.rst:394 +#: ../../configuration/system/login.rst:400 msgid "This option must be used with ``timeout`` option." msgstr "This option must be used with ``timeout`` option." @@ -16651,10 +18783,18 @@ msgstr "This option must be used with ``timeout`` option." msgid "This option only affects 802.3ad mode." msgstr "This option only affects 802.3ad mode." -#: ../../configuration/highavailability/index.rst:232 +#: ../../configuration/interfaces/wireless.rst:105 +msgid "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." +msgstr "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." + +#: ../../configuration/highavailability/index.rst:236 msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." +#: ../../configuration/interfaces/openvpn.rst:281 +msgid "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." +msgstr "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." + #: ../../configuration/pki/index.rst:308 msgid "This options defaults to 2048" msgstr "This options defaults to 2048" @@ -16663,7 +18803,7 @@ msgstr "This options defaults to 2048" msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" -#: ../../configuration/interfaces/bonding.rst:194 +#: ../../configuration/interfaces/bonding.rst:199 msgid "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." msgstr "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." @@ -16675,18 +18815,21 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." -#: ../../configuration/firewall/bridge.rst:90 -#: ../../configuration/firewall/ipv4.rst:114 -#: ../../configuration/firewall/ipv6.rst:114 +#: ../../configuration/firewall/bridge.rst:118 msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." +#: ../../configuration/firewall/ipv4.rst:138 +#: ../../configuration/firewall/ipv6.rst:138 +msgid "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." +msgstr "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." + #: ../../configuration/interfaces/tunnel.rst:161 msgid "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" msgstr "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" -#: ../../configuration/interfaces/bridge.rst:217 -#: ../../configuration/interfaces/bridge.rst:253 +#: ../../configuration/interfaces/bridge.rst:216 +#: ../../configuration/interfaces/bridge.rst:252 msgid "This results in the active configuration:" msgstr "This results in the active configuration:" @@ -16716,23 +18859,40 @@ msgid "This set the default action of the rule-set if no rule matched a packet c msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." #: ../../configuration/firewall/bridge.rst:132 -#: ../../configuration/firewall/ipv4.rst:179 -#: ../../configuration/firewall/ipv6.rst:179 +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." -#: ../../configuration/interfaces/openvpn.rst:278 +#: ../../configuration/interfaces/openvpn.rst:280 msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." -#: ../../configuration/interfaces/openvpn.rst:260 +#: ../../configuration/interfaces/openvpn.rst:262 msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." +#: ../../configuration/interfaces/openvpn.rst:262 +msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." +msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." + +#: ../../configuration/firewall/bridge.rst:186 +msgid "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." + +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 +msgid "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." + #: ../../configuration/service/dns.rst:120 msgid "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." +#: ../../configuration/interfaces/wireless.rst:397 +msgid "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." +msgstr "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." + #: ../../configuration/service/dns.rst:128 msgid "This setting defaults to 1500 and is valid between 10 and 60000." msgstr "This setting defaults to 1500 and is valid between 10 and 60000." @@ -16741,14 +18901,31 @@ msgstr "This setting defaults to 1500 and is valid between 10 and 60000." msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:63 +msgid "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" +msgstr "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:66 msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" -#: ../../configuration/highavailability/index.rst:310 +#: ../../configuration/firewall/global-options.rst:71 +msgid "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" +msgstr "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" + +#: ../../configuration/highavailability/index.rst:314 msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" +#: ../../configuration/container/index.rst:138 +msgid "This specifies the number of CPU resources the container can use." +msgstr "This specifies the number of CPU resources the container can use." + +#: ../../configuration/firewall/ipv4.rst:43 +#: ../../configuration/firewall/ipv6.rst:43 +msgid "This stage includes:" +msgstr "This stage includes:" + #: ../../_include/interface-dhcpv6-options.txt:28 msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." @@ -16765,7 +18942,7 @@ msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT. msgid "This technology is known by different names:" msgstr "This technology is known by different names:" -#: ../../configuration/trafficpolicy/index.rst:357 +#: ../../configuration/trafficpolicy/index.rst:407 msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." @@ -16777,7 +18954,8 @@ msgstr "This topology was built using GNS3." msgid "This will add the following option to the Kernel commandline:" msgstr "This will add the following option to the Kernel commandline:" -#: ../../configuration/system/option.rst:48 +#: ../../configuration/system/option.rst:46 +#: ../../configuration/system/option.rst:66 msgid "This will add the following two options to the Kernel commandline:" msgstr "This will add the following two options to the Kernel commandline:" @@ -16797,18 +18975,30 @@ msgstr "This will match TCP traffic with source port 80." msgid "This will render the following ddclient_ configuration entry:" msgstr "This will render the following ddclient_ configuration entry:" -#: ../../configuration/firewall/ipv6.rst:969 +#: ../../configuration/firewall/ipv6.rst:1030 msgid "This will show you a basic firewall overview" msgstr "This will show you a basic firewall overview" -#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv4.rst:1088 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" + +#: ../../configuration/firewall/ipv6.rst:1078 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" + +#: ../../configuration/firewall/ipv4.rst:1041 msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" -#: ../../configuration/firewall/zone.rst:149 +#: ../../configuration/firewall/zone.rst:146 msgid "This will show you a basic summary of a particular zone." msgstr "This will show you a basic summary of a particular zone." +#: ../../configuration/firewall/zone.rst:129 +msgid "This will show you a basic summary of the zone configuration." +msgstr "This will show you a basic summary of the zone configuration." + #: ../../configuration/firewall/zone.rst:132 msgid "This will show you a basic summary of zones configuration." msgstr "This will show you a basic summary of zones configuration." @@ -16817,17 +19007,17 @@ msgstr "This will show you a basic summary of zones configuration." msgid "This will show you a rule-set statistic since the last boot." msgstr "This will show you a rule-set statistic since the last boot." -#: ../../configuration/firewall/ipv4.rst:1135 -#: ../../configuration/firewall/ipv6.rst:1135 +#: ../../configuration/firewall/ipv4.rst:1239 +#: ../../configuration/firewall/ipv6.rst:1245 msgid "This will show you a statistic of all rule-sets since the last boot." msgstr "This will show you a statistic of all rule-sets since the last boot." -#: ../../configuration/firewall/ipv4.rst:1039 -#: ../../configuration/firewall/ipv6.rst:1032 +#: ../../configuration/firewall/ipv4.rst:1143 +#: ../../configuration/firewall/ipv6.rst:1142 msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1256 +#: ../../configuration/trafficpolicy/index.rst:1306 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16871,17 +19061,21 @@ msgstr "Time in seconds that the prefix will remain valid (default: 65528 second msgid "Time is in minutes and defaults to 60." msgstr "Time is in minutes and defaults to 60." -#: ../../configuration/firewall/ipv4.rst:897 -#: ../../configuration/firewall/ipv6.rst:883 +#: ../../configuration/firewall/ipv4.rst:948 +#: ../../configuration/firewall/ipv6.rst:938 #: ../../configuration/policy/route.rst:225 msgid "Time to match the defined rule." msgstr "Time to match the defined rule." -#: ../../configuration/service/ipoe-server.rst:368 -#: ../../configuration/service/pppoe-server.rst:534 -#: ../../configuration/vpn/l2tp.rst:488 +#: ../../configuration/firewall/groups.rst:216 +msgid "Timeout can be defined using seconds, minutes, hours or days:" +msgstr "Timeout can be defined using seconds, minutes, hours or days:" + +#: ../../configuration/service/ipoe-server.rst:367 +#: ../../configuration/service/pppoe-server.rst:559 +#: ../../configuration/vpn/l2tp.rst:493 #: ../../configuration/vpn/pptp.rst:412 -#: ../../configuration/vpn/sstp.rst:446 +#: ../../configuration/vpn/sstp.rst:451 msgid "Timeout in seconds" msgstr "Timeout in seconds" @@ -16889,16 +19083,16 @@ msgstr "Timeout in seconds" msgid "Timeout in seconds between health target checks." msgstr "Timeout in seconds between health target checks." -#: ../../configuration/service/ipoe-server.rst:174 -#: ../../configuration/service/pppoe-server.rst:136 +#: ../../configuration/service/ipoe-server.rst:173 +#: ../../configuration/service/pppoe-server.rst:142 #: ../../configuration/vpn/l2tp.rst:179 #: ../../configuration/vpn/pptp.rst:119 #: ../../configuration/vpn/sstp.rst:152 msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" -#: ../../configuration/service/ipoe-server.rst:194 -#: ../../configuration/service/pppoe-server.rst:156 +#: ../../configuration/service/ipoe-server.rst:193 +#: ../../configuration/service/pppoe-server.rst:167 #: ../../configuration/vpn/l2tp.rst:199 #: ../../configuration/vpn/pptp.rst:139 #: ../../configuration/vpn/sstp.rst:172 @@ -16907,6 +19101,7 @@ msgstr "Timeout to wait response from server (seconds)" #: ../../configuration/protocols/bgp.rst:689 #: ../../configuration/protocols/isis.rst:257 +#: ../../configuration/protocols/openfabric.rst:136 msgid "Timers" msgstr "Timers" @@ -16950,35 +19145,56 @@ msgstr "To automatically assign the client an IP address as tunnel endpoint, a c msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." +#: ../../configuration/firewall/bridge.rst:194 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." + +#: ../../configuration/firewall/ipv4.rst:211 +#: ../../configuration/firewall/ipv6.rst:211 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." + #: ../../configuration/firewall/bridge.rst:140 #: ../../configuration/firewall/ipv4.rst:187 #: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." -#: ../../configuration/firewall/ipv4.rst:126 -#: ../../configuration/firewall/ipv6.rst:126 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target." -#: ../../configuration/firewall/bridge.rst:120 -#: ../../configuration/firewall/ipv4.rst:163 -#: ../../configuration/firewall/ipv6.rst:163 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 +msgid "To be used only when action is set to ``jump``. Use this command to specify the jump target." +msgstr "To be used only when action is set to ``jump``. Use this command to specify the jump target." + +#: ../../configuration/firewall/ipv4.rst:187 +#: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." #: ../../configuration/firewall/bridge.rst:111 -#: ../../configuration/firewall/ipv4.rst:150 -#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." +#: ../../configuration/firewall/ipv4.rst:174 +#: ../../configuration/firewall/ipv6.rst:174 +msgid "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." +msgstr "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." + #: ../../configuration/firewall/bridge.rst:103 -#: ../../configuration/firewall/ipv4.rst:138 -#: ../../configuration/firewall/ipv6.rst:138 +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 +msgid "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." +msgstr "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." + #: ../../configuration/firewall/ipv4.rst:126 #: ../../configuration/firewall/ipv6.rst:126 msgid "To be used only when action is set to jump. Use this command to specify jump target." @@ -17000,7 +19216,7 @@ msgstr "To configure IPv6 assignments for clients, two options need to be config msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" -#: ../../configuration/firewall/index.rst:173 +#: ../../configuration/firewall/index.rst:220 msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" @@ -17028,7 +19244,7 @@ msgstr "To configure your LCD display you must first identify the used hardware, msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." -#: ../../configuration/system/login.rst:381 +#: ../../configuration/system/login.rst:387 msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." @@ -17040,7 +19256,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports." msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" -#: ../../configuration/firewall/zone.rst:80 +#: ../../configuration/firewall/zone.rst:77 msgid "To define a zone setup either one with interfaces or a local zone." msgstr "To define a zone setup either one with interfaces or a local zone." @@ -17065,19 +19281,22 @@ msgstr "To enable/disable helper support for a specific neighbour, the router-id msgid "To enable MLD reports and query on interfaces `eth0` and `eth1`:" msgstr "To enable MLD reports and query on interfaces `eth0` and `eth1`:" -#: ../../configuration/service/ipoe-server.rst:116 +#: ../../configuration/service/ipoe-server.rst:115 #: ../../configuration/service/pppoe-server.rst:78 #: ../../configuration/vpn/l2tp.rst:121 #: ../../configuration/vpn/pptp.rst:61 -#: ../../configuration/vpn/sstp.rst:94 msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +#: ../../configuration/vpn/sstp.rst:94 +msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." + #: ../../configuration/vpn/l2tp.rst:182 msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:72 +#: ../../configuration/service/https.rst:79 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17097,7 +19316,7 @@ msgstr "To enable the HTTP security headers in the configuration file, use the c msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" -#: ../../configuration/vpn/l2tp.rst:282 +#: ../../configuration/vpn/l2tp.rst:285 msgid "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." msgstr "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." @@ -17113,7 +19332,7 @@ msgstr "To forward all broadcast packets received on `UDP port 1900` on `eth3`, msgid "To generate the CA, the server private key and certificates the following commands can be used." msgstr "To generate the CA, the server private key and certificates the following commands can be used." -#: ../../configuration/interfaces/wireless.rst:594 +#: ../../configuration/interfaces/wireless.rst:718 msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." @@ -17121,11 +19340,11 @@ msgstr "To get it to work as an access point with this configuration you will ne msgid "To hand out individual prefixes to your clients the following configuration is used:" msgstr "To hand out individual prefixes to your clients the following configuration is used:" -#: ../../configuration/vpn/ipsec.rst:405 +#: ../../configuration/vpn/ipsec.rst:425 msgid "To import it from the filesystem use:" msgstr "To import it from the filesystem use:" -#: ../../configuration/highavailability/index.rst:346 +#: ../../configuration/highavailability/index.rst:350 msgid "To know more about scripting, check the :ref:`command-scripting` section." msgstr "To know more about scripting, check the :ref:`command-scripting` section." @@ -17142,11 +19361,15 @@ msgstr "To manipulate or display ARP_ table entries, the following commands are msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." +#: ../../configuration/service/config-sync.rst:19 +msgid "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." +msgstr "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 msgid "To request a /56 prefix from your ISP use:" msgstr "To request a /56 prefix from your ISP use:" -#: ../../configuration/service/dhcp-server.rst:741 +#: ../../configuration/service/dhcp-server.rst:771 msgid "To restart the DHCPv6 server" msgstr "To restart the DHCPv6 server" @@ -17158,7 +19381,7 @@ msgstr "To setup SNAT, we need to know:" msgid "To setup a destination NAT rule we need to gather:" msgstr "To setup a destination NAT rule we need to gather:" -#: ../../configuration/interfaces/wwan.rst:329 +#: ../../configuration/interfaces/wwan.rst:330 msgid "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" @@ -17178,6 +19401,10 @@ msgstr "To use such a service, one must define a login, password, one or multipl msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" +#: ../../configuration/service/salt-minion.rst:19 +msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" +msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" + #: ../../configuration/service/https.rst:77 msgid "To use this full configuration we asume a public accessible hostname." msgstr "To use this full configuration we asume a public accessible hostname." @@ -17190,7 +19417,11 @@ msgstr "Topology:" msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" -#: ../../configuration/service/ipoe-server.rst:433 +#: ../../configuration/nat/cgnat.rst:58 +msgid "Total Ports: 65536 (0 to 65535)" +msgstr "Total Ports: 65536 (0 to 65535)" + +#: ../../configuration/service/ipoe-server.rst:432 msgid "Toubleshooting" msgstr "Toubleshooting" @@ -17214,6 +19445,10 @@ msgstr "Traditionally firewalls weere configured with the concept of data going msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +#: ../../configuration/interfaces/openvpn.rst:9 +msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." + #: ../../configuration/nat/nat44.rst:143 msgid "Traffic Filters" msgstr "Traffic Filters" @@ -17222,10 +19457,18 @@ msgstr "Traffic Filters" msgid "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." msgstr "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." +#: ../../configuration/trafficpolicy/index.rst:216 +msgid "Traffic Match Group" +msgstr "Traffic Match Group" + #: ../../configuration/trafficpolicy/index.rst:5 msgid "Traffic Policy" msgstr "Traffic Policy" +#: ../../configuration/firewall/zone.rst:53 +msgid "Traffic cannot flow between a zone member interface and any interface that is not a zone member." +msgstr "Traffic cannot flow between a zone member interface and any interface that is not a zone member." + #: ../../configuration/firewall/zone.rst:56 msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member." msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member." @@ -17242,8 +19485,8 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." -#: ../../configuration/firewall/ipv4.rst:951 -#: ../../configuration/firewall/ipv6.rst:937 +#: ../../configuration/firewall/ipv4.rst:1056 +#: ../../configuration/firewall/ipv6.rst:1046 msgid "Traffic must be symmetric" msgstr "Traffic must be symmetric" @@ -17251,11 +19494,15 @@ msgstr "Traffic must be symmetric" msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" -#: ../../configuration/highavailability/index.rst:332 +#: ../../configuration/firewall/bridge.rst:38 +msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" +msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" + +#: ../../configuration/highavailability/index.rst:336 msgid "Transition scripts" msgstr "Transition scripts" -#: ../../configuration/highavailability/index.rst:334 +#: ../../configuration/highavailability/index.rst:338 msgid "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" msgstr "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" @@ -17263,10 +19510,10 @@ msgstr "Transition scripts can help you implement various fixups, such as starti msgid "Transparent Proxy" msgstr "Transparent Proxy" -#: ../../configuration/interfaces/openvpn.rst:701 +#: ../../configuration/interfaces/openvpn.rst:842 #: ../../configuration/interfaces/tunnel.rst:227 #: ../../configuration/vpn/pptp.rst:484 -#: ../../configuration/vpn/sstp.rst:580 +#: ../../configuration/vpn/sstp.rst:590 msgid "Troubleshooting" msgstr "Troubleshooting" @@ -17282,26 +19529,42 @@ msgstr "Tunnel" msgid "Tunnel keys" msgstr "Tunnel keys" -#: ../../configuration/vpn/l2tp.rst:280 +#: ../../configuration/vpn/l2tp.rst:283 msgid "Tunnel password used to authenticate the client (LAC)" msgstr "Tunnel password used to authenticate the client (LAC)" +#: ../../configuration/system/conntrack.rst:202 +msgid "Turn on flow-based timestamp extension." +msgstr "Turn on flow-based timestamp extension." + #: ../../configuration/loadbalancing/wan.rst:257 msgid "Two environment variables are available:" msgstr "Two environment variables are available:" -#: ../../configuration/firewall/flowtables.rst:104 +#: ../../configuration/firewall/flowtables.rst:105 msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1" msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1" -#: ../../configuration/service/ssh.rst:188 +#: ../../configuration/service/ssh.rst:208 msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." +#: ../../configuration/service/config-sync.rst:41 +msgid "Two options are available for `mode`: either `load` and replace or `set` the configuration section." +msgstr "Two options are available for `mode`: either `load` and replace or `set` the configuration section." + #: ../../configuration/interfaces/macsec.rst:155 msgid "Two routers connected both via eth1 through an untrusted switch" msgstr "Two routers connected both via eth1 through an untrusted switch" +#: ../../configuration/interfaces/bonding.rst:311 +msgid "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" +msgstr "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" + +#: ../../configuration/interfaces/bonding.rst:323 +msgid "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." +msgstr "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." + #: ../../configuration/service/monitoring.rst:26 msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." @@ -17346,11 +19609,11 @@ msgstr "URL with signature of master for auth reply verification" msgid "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." msgstr "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "UUCP subsystem" msgstr "UUCP subsystem" -#: ../../configuration/interfaces/ethernet.rst:73 +#: ../../configuration/interfaces/ethernet.rst:81 msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" @@ -17374,11 +19637,11 @@ msgstr "Unit of this command is MB." msgid "Units" msgstr "Units" -#: ../../configuration/interfaces/openvpn.rst:171 +#: ../../configuration/interfaces/openvpn.rst:172 msgid "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." msgstr "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." -#: ../../configuration/trafficpolicy/index.rst:705 +#: ../../configuration/trafficpolicy/index.rst:755 msgid "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." msgstr "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." @@ -17386,12 +19649,12 @@ msgstr "Up to seven queues -defined as classes_ with different priorities- can b msgid "Update" msgstr "Update" -#: ../../configuration/container/index.rst:207 +#: ../../configuration/container/index.rst:262 msgid "Update container image" msgstr "Update container image" -#: ../../configuration/firewall/ipv4.rst:1198 -#: ../../configuration/firewall/ipv6.rst:1191 +#: ../../configuration/firewall/ipv4.rst:1302 +#: ../../configuration/firewall/ipv6.rst:1301 msgid "Update geoip database" msgstr "Update geoip database" @@ -17403,14 +19666,16 @@ msgstr "Updates" msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." -#: ../../configuration/service/pppoe-server.rst:267 -#: ../../configuration/vpn/l2tp.rst:391 +#: ../../configuration/interfaces/ethernet.rst:132 +msgid "Uplink/Core tracking." +msgstr "Uplink/Core tracking." + +#: ../../configuration/service/pppoe-server.rst:286 #: ../../configuration/vpn/pptp.rst:315 -#: ../../configuration/vpn/sstp.rst:349 msgid "Upload bandwidth limit in kbit/s for `<user>`." msgstr "Upload bandwidth limit in kbit/s for `<user>`." -#: ../../configuration/service/ipoe-server.rst:325 +#: ../../configuration/service/ipoe-server.rst:324 msgid "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." msgstr "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." @@ -17422,8 +19687,20 @@ msgstr "Upon reception of an incoming packet, when a response is sent, it might msgid "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" -#: ../../configuration/interfaces/wireless.rst:352 -#: ../../configuration/interfaces/wireless.rst:552 +#: ../../configuration/nat/cgnat.rst:60 +msgid "Usable Ports: 65536 - 1024 = 64512" +msgstr "Usable Ports: 65536 - 1024 = 64512" + +#: ../../configuration/nat/cgnat.rst:68 +msgid "Usable Ports / Ports per Subscriber" +msgstr "Usable Ports / Ports per Subscriber" + +#: ../../configuration/interfaces/wireless.rst:731 +msgid "Use 802.11ax protocol" +msgstr "Use 802.11ax protocol" + +#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:676 msgid "Use 802.11n protocol" msgstr "Use 802.11n protocol" @@ -17435,6 +19712,10 @@ msgstr "Use CA certificate from PKI subsystem" msgid "Use DynDNS as your preferred provider:" msgstr "Use DynDNS as your preferred provider:" +#: ../../configuration/firewall/bridge.rst:428 +msgid "Use IP firewall" +msgstr "Use IP firewall" + #: ../../configuration/service/monitoring.rst:88 msgid "Use TLS but skip host validation" msgstr "Use TLS but skip host validation" @@ -17451,7 +19732,7 @@ msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be msgid "Use `<subnet>` as the IP pool for all connecting clients." msgstr "Use `<subnet>` as the IP pool for all connecting clients." -#: ../../configuration/system/syslog.rst:236 +#: ../../configuration/system/syslog.rst:254 msgid "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." msgstr "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." @@ -17463,31 +19744,66 @@ msgstr "Use `delete system conntrack modules` to deactive all modules." msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." -#: ../../configuration/firewall/ipv4.rst:538 -#: ../../configuration/firewall/ipv6.rst:525 +#: ../../configuration/firewall/ipv4.rst:562 +#: ../../configuration/firewall/ipv6.rst:553 msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:601 -#: ../../configuration/firewall/ipv6.rst:588 +#: ../../configuration/firewall/ipv4.rst:561 +#: ../../configuration/firewall/ipv6.rst:552 +msgid "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:646 +#: ../../configuration/firewall/ipv6.rst:637 msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:622 -#: ../../configuration/firewall/ipv6.rst:609 +#: ../../configuration/firewall/ipv4.rst:645 +#: ../../configuration/firewall/ipv6.rst:636 +msgid "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:583 +#: ../../configuration/firewall/ipv6.rst:574 +msgid "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." +msgstr "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." + +#: ../../configuration/firewall/ipv4.rst:582 +#: ../../configuration/firewall/ipv6.rst:573 +msgid "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:667 +#: ../../configuration/firewall/ipv6.rst:658 msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:559 -#: ../../configuration/firewall/ipv6.rst:546 +#: ../../configuration/firewall/ipv4.rst:666 +#: ../../configuration/firewall/ipv6.rst:657 +msgid "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:604 +#: ../../configuration/firewall/ipv6.rst:595 msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:580 -#: ../../configuration/firewall/ipv6.rst:567 +#: ../../configuration/firewall/ipv4.rst:603 +#: ../../configuration/firewall/ipv6.rst:594 +msgid "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:625 +#: ../../configuration/firewall/ipv6.rst:616 msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." +#: ../../configuration/firewall/ipv4.rst:624 +#: ../../configuration/firewall/ipv6.rst:615 +msgid "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." + #: ../../configuration/service/dhcp-server.rst:430 msgid "Use active-active HA mode." msgstr "Use active-active HA mode." @@ -17536,19 +19852,23 @@ msgstr "Use local user `foo` with password `bar`" msgid "Use tab completion to get a list of categories." msgstr "Use tab completion to get a list of categories." -#: ../../configuration/system/option.rst:83 +#: ../../configuration/interfaces/openvpn.rst:793 +msgid "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." +msgstr "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." + +#: ../../configuration/system/option.rst:103 msgid "Use the address of the specified interface on the local machine as the source address of the connection." msgstr "Use the address of the specified interface on the local machine as the source address of the connection." -#: ../../configuration/nat/nat66.rst:111 +#: ../../configuration/nat/nat66.rst:123 msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" -#: ../../configuration/nat/nat66.rst:142 +#: ../../configuration/nat/nat66.rst:154 msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." -#: ../../configuration/system/option.rst:78 +#: ../../configuration/system/option.rst:98 msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." @@ -17560,6 +19880,10 @@ msgstr "Use these commands if you would like to set the discovery hello and hold msgid "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." msgstr "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." +#: ../../configuration/firewall/global-options.rst:58 +msgid "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" +msgstr "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" + #: ../../configuration/protocols/mpls.rst:136 msgid "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." msgstr "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." @@ -17580,11 +19904,11 @@ msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/ipoe-server.rst:261 +#: ../../configuration/service/ipoe-server.rst:260 msgid "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/pppoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:375 msgid "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17592,10 +19916,18 @@ msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client msgid "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/sstp.rst:260 +msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/sstp.rst:257 msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/l2tp.rst:302 +msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/l2tp.rst:299 msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17632,15 +19964,23 @@ msgstr "Use this command to allow the selected interface to join a multicast gro msgid "Use this command to allow the selected interface to join a source-specific multicast group." msgstr "Use this command to allow the selected interface to join a source-specific multicast group." -#: ../../configuration/interfaces/openvpn.rst:712 +#: ../../configuration/interfaces/openvpn.rst:874 +msgid "Use this command to check log messages specific to an interface." +msgstr "Use this command to check log messages specific to an interface." + +#: ../../configuration/interfaces/openvpn.rst:869 +msgid "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." +msgstr "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." + +#: ../../configuration/interfaces/openvpn.rst:853 msgid "Use this command to check the tunnel status for OpenVPN client interfaces." msgstr "Use this command to check the tunnel status for OpenVPN client interfaces." -#: ../../configuration/interfaces/openvpn.rst:716 +#: ../../configuration/interfaces/openvpn.rst:857 msgid "Use this command to check the tunnel status for OpenVPN server interfaces." msgstr "Use this command to check the tunnel status for OpenVPN server interfaces." -#: ../../configuration/interfaces/openvpn.rst:720 +#: ../../configuration/interfaces/openvpn.rst:861 msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." @@ -17652,11 +19992,11 @@ msgstr "Use this command to clear Border Gateway Protocol statistics or status." msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/ipoe-server.rst:269 +#: ../../configuration/service/ipoe-server.rst:268 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/pppoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:383 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17664,10 +20004,18 @@ msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPo msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/sstp.rst:268 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." + #: ../../configuration/vpn/sstp.rst:265 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/l2tp.rst:310 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." + #: ../../configuration/vpn/l2tp.rst:307 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17681,75 +20029,75 @@ msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS msgid "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." msgstr "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." -#: ../../configuration/trafficpolicy/index.rst:649 +#: ../../configuration/trafficpolicy/index.rst:699 msgid "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." msgstr "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." -#: ../../configuration/trafficpolicy/index.rst:753 +#: ../../configuration/trafficpolicy/index.rst:803 msgid "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." msgstr "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." -#: ../../configuration/trafficpolicy/index.rst:814 +#: ../../configuration/trafficpolicy/index.rst:864 msgid "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." msgstr "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." -#: ../../configuration/trafficpolicy/index.rst:885 +#: ../../configuration/trafficpolicy/index.rst:935 msgid "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." msgstr "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." -#: ../../configuration/trafficpolicy/index.rst:834 +#: ../../configuration/trafficpolicy/index.rst:884 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." -#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:893 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." -#: ../../configuration/trafficpolicy/index.rst:852 +#: ../../configuration/trafficpolicy/index.rst:902 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." -#: ../../configuration/trafficpolicy/index.rst:823 +#: ../../configuration/trafficpolicy/index.rst:873 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." -#: ../../configuration/trafficpolicy/index.rst:947 +#: ../../configuration/trafficpolicy/index.rst:997 msgid "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." msgstr "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." -#: ../../configuration/trafficpolicy/index.rst:930 +#: ../../configuration/trafficpolicy/index.rst:980 msgid "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." msgstr "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." -#: ../../configuration/trafficpolicy/index.rst:935 +#: ../../configuration/trafficpolicy/index.rst:985 msgid "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." msgstr "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." -#: ../../configuration/trafficpolicy/index.rst:987 +#: ../../configuration/trafficpolicy/index.rst:1037 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." msgstr "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." -#: ../../configuration/trafficpolicy/index.rst:994 +#: ../../configuration/trafficpolicy/index.rst:1044 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." msgstr "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." -#: ../../configuration/trafficpolicy/index.rst:1049 +#: ../../configuration/trafficpolicy/index.rst:1099 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." -#: ../../configuration/trafficpolicy/index.rst:1063 +#: ../../configuration/trafficpolicy/index.rst:1113 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." -#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1120 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." -#: ../../configuration/trafficpolicy/index.rst:1056 +#: ../../configuration/trafficpolicy/index.rst:1106 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." -#: ../../configuration/trafficpolicy/index.rst:1042 +#: ../../configuration/trafficpolicy/index.rst:1092 msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." @@ -17757,7 +20105,7 @@ msgstr "Use this command to configure a Shaper policy, set its name and the maxi msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." -#: ../../configuration/trafficpolicy/index.rst:378 +#: ../../configuration/trafficpolicy/index.rst:428 msgid "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." msgstr "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." @@ -17765,47 +20113,47 @@ msgstr "Use this command to configure a drop-tail policy (PFIFO). Choose a uniqu msgid "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." msgstr "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." -#: ../../configuration/trafficpolicy/index.rst:571 +#: ../../configuration/trafficpolicy/index.rst:621 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." -#: ../../configuration/trafficpolicy/index.rst:611 +#: ../../configuration/trafficpolicy/index.rst:661 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." -#: ../../configuration/trafficpolicy/index.rst:591 +#: ../../configuration/trafficpolicy/index.rst:641 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." -#: ../../configuration/trafficpolicy/index.rst:583 +#: ../../configuration/trafficpolicy/index.rst:633 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." -#: ../../configuration/trafficpolicy/index.rst:604 +#: ../../configuration/trafficpolicy/index.rst:654 msgid "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." msgstr "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." -#: ../../configuration/trafficpolicy/index.rst:598 +#: ../../configuration/trafficpolicy/index.rst:648 msgid "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." msgstr "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." -#: ../../configuration/trafficpolicy/index.rst:517 +#: ../../configuration/trafficpolicy/index.rst:567 msgid "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." msgstr "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." -#: ../../configuration/trafficpolicy/index.rst:523 +#: ../../configuration/trafficpolicy/index.rst:573 msgid "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." msgstr "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." -#: ../../configuration/trafficpolicy/index.rst:497 +#: ../../configuration/trafficpolicy/index.rst:547 msgid "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." msgstr "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." -#: ../../configuration/trafficpolicy/index.rst:503 +#: ../../configuration/trafficpolicy/index.rst:553 msgid "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." msgstr "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." -#: ../../configuration/trafficpolicy/index.rst:509 +#: ../../configuration/trafficpolicy/index.rst:559 msgid "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." msgstr "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." @@ -17849,11 +20197,11 @@ msgstr "Use this command to configure the IP address used as the LDP router-id o msgid "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." msgstr "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." -#: ../../configuration/system/flow-accounting.rst:119 +#: ../../configuration/system/flow-accounting.rst:123 msgid "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." msgstr "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." -#: ../../configuration/trafficpolicy/index.rst:640 +#: ../../configuration/trafficpolicy/index.rst:690 msgid "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." msgstr "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." @@ -17861,7 +20209,7 @@ msgstr "Use this command to configure the burst size of the traffic in a Network msgid "Use this command to configure the local gateway IP address." msgstr "Use this command to configure the local gateway IP address." -#: ../../configuration/trafficpolicy/index.rst:634 +#: ../../configuration/trafficpolicy/index.rst:684 msgid "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." msgstr "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." @@ -17877,7 +20225,7 @@ msgstr "Use this command to configure the username and the password of a locally msgid "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." msgstr "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." -#: ../../configuration/trafficpolicy/index.rst:398 +#: ../../configuration/trafficpolicy/index.rst:448 msgid "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." msgstr "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." @@ -17885,19 +20233,19 @@ msgstr "Use this command to create a Fair-Queue policy and give it a name. It is msgid "Use this command to define IPsec interface." msgstr "Use this command to define IPsec interface." -#: ../../configuration/trafficpolicy/index.rst:425 +#: ../../configuration/trafficpolicy/index.rst:475 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." -#: ../../configuration/trafficpolicy/index.rst:416 +#: ../../configuration/trafficpolicy/index.rst:466 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." -#: ../../configuration/service/ipoe-server.rst:277 -#: ../../configuration/service/pppoe-server.rst:371 -#: ../../configuration/vpn/l2tp.rst:315 +#: ../../configuration/service/ipoe-server.rst:276 +#: ../../configuration/service/pppoe-server.rst:391 +#: ../../configuration/vpn/l2tp.rst:318 #: ../../configuration/vpn/pptp.rst:239 -#: ../../configuration/vpn/sstp.rst:273 +#: ../../configuration/vpn/sstp.rst:276 msgid "Use this command to define default IPv6 address pool name." msgstr "Use this command to define default IPv6 address pool name." @@ -17957,7 +20305,7 @@ msgstr "Use this command to define the interface the PPPoE server will use to li msgid "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." msgstr "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." -#: ../../configuration/trafficpolicy/index.rst:681 +#: ../../configuration/trafficpolicy/index.rst:731 msgid "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." msgstr "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." @@ -17969,11 +20317,11 @@ msgstr "Use this command to define the maximum number of entries to keep in the msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." -#: ../../configuration/service/ipoe-server.rst:332 -#: ../../configuration/service/pppoe-server.rst:450 -#: ../../configuration/vpn/l2tp.rst:404 +#: ../../configuration/service/ipoe-server.rst:331 +#: ../../configuration/service/pppoe-server.rst:474 +#: ../../configuration/vpn/l2tp.rst:407 #: ../../configuration/vpn/pptp.rst:328 -#: ../../configuration/vpn/sstp.rst:362 +#: ../../configuration/vpn/sstp.rst:365 msgid "Use this command to define the next address pool name." msgstr "Use this command to define the next address pool name." @@ -18005,15 +20353,15 @@ msgstr "Use this command to disable IPv6 operation on interface when Duplicate A msgid "Use this command to disable the generation of Ethernet flow control (pause frames)." msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)." -#: ../../configuration/trafficpolicy/index.rst:659 +#: ../../configuration/trafficpolicy/index.rst:709 msgid "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." msgstr "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." -#: ../../configuration/trafficpolicy/index.rst:667 +#: ../../configuration/trafficpolicy/index.rst:717 msgid "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." msgstr "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." -#: ../../configuration/trafficpolicy/index.rst:674 +#: ../../configuration/trafficpolicy/index.rst:724 msgid "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." msgstr "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." @@ -18041,7 +20389,7 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." -#: ../../configuration/service/pppoe-server.rst:310 +#: ../../configuration/service/pppoe-server.rst:329 msgid "Use this command to enable bandwidth shaping via RADIUS." msgstr "Use this command to enable bandwidth shaping via RADIUS." @@ -18053,7 +20401,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." -#: ../../configuration/service/pppoe-server.rst:323 +#: ../../configuration/service/pppoe-server.rst:342 msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." @@ -18069,9 +20417,9 @@ msgstr "Use this command to enable the logging of the default action." msgid "Use this command to enable the logging of the default action on custom chains." msgstr "Use this command to enable the logging of the default action on custom chains." -#: ../../configuration/firewall/bridge.rst:163 -#: ../../configuration/firewall/ipv4.rst:214 -#: ../../configuration/firewall/ipv6.rst:214 +#: ../../configuration/firewall/bridge.rst:223 +#: ../../configuration/firewall/ipv4.rst:238 +#: ../../configuration/firewall/ipv6.rst:238 msgid "Use this command to enable the logging of the default action on the specified chain." msgstr "Use this command to enable the logging of the default action on the specified chain." @@ -18099,11 +20447,11 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." -#: ../../configuration/service/ipoe-server.rst:394 +#: ../../configuration/service/ipoe-server.rst:393 msgid "Use this command to locally check the active sessions in the IPoE server." msgstr "Use this command to locally check the active sessions in the IPoE server." -#: ../../configuration/service/pppoe-server.rst:587 +#: ../../configuration/service/pppoe-server.rst:612 msgid "Use this command to locally check the active sessions in the PPPoE server." msgstr "Use this command to locally check the active sessions in the PPPoE server." @@ -18111,7 +20459,7 @@ msgstr "Use this command to locally check the active sessions in the PPPoE serve msgid "Use this command to locally check the active sessions in the PPTP server." msgstr "Use this command to locally check the active sessions in the PPTP server." -#: ../../configuration/vpn/sstp.rst:542 +#: ../../configuration/vpn/sstp.rst:552 msgid "Use this command to locally check the active sessions in the SSTP server." msgstr "Use this command to locally check the active sessions in the SSTP server." @@ -18136,11 +20484,11 @@ msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an msgid "Use this command to reset an LDP neighbor/TCP session that is established" msgstr "Use this command to reset an LDP neighbor/TCP session that is established" -#: ../../configuration/interfaces/openvpn.rst:735 +#: ../../configuration/interfaces/openvpn.rst:888 msgid "Use this command to reset the OpenVPN process on a specific interface." msgstr "Use this command to reset the OpenVPN process on a specific interface." -#: ../../configuration/interfaces/openvpn.rst:731 +#: ../../configuration/interfaces/openvpn.rst:884 msgid "Use this command to reset the specified OpenVPN client." msgstr "Use this command to reset the specified OpenVPN client." @@ -18168,7 +20516,7 @@ msgstr "Use this command to see discovery hello information" msgid "Use this command to see the Label Information Base." msgstr "Use this command to see the Label Information Base." -#: ../../configuration/service/pppoe-server.rst:33 +#: ../../configuration/service/pppoe-server.rst:32 msgid "Use this command to set a name for this PPPoE-server access concentrator." msgstr "Use this command to set a name for this PPPoE-server access concentrator." @@ -18268,15 +20616,15 @@ msgstr "Use this command to use ordered label distribution control mode. FRR by msgid "Use this command to user Layer 4 information for ECMP hashing." msgstr "Use this command to user Layer 4 information for ECMP hashing." -#: ../../configuration/interfaces/wireless.rst:431 +#: ../../configuration/interfaces/wireless.rst:549 msgid "Use this command to view operational status and details wireless-specific information about all wireless interfaces." msgstr "Use this command to view operational status and details wireless-specific information about all wireless interfaces." -#: ../../configuration/interfaces/wireless.rst:420 +#: ../../configuration/interfaces/wireless.rst:538 msgid "Use this command to view operational status and wireless-specific information about all wireless interfaces." msgstr "Use this command to view operational status and wireless-specific information about all wireless interfaces." -#: ../../configuration/interfaces/wireless.rst:498 +#: ../../configuration/interfaces/wireless.rst:622 msgid "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." @@ -18292,15 +20640,13 @@ msgstr "Used to block a specific mime-type." msgid "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." msgstr "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "User-level messages" msgstr "User-level messages" -#: ../../configuration/service/ipoe-server.rst:250 -#: ../../configuration/service/pppoe-server.rst:212 -#: ../../configuration/vpn/l2tp.rst:255 +#: ../../configuration/service/ipoe-server.rst:249 +#: ../../configuration/service/pppoe-server.rst:231 #: ../../configuration/vpn/pptp.rst:195 -#: ../../configuration/vpn/sstp.rst:228 msgid "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." msgstr "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." @@ -18312,6 +20658,10 @@ msgstr "Using 'soft-reconfiguration' we get the policy update without bouncing t msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +#: ../../configuration/interfaces/openvpn.rst:350 +msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." + #: ../../configuration/protocols/bgp.rst:922 msgid "Using BGP confederation" msgstr "Using BGP confederation" @@ -18320,15 +20670,31 @@ msgstr "Using BGP confederation" msgid "Using BGP route-reflectors" msgstr "Using BGP route-reflectors" -#: ../../configuration/interfaces/bridge.rst:234 +#: ../../configuration/firewall/groups.rst:228 +msgid "Using Dynamic Firewall Groups" +msgstr "Using Dynamic Firewall Groups" + +#: ../../configuration/system/flow-accounting.rst:45 +msgid "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." +msgstr "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." + +#: ../../configuration/interfaces/bridge.rst:233 msgid "Using VLAN aware Bridge" msgstr "Using VLAN aware Bridge" +#: ../../configuration/service/suricata.rst:94 +msgid "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." +msgstr "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." + +#: ../../configuration/firewall/groups.rst:285 +msgid "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." +msgstr "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." + #: ../../configuration/vpn/sstp.rst:29 msgid "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" msgstr "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" -#: ../../configuration/interfaces/bridge.rst:275 +#: ../../configuration/interfaces/bridge.rst:274 msgid "Using the operation mode command to view Bridge Information" msgstr "Using the operation mode command to view Bridge Information" @@ -18340,32 +20706,32 @@ msgstr "Using this command, you will create a new client configuration which can msgid "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." msgstr "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." -#: ../../configuration/interfaces/wireless.rst:220 +#: ../../configuration/interfaces/wireless.rst:251 msgid "VHT (Very High Throughput) capabilities (802.11ac)" msgstr "VHT (Very High Throughput) capabilities (802.11ac)" -#: ../../configuration/interfaces/wireless.rst:267 +#: ../../configuration/interfaces/wireless.rst:303 msgid "VHT link adaptation capabilities" msgstr "VHT link adaptation capabilities" -#: ../../configuration/interfaces/wireless.rst:245 +#: ../../configuration/interfaces/wireless.rst:280 msgid "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" msgstr "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" -#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:283 msgid "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" msgstr "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" -#: ../../configuration/interfaces/bonding.rst:275 +#: ../../configuration/interfaces/bonding.rst:280 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:123 +#: ../../configuration/interfaces/ethernet.rst:139 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 -#: ../../configuration/interfaces/wireless.rst:398 +#: ../../configuration/interfaces/wireless.rst:516 msgid "VLAN" msgstr "VLAN" -#: ../../configuration/service/pppoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:251 msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." @@ -18373,7 +20739,7 @@ msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel mo msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." -#: ../../configuration/interfaces/bridge.rst:240 +#: ../../configuration/interfaces/bridge.rst:239 msgid "VLAN 10 on member interface `eth2` (ACCESS mode)" msgstr "VLAN 10 on member interface `eth2` (ACCESS mode)" @@ -18385,7 +20751,7 @@ msgstr "VLAN Example" msgid "VLAN Options" msgstr "VLAN Options" -#: ../../configuration/service/ipoe-server.rst:315 +#: ../../configuration/service/ipoe-server.rst:314 msgid "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" msgstr "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" @@ -18409,32 +20775,32 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN msgid "VRF" msgstr "VRF" -#: ../../configuration/vrf/index.rst:430 +#: ../../configuration/vrf/index.rst:426 msgid "VRF Route Leaking" msgstr "VRF Route Leaking" -#: ../../configuration/vrf/index.rst:302 +#: ../../configuration/vrf/index.rst:298 msgid "VRF and NAT" msgstr "VRF and NAT" -#: ../../configuration/vrf/index.rst:399 +#: ../../configuration/vrf/index.rst:395 msgid "VRF blue routing table" msgstr "VRF blue routing table" -#: ../../configuration/vrf/index.rst:366 +#: ../../configuration/vrf/index.rst:362 msgid "VRF default routing table" msgstr "VRF default routing table" -#: ../../configuration/vrf/index.rst:382 +#: ../../configuration/vrf/index.rst:378 msgid "VRF red routing table" msgstr "VRF red routing table" -#: ../../configuration/vrf/index.rst:254 -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:250 +#: ../../configuration/vrf/index.rst:257 msgid "VRF route leaking" msgstr "VRF route leaking" -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:257 msgid "VRF topology example" msgstr "VRF topology example" @@ -18446,7 +20812,7 @@ msgstr "VRRP (Virtual Router Redundancy Protocol) provides active/backup redunda msgid "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." msgstr "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." -#: ../../configuration/highavailability/index.rst:301 +#: ../../configuration/highavailability/index.rst:305 msgid "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." msgstr "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." @@ -18482,24 +20848,28 @@ msgstr "VXLAN specific options" msgid "VXLAN was officially documented by the IETF in :rfc:`7348`." msgstr "VXLAN was officially documented by the IETF in :rfc:`7348`." -#: ../../configuration/interfaces/wireless.rst:110 +#: ../../configuration/interfaces/wireless.rst:136 msgid "Valid values are 0..255." msgstr "Valid values are 0..255." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/interfaces/wireless.rst:364 +msgid "Valid values are 1..63" +msgstr "Valid values are 1..63" + +#: ../../configuration/system/syslog.rst:185 msgid "Value" msgstr "Value" -#: ../../configuration/service/ipoe-server.rst:203 -#: ../../configuration/service/pppoe-server.rst:165 +#: ../../configuration/service/ipoe-server.rst:202 +#: ../../configuration/service/pppoe-server.rst:178 #: ../../configuration/vpn/l2tp.rst:208 #: ../../configuration/vpn/pptp.rst:148 #: ../../configuration/vpn/sstp.rst:181 msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." -#: ../../configuration/service/ipoe-server.rst:198 -#: ../../configuration/service/pppoe-server.rst:160 +#: ../../configuration/service/ipoe-server.rst:197 +#: ../../configuration/service/pppoe-server.rst:172 #: ../../configuration/vpn/l2tp.rst:203 #: ../../configuration/vpn/pptp.rst:143 #: ../../configuration/vpn/sstp.rst:176 @@ -18516,19 +20886,23 @@ msgstr "Verification" msgid "Verification:" msgstr "Verification:" -#: ../../configuration/nat/nat66.rst:226 +#: ../../configuration/service/config-sync.rst:101 +msgid "Verify configuration changes have been replicated to Router B" +msgstr "Verify configuration changes have been replicated to Router B" + +#: ../../configuration/nat/nat66.rst:238 msgid "Verify that connections are hitting the rule on both sides:" msgstr "Verify that connections are hitting the rule on both sides:" -#: ../../configuration/highavailability/index.rst:291 +#: ../../configuration/highavailability/index.rst:295 msgid "Version" msgstr "Version" -#: ../../configuration/highavailability/index.rst:349 +#: ../../configuration/highavailability/index.rst:353 msgid "Virtual-server" msgstr "Virtual-server" -#: ../../configuration/highavailability/index.rst:408 +#: ../../configuration/highavailability/index.rst:412 msgid "Virtual-server can be configured with VRRP virtual address or without VRRP." msgstr "Virtual-server can be configured with VRRP virtual address or without VRRP." @@ -18536,11 +20910,11 @@ msgstr "Virtual-server can be configured with VRRP virtual address or without VR msgid "Virtual Ethernet" msgstr "Virtual Ethernet" -#: ../../configuration/highavailability/index.rst:352 +#: ../../configuration/highavailability/index.rst:356 msgid "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." msgstr "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." -#: ../../configuration/container/index.rst:94 +#: ../../configuration/container/index.rst:119 msgid "Volume is either mounted as rw (read-write - default) or ro (read-only)" msgstr "Volume is either mounted as rw (read-write - default) or ro (read-only)" @@ -18552,11 +20926,15 @@ msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." -#: ../../configuration/vrf/index.rst:103 +#: ../../configuration/vrf/index.rst:99 msgid "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." msgstr "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." #: ../../configuration/pki/index.rst:11 +msgid "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." +msgstr "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." + +#: ../../configuration/pki/index.rst:11 msgid "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." @@ -18568,7 +20946,7 @@ msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no msgid "VyOS Arista EOS setup" msgstr "VyOS Arista EOS setup" -#: ../../configuration/vpn/ipsec.rst:123 +#: ../../configuration/vpn/ipsec.rst:124 msgid "VyOS ESP group has the next options:" msgstr "VyOS ESP group has the next options:" @@ -18576,7 +20954,7 @@ msgstr "VyOS ESP group has the next options:" msgid "VyOS Field" msgstr "VyOS Field" -#: ../../configuration/vpn/ipsec.rst:45 +#: ../../configuration/vpn/ipsec.rst:46 msgid "VyOS IKE group has the next options:" msgstr "VyOS IKE group has the next options:" @@ -18592,7 +20970,7 @@ msgstr "VyOS NAT66 DHCPv6 using a dummy interface" msgid "VyOS NAT66 Simple Configure" msgstr "VyOS NAT66 Simple Configure" -#: ../../configuration/trafficpolicy/index.rst:624 +#: ../../configuration/trafficpolicy/index.rst:674 msgid "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." msgstr "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." @@ -18616,7 +20994,7 @@ msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`." msgid "VyOS also provides DHCPv6 server functionality which is described in this section." msgstr "VyOS also provides DHCPv6 server functionality which is described in this section." -#: ../../configuration/vpn/ipsec.rst:474 +#: ../../configuration/vpn/ipsec.rst:494 msgid "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." msgstr "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." @@ -18636,6 +21014,10 @@ msgstr "VyOS can be configured to track connections using the connection trackin msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." +#: ../../configuration/interfaces/openvpn.rst:577 +msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." +msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." + #: ../../configuration/interfaces/ethernet.rst:34 #: ../../configuration/interfaces/ethernet.rst:53 msgid "VyOS default will be `auto`." @@ -18677,7 +21059,7 @@ msgstr "VyOS is also able to use any service relying on protocols supported by d msgid "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." -#: ../../configuration/trafficpolicy/index.rst:337 +#: ../../configuration/trafficpolicy/index.rst:387 msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." @@ -18733,7 +21115,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an msgid "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." msgstr "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." -#: ../../configuration/interfaces/openvpn.rst:703 +#: ../../configuration/interfaces/openvpn.rst:844 msgid "VyOS provides some operational commands on OpenVPN." msgstr "VyOS provides some operational commands on OpenVPN." @@ -18765,10 +21147,18 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." +#: ../../configuration/interfaces/openvpn.rst:718 +msgid "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." +msgstr "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." + #: ../../configuration/vpn/ipsec.rst:452 msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +#: ../../configuration/vpn/ipsec.rst:472 +msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." + #: ../../configuration/system/updates.rst:5 msgid "VyOS supports online checking for updates" msgstr "VyOS supports online checking for updates" @@ -18777,7 +21167,7 @@ msgstr "VyOS supports online checking for updates" msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." -#: ../../configuration/system/conntrack.rst:67 +#: ../../configuration/firewall/global-options.rst:154 msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." @@ -18837,28 +21227,32 @@ msgstr "WAN load balancing" msgid "WLAN/WIFI - Wireless LAN" msgstr "WLAN/WIFI - Wireless LAN" -#: ../../configuration/interfaces/wireless.rst:145 +#: ../../configuration/interfaces/wireless.rst:175 msgid "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" msgstr "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" -#: ../../configuration/interfaces/wireless.rst:351 -#: ../../configuration/interfaces/wireless.rst:551 +#: ../../configuration/interfaces/wireless.rst:462 +#: ../../configuration/interfaces/wireless.rst:675 msgid "WPA passphrase ``12345678``" msgstr "WPA passphrase ``12345678``" +#: ../../configuration/interfaces/wireless.rst:730 +msgid "WPA passphrase ``super-dooper-secure-passphrase``" +msgstr "WPA passphrase ``super-dooper-secure-passphrase``" + #: ../../configuration/interfaces/wwan.rst:7 msgid "WWAN - Wireless Wide-Area-Network" msgstr "WWAN - Wireless Wide-Area-Network" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning" msgstr "Warning" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning conditions" msgstr "Warning conditions" -#: ../../configuration/interfaces/openvpn.rst:54 +#: ../../configuration/interfaces/openvpn.rst:55 msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." @@ -18866,7 +21260,7 @@ msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." -#: ../../configuration/vpn/ipsec.rst:236 +#: ../../configuration/vpn/ipsec.rst:256 msgid "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." msgstr "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." @@ -18878,11 +21272,15 @@ msgstr "We can't support all displays from the beginning. If your display type i msgid "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." msgstr "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +#: ../../configuration/vpn/openconnect.rst:35 +msgid "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +msgstr "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." + #: ../../configuration/protocols/rpki.rst:168 msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" -#: ../../configuration/vpn/ipsec.rst:456 +#: ../../configuration/vpn/ipsec.rst:476 msgid "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." msgstr "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." @@ -18890,7 +21288,7 @@ msgstr "We configure a new connection named ``rw`` for road-warrior, that identi msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny." msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny." -#: ../../configuration/interfaces/openvpn.rst:633 +#: ../../configuration/interfaces/openvpn.rst:641 msgid "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." msgstr "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." @@ -18898,7 +21296,7 @@ msgstr "We do not have CLI nodes for every single OpenVPN option. If an option i msgid "We don't recomend to use arguments. Using environments is more preffereble." msgstr "We don't recomend to use arguments. Using environments is more preffereble." -#: ../../configuration/vpn/ipsec.rst:506 +#: ../../configuration/vpn/ipsec.rst:526 msgid "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." msgstr "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." @@ -18910,7 +21308,7 @@ msgstr "We listen on port 51820" msgid "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" msgstr "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" -#: ../../configuration/system/option.rst:115 +#: ../../configuration/system/option.rst:135 msgid "We now utilize `tuned` for dynamic resource balancing based on profiles." msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles." @@ -18926,10 +21324,14 @@ msgstr "We only need a single step for this interface:" msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" -#: ../../configuration/system/login.rst:424 +#: ../../configuration/system/login.rst:430 msgid "We use a vontainer providing the TACACS serve rin this example." msgstr "We use a vontainer providing the TACACS serve rin this example." +#: ../../configuration/firewall/flowtables.rst:115 +msgid "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." +msgstr "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." + #: ../../configuration/firewall/flowtables.rst:114 msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." @@ -18958,7 +21360,7 @@ msgstr "When LDP is working, you will be able to see label information in the ou msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." -#: ../../configuration/vrf/index.rst:92 +#: ../../configuration/vrf/index.rst:88 msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." @@ -18982,7 +21384,7 @@ msgstr "When a failover occurs in active-backup mode, bonding will issue one or msgid "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." msgstr "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." -#: ../../configuration/trafficpolicy/index.rst:361 +#: ../../configuration/trafficpolicy/index.rst:411 msgid "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." msgstr "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." @@ -18998,15 +21400,19 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." +#: ../../_include/interface-evpn-uplink.txt:3 +msgid "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." +msgstr "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." + #: ../../configuration/service/dns.rst:155 msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." -#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/service/pppoe-server.rst:257 msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." -#: ../../configuration/trafficpolicy/index.rst:828 +#: ../../configuration/trafficpolicy/index.rst:878 msgid "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." msgstr "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." @@ -19019,16 +21425,22 @@ msgid "When configuring your traffic policy, you will have to set data rate valu msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use." #: ../../configuration/firewall/bridge.rst:210 -#: ../../configuration/firewall/ipv4.rst:290 -#: ../../configuration/firewall/ipv6.rst:290 +#: ../../configuration/firewall/ipv4.rst:314 +#: ../../configuration/firewall/ipv6.rst:314 msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." +#: ../../configuration/firewall/bridge.rst:312 +#: ../../configuration/firewall/ipv4.rst:315 +#: ../../configuration/firewall/ipv6.rst:315 +msgid "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." +msgstr "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." + #: ../../configuration/nat/nat44.rst:311 msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." -#: ../../configuration/trafficpolicy/index.rst:420 +#: ../../configuration/trafficpolicy/index.rst:470 msgid "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." msgstr "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." @@ -19036,14 +21448,18 @@ msgstr "When dequeuing, each hash-bucket with data is queried in a round robin f msgid "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." msgstr "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." -#: ../../configuration/vrf/index.rst:207 +#: ../../configuration/vrf/index.rst:203 msgid "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." msgstr "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." -#: ../../configuration/vpn/ipsec.rst:529 +#: ../../configuration/vpn/ipsec.rst:549 msgid "When first connecting to the new VPN the user is prompted to enter proper credentials." msgstr "When first connecting to the new VPN the user is prompted to enter proper credentials." +#: ../../configuration/nat/cgnat.rst:54 +msgid "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." +msgstr "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." + #: ../../configuration/pki/index.rst:178 #: ../../configuration/pki/index.rst:221 msgid "When loading the certificate you need to manually strip the ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" @@ -19059,10 +21475,14 @@ msgid "When mathcing all patterns defined in a rule, then different actions can msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table." #: ../../_include/interface-dhcpv6-options.txt:17 +msgid "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." +msgstr "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." + +#: ../../_include/interface-dhcpv6-options.txt:17 msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." -#: ../../configuration/system/syslog.rst:233 +#: ../../configuration/system/syslog.rst:251 msgid "When no options/parameters are used, the contents of the main syslog file are displayed." msgstr "When no options/parameters are used, the contents of the main syslog file are displayed." @@ -19078,7 +21498,7 @@ msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit optio msgid "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." msgstr "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." -#: ../../configuration/trafficpolicy/index.rst:479 +#: ../../configuration/trafficpolicy/index.rst:529 msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." @@ -19094,6 +21514,10 @@ msgstr "When set the interface is enabled for \"dial-on-demand\"." msgid "When specified, this should be the only keyword for the interface." msgstr "When specified, this should be the only keyword for the interface." +#: ../../configuration/system/option.rst:110 +msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." +msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." + #: ../../configuration/system/option.rst:90 msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." @@ -19115,15 +21539,19 @@ msgstr "When the command above is set, VyOS will answer every ICMP echo request msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." -#: ../../configuration/highavailability/index.rst:321 +#: ../../configuration/highavailability/index.rst:325 msgid "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" msgstr "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" +#: ../../configuration/service/ntp.rst:137 +msgid "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." +msgstr "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." + #: ../../_include/interface-address-with-dhcp.txt:14 msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" -#: ../../configuration/interfaces/bonding.rst:505 +#: ../../configuration/interfaces/bonding.rst:558 msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" @@ -19155,7 +21583,7 @@ msgstr "When using site-to-site IPsec with VTI interfaces, be sure to disable ro msgid "When using the IPv6 protocol, MRU must be at least 1280 bytes." msgstr "When using the IPv6 protocol, MRU must be at least 1280 bytes." -#: ../../configuration/interfaces/bonding.rst:398 +#: ../../configuration/interfaces/bonding.rst:451 msgid "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." msgstr "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." @@ -19167,10 +21595,18 @@ msgstr "Where, main key words and configuration paths that needs to be understoo msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." +#: ../../configuration/firewall/ipv4.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." +#: ../../configuration/firewall/ipv6.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv6.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." @@ -19199,6 +21635,10 @@ msgstr "Which would generate the following NAT destination configuration:" msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." +#: ../../configuration/firewall/groups.rst:43 +msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." +msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." + #: ../../configuration/interfaces/openvpn.rst:43 msgid "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." msgstr "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." @@ -19207,19 +21647,31 @@ msgstr "While many are aware of OpenVPN as a Client VPN solution, it is often ov msgid "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." msgstr "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." -#: ../../configuration/service/ssh.rst:125 +#: ../../configuration/service/ssh.rst:145 msgid "Whitelist of addresses and networks. Always allow inbound connections from these systems." msgstr "Whitelist of addresses and networks. Always allow inbound connections from these systems." +#: ../../configuration/interfaces/wireless.rst:724 +msgid "WiFi-6(e) - 802.11ax" +msgstr "WiFi-6(e) - 802.11ax" + +#: ../../configuration/interfaces/openvpn.rst:650 +msgid "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." +msgstr "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." + #: ../../configuration/interfaces/openvpn.rst:642 msgid "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." msgstr "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." -#: ../../configuration/interfaces/openvpn.rst:649 +#: ../../configuration/interfaces/openvpn.rst:657 msgid "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." msgstr "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." -#: ../../configuration/system/flow-accounting.rst:56 +#: ../../configuration/interfaces/openvpn.rst:662 +msgid "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." +msgstr "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." + +#: ../../configuration/system/flow-accounting.rst:60 msgid "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." msgstr "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." @@ -19227,14 +21679,14 @@ msgstr "Will be recorded only packets/flows on **incoming** direction in configu msgid "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" msgstr "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" -#: ../../configuration/vpn/ipsec.rst:501 +#: ../../configuration/vpn/ipsec.rst:521 msgid "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." msgstr "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." -#: ../../configuration/service/pppoe-server.rst:579 -#: ../../configuration/vpn/l2tp.rst:514 +#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/vpn/l2tp.rst:519 #: ../../configuration/vpn/pptp.rst:438 -#: ../../configuration/vpn/sstp.rst:472 +#: ../../configuration/vpn/sstp.rst:477 msgid "Windows Internet Name Service (WINS) servers propagated to client" msgstr "Windows Internet Name Service (WINS) servers propagated to client" @@ -19267,24 +21719,32 @@ msgstr "WireGuard requires the generation of a keypair, which includes a private msgid "WirelessModem (WWAN) options" msgstr "WirelessModem (WWAN) options" -#: ../../configuration/interfaces/wireless.rst:353 -#: ../../configuration/interfaces/wireless.rst:553 +#: ../../configuration/interfaces/wireless.rst:732 +msgid "Wireless channel ``11`` for 2.4GHz" +msgstr "Wireless channel ``11`` for 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:464 +#: ../../configuration/interfaces/wireless.rst:677 msgid "Wireless channel ``1``" msgstr "Wireless channel ``1``" -#: ../../configuration/interfaces/wireless.rst:119 +#: ../../configuration/interfaces/wireless.rst:733 +msgid "Wireless channel ``5`` for 6GHz" +msgstr "Wireless channel ``5`` for 6GHz" + +#: ../../configuration/interfaces/wireless.rst:145 msgid "Wireless device type for this interface" msgstr "Wireless device type for this interface" -#: ../../configuration/interfaces/wireless.rst:99 +#: ../../configuration/interfaces/wireless.rst:123 msgid "Wireless hardware device used as underlay radio." msgstr "Wireless hardware device used as underlay radio." -#: ../../configuration/interfaces/wireless.rst:40 +#: ../../configuration/interfaces/wireless.rst:51 msgid "Wireless options" msgstr "Wireless options" -#: ../../configuration/interfaces/wireless.rst:301 +#: ../../configuration/interfaces/wireless.rst:409 msgid "Wireless options (Station/Client)" msgstr "Wireless options (Station/Client)" @@ -19304,11 +21764,23 @@ msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the na msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." -#: ../../configuration/loadbalancing/reverse-proxy.rst:75 +#: ../../configuration/loadbalancing/haproxy.rst:87 msgid "With this command, you can specify how the URL path should be matched against incoming requests." msgstr "With this command, you can specify how the URL path should be matched against incoming requests." -#: ../../configuration/firewall/index.rst:166 +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, the user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, the user needs to:" + +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, user needs to:" + +#: ../../configuration/firewall/index.rst:213 +msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." +msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." + +#: ../../configuration/firewall/index.rst:183 msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." @@ -19330,11 +21802,11 @@ msgstr "With zone-based firewalls a new concept was implemented, in addtion to t msgid "Y" msgstr "Y" -#: ../../configuration/firewall/zone.rst:118 +#: ../../configuration/firewall/zone.rst:115 msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." -#: ../../configuration/system/login.rst:369 +#: ../../configuration/system/login.rst:375 msgid "You are able to set post-login or pre-login banner messages to display certain information for this system." msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system." @@ -19382,15 +21854,15 @@ msgstr "You can assign multiple keys to the same user by using a unique identifi msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." -#: ../../configuration/interfaces/bonding.rst:318 +#: ../../configuration/interfaces/bonding.rst:371 msgid "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" msgstr "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" -#: ../../configuration/trafficpolicy/index.rst:314 +#: ../../configuration/trafficpolicy/index.rst:364 msgid "You can configure a policy into a class through the ``queue-type`` setting." msgstr "You can configure a policy into a class through the ``queue-type`` setting." -#: ../../configuration/trafficpolicy/index.rst:559 +#: ../../configuration/trafficpolicy/index.rst:609 msgid "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." msgstr "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." @@ -19402,10 +21874,22 @@ msgstr "You can configure multiple interfaces which whould participate in flow a msgid "You can configure multiple interfaces which whould participate in sflow accounting." msgstr "You can configure multiple interfaces which whould participate in sflow accounting." +#: ../../configuration/system/flow-accounting.rst:57 +msgid "You can configure multiple interfaces which would participate in flow accounting." +msgstr "You can configure multiple interfaces which would participate in flow accounting." + +#: ../../configuration/system/sflow.rst:32 +msgid "You can configure multiple interfaces which would participate in sflow accounting." +msgstr "You can configure multiple interfaces which would participate in sflow accounting." + #: ../../_include/interface-vlan-8021q.txt:29 msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." +#: ../../configuration/system/conntrack.rst:67 +msgid "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." +msgstr "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." + #: ../../configuration/highavailability/index.rst:72 msgid "You can disable a VRRP group with ``disable`` option:" msgstr "You can disable a VRRP group with ``disable`` option:" @@ -19422,18 +21906,23 @@ msgstr "You can not assign the same allowed-ips statement to multiple WireGuard msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" -#: ../../configuration/vpn/sstp.rst:505 +#: ../../configuration/vpn/sstp.rst:515 msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." -#: ../../configuration/system/login.rst:447 +#: ../../configuration/system/login.rst:453 msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1226 +#: ../../configuration/trafficpolicy/index.rst:1276 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" +#: ../../configuration/firewall/ipv4.rst:507 +#: ../../configuration/firewall/ipv6.rst:494 +msgid "You can only specify a source mac-address to match." +msgstr "You can only specify a source mac-address to match." + #: ../../configuration/service/broadcast-relay.rst:51 msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" @@ -19462,14 +21951,22 @@ msgstr "You can view that the policy is being correctly (or incorrectly) utilise msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." -#: ../../configuration/interfaces/openvpn.rst:119 +#: ../../configuration/interfaces/openvpn.rst:120 msgid "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" msgstr "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" -#: ../../configuration/system/flow-accounting.rst:135 +#: ../../configuration/system/flow-accounting.rst:139 msgid "You may also additionally configure timeouts for different types of connections." msgstr "You may also additionally configure timeouts for different types of connections." +#: ../../configuration/interfaces/wireless.rst:739 +msgid "You may expect real throughputs around 10MBytes/s or higher in crowded areas." +msgstr "You may expect real throughputs around 10MBytes/s or higher in crowded areas." + +#: ../../configuration/interfaces/wireless.rst:830 +msgid "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." +msgstr "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." + #: ../../configuration/protocols/bgp.rst:291 msgid "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." msgstr "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." @@ -19478,7 +21975,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." -#: ../../configuration/firewall/zone.rst:58 +#: ../../configuration/firewall/zone.rst:55 msgid "You need 2 separate firewalls to define traffic: one for each direction." msgstr "You need 2 separate firewalls to define traffic: one for each direction." @@ -19498,7 +21995,7 @@ msgstr "You now see the longer AS path." msgid "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" msgstr "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" -#: ../../configuration/interfaces/openvpn.rst:227 +#: ../../configuration/interfaces/openvpn.rst:229 msgid "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." msgstr "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." @@ -19514,18 +22011,24 @@ msgstr "You will also need the public key of your peer as well as the network(s) msgid "Your ISPs modem is connected to port ``eth0`` of your VyOS box." msgstr "Your ISPs modem is connected to port ``eth0`` of your VyOS box." -#: ../../configuration/service/router-advert.rst:110 +#: ../../configuration/service/router-advert.rst:117 msgid "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" msgstr "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" #: ../../configuration/system/ip.rst:31 #: ../../configuration/system/ipv6.rst:27 -#: ../../configuration/vrf/index.rst:44 +#: ../../configuration/vrf/index.rst:40 msgid "Zebra/Kernel route filtering" msgstr "Zebra/Kernel route filtering" #: ../../configuration/system/ip.rst:33 #: ../../configuration/system/ipv6.rst:29 +#: ../../configuration/vrf/index.rst:42 +msgid "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." +msgstr "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." + +#: ../../configuration/system/ip.rst:33 +#: ../../configuration/system/ipv6.rst:29 #: ../../configuration/vrf/index.rst:46 msgid "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." msgstr "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." @@ -19534,7 +22037,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro msgid "Zone-Policy Overview" msgstr "Zone-Policy Overview" -#: ../../configuration/firewall/index.rst:159 +#: ../../configuration/firewall/index.rst:206 msgid "Zone-based firewall" msgstr "Zone-based firewall" @@ -19558,6 +22061,10 @@ msgstr "(This can be useful when a called service has many and/or often changing msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." +#: ../../configuration/protocols/openfabric.rst:42 +msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." +msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." + #: ../../configuration/protocols/static.rst:185 msgid ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." msgstr ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." @@ -19570,6 +22077,10 @@ msgstr ":abbr:`BFD (Bidirectional Forwarding Detection)` is described and extend msgid ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." msgstr ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." +#: ../../configuration/nat/cgnat.rst:7 +msgid ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" +msgstr ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" + #: ../../configuration/interfaces/macsec.rst:85 msgid ":abbr:`CKN (MACsec connectivity association name)` key" msgstr ":abbr:`CKN (MACsec connectivity association name)` key" @@ -19598,11 +22109,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:90 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:80 +#: ../../configuration/interfaces/ethernet.rst:88 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19618,7 +22129,11 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." -#: ../../configuration/vrf/index.rst:420 +#: ../../configuration/protocols/isis.rst:9 +msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." +msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." + +#: ../../configuration/vrf/index.rst:416 msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." @@ -19630,10 +22145,14 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:72 msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +#: ../../configuration/interfaces/wireless.rst:99 +msgid ":abbr:`MFP (Management Frame Protection)` is required for WPA3." +msgstr ":abbr:`MFP (Management Frame Protection)` is required for WPA3." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19655,6 +22174,7 @@ msgid ":abbr:`NAT (Network Address Translation)` is configured entirely on a ser msgstr ":abbr:`NAT (Network Address Translation)` is configured entirely on a series of so called `rules`. Rules are numbered and evaluated by the underlying OS in numerical order! The rule numbers can be changes by utilizing the :cfgcmd:`rename` and :cfgcmd:`copy` commands." #: ../../configuration/protocols/isis.rst:65 +#: ../../configuration/protocols/openfabric.rst:55 msgid ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" msgstr ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" @@ -19698,7 +22218,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:98 +#: ../../configuration/interfaces/ethernet.rst:106 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19742,7 +22262,7 @@ msgstr ":abbr:`STP (Spanning Tree Protocol)` is a network protocol that builds a msgid ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." msgstr ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." -#: ../../configuration/interfaces/geneve.rst:57 +#: ../../configuration/interfaces/geneve.rst:81 msgid ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." msgstr ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." @@ -19755,6 +22275,10 @@ msgid ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization techno msgstr ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be either virtual or physical switch ports, are known as :abbr:`VTEPs (VXLAN tunnel endpoints)`." #: ../../configuration/interfaces/wireless.rst:16 +msgid ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" +msgstr ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" + +#: ../../configuration/interfaces/wireless.rst:16 msgid ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" msgstr ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" @@ -19762,7 +22286,11 @@ msgstr ":abbr:`WAP (Wireless Access-Point)` provides network access to connectin msgid ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." msgstr ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." -#: ../../configuration/interfaces/wireless.rst:336 +#: ../../configuration/interfaces/wireless.rst:447 +msgid ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." +msgstr ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." + +#: ../../configuration/interfaces/wireless.rst:339 msgid ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." msgstr ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." @@ -19810,6 +22338,30 @@ msgstr ":code:`set service webproxy whitelist source-address 192.168.1.2`" msgid ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" msgstr ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" +#: ../../configuration/firewall/ipv4.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" + +#: ../../configuration/firewall/ipv6.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" + +#: ../../configuration/firewall/ipv6.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" + +#: ../../configuration/firewall/ipv4.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" + +#: ../../configuration/firewall/ipv6.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" + +#: ../../configuration/firewall/ipv4.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" + #: ../../configuration/policy/index.rst:1 msgid ":lastproofread:2021-07-12" msgstr ":lastproofread:2021-07-12" @@ -19818,43 +22370,43 @@ msgstr ":lastproofread:2021-07-12" msgid ":opcmd:`generate pki wireguard key-pair`." msgstr ":opcmd:`generate pki wireguard key-pair`." -#: ../../configuration/vrf/index.rst:107 +#: ../../configuration/vrf/index.rst:103 msgid ":ref:`routing-bgp`" msgstr ":ref:`routing-bgp`" -#: ../../configuration/vrf/index.rst:123 +#: ../../configuration/vrf/index.rst:119 msgid ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" msgstr ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" -#: ../../configuration/vrf/index.rst:108 +#: ../../configuration/vrf/index.rst:104 msgid ":ref:`routing-isis`" msgstr ":ref:`routing-isis`" -#: ../../configuration/vrf/index.rst:124 +#: ../../configuration/vrf/index.rst:120 msgid ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" msgstr ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" -#: ../../configuration/vrf/index.rst:109 +#: ../../configuration/vrf/index.rst:105 msgid ":ref:`routing-ospf`" msgstr ":ref:`routing-ospf`" -#: ../../configuration/vrf/index.rst:125 +#: ../../configuration/vrf/index.rst:121 msgid ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" msgstr ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" -#: ../../configuration/vrf/index.rst:110 +#: ../../configuration/vrf/index.rst:106 msgid ":ref:`routing-ospfv3`" msgstr ":ref:`routing-ospfv3`" -#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:122 msgid ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" msgstr ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" -#: ../../configuration/vrf/index.rst:111 +#: ../../configuration/vrf/index.rst:107 msgid ":ref:`routing-static`" msgstr ":ref:`routing-static`" -#: ../../configuration/vrf/index.rst:127 +#: ../../configuration/vrf/index.rst:123 msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" @@ -19870,6 +22422,14 @@ msgstr ":rfc:`2136` Based" msgid ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." msgstr ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." +#: ../../configuration/nat/cgnat.rst:195 +msgid ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" +msgstr ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" + +#: ../../configuration/nat/cgnat.rst:196 +msgid ":rfc:`6888` - Requirements for CGNAT" +msgstr ":rfc:`6888` - Requirements for CGNAT" + #: ../../configuration/pki/index.rst:17 msgid ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." msgstr ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." @@ -19894,7 +22454,7 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" -#: ../../configuration/trafficpolicy/index.rst:1156 +#: ../../configuration/trafficpolicy/index.rst:1206 msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." @@ -19938,10 +22498,14 @@ msgstr "``0.pool.ntp.org``" msgid "``0``: No replay window, strict check" msgstr "``0``: No replay window, strict check" -#: ../../configuration/interfaces/wireless.rst:256 +#: ../../configuration/interfaces/wireless.rst:291 msgid "``0`` - 20 or 40 MHz channel width (default)" msgstr "``0`` - 20 or 40 MHz channel width (default)" +#: ../../configuration/interfaces/wireless.rst:403 +msgid "``0`` - HE-MCS 0-7" +msgstr "``0`` - HE-MCS 0-7" + #: ../../configuration/interfaces/macsec.rst:102 msgid "``1-4294967295``: Number of packets that could be misordered" msgstr "``1-4294967295``: Number of packets that could be misordered" @@ -19954,6 +22518,46 @@ msgstr "``115200`` - 115,200 bps (default for serial console)" msgid "``1200`` - 1200 bps" msgstr "``1200`` - 1200 bps" +#: ../../configuration/interfaces/wireless.rst:381 +msgid "``131`` - 20 MHz channel width" +msgstr "``131`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:388 +msgid "``131`` - 20 MHz channel width (6GHz)" +msgstr "``131`` - 20 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:382 +msgid "``132`` - 40 MHz channel width" +msgstr "``132`` - 40 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:389 +msgid "``132`` - 40 MHz channel width (6GHz)" +msgstr "``132`` - 40 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``133`` - 80 MHz channel width" +msgstr "``133`` - 80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:390 +msgid "``133`` - 80 MHz channel width (6GHz)" +msgstr "``133`` - 80 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``134`` - 160 MHz channel width" +msgstr "``134`` - 160 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:391 +msgid "``134`` - 160 MHz channel width (6GHz)" +msgstr "``134`` - 160 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:385 +msgid "``135`` - 80+80 MHz channel width" +msgstr "``135`` - 80+80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:392 +msgid "``135`` - 80+80 MHz channel width (6GHz)" +msgstr "``135`` - 80+80 MHz channel width (6GHz)" + #: ../../configuration/system/console.rst:36 msgid "``19200`` - 19,200 bps" msgstr "``19200`` - 19,200 bps" @@ -19966,10 +22570,14 @@ msgstr "``192.168.2.254`` IP addreess on VyOS eth2 from ISP2" msgid "``1.pool.ntp.org``" msgstr "``1.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:257 +#: ../../configuration/interfaces/wireless.rst:292 msgid "``1`` - 80 MHz channel width" msgstr "``1`` - 80 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:404 +msgid "``1`` - HE-MCS 0-9" +msgstr "``1`` - HE-MCS 0-9" + #: ../../configuration/policy/examples.rst:161 msgid "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" msgstr "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" @@ -19982,18 +22590,26 @@ msgstr "``2400`` - 2400 bps" msgid "``2.pool.ntp.org``" msgstr "``2.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:258 +#: ../../configuration/interfaces/wireless.rst:293 msgid "``2`` - 160 MHz channel width" msgstr "``2`` - 160 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:405 +msgid "``2`` - HE-MCS 0-11" +msgstr "``2`` - HE-MCS 0-11" + #: ../../configuration/system/console.rst:37 msgid "``38400`` - 38,400 bps (default for Xen console)" msgstr "``38400`` - 38,400 bps (default for Xen console)" -#: ../../configuration/interfaces/wireless.rst:259 +#: ../../configuration/interfaces/wireless.rst:294 msgid "``3`` - 80+80 MHz channel width" msgstr "``3`` - 80+80 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:406 +msgid "``3`` - HE-MCS is not supported" +msgstr "``3`` - HE-MCS is not supported" + #: ../../configuration/system/console.rst:34 msgid "``4800`` - 4800 bps" msgstr "``4800`` - 4800 bps" @@ -20010,11 +22626,23 @@ msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 address msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``81`` - 20 MHz channel width (2.4GHz)" +msgstr "``81`` - 20 MHz channel width (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" +msgstr "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:386 +msgid "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" +msgstr "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" + #: ../../configuration/system/console.rst:35 msgid "``9600`` - 9600 bps" msgstr "``9600`` - 9600 bps" -#: ../../configuration/vpn/ipsec.rst:152 +#: ../../configuration/vpn/ipsec.rst:153 msgid "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgstr "``< dh-group >`` defines a Diffie-Hellman group for PFS;" @@ -20026,11 +22654,11 @@ msgstr "``@`` Use @ as record name to set the record for the root domain." msgid "``Known limitations:``" msgstr "``Known limitations:``" -#: ../../configuration/service/ipoe-server.rst:247 -#: ../../configuration/service/pppoe-server.rst:209 -#: ../../configuration/vpn/l2tp.rst:252 +#: ../../configuration/service/ipoe-server.rst:246 +#: ../../configuration/service/pppoe-server.rst:227 +#: ../../configuration/vpn/l2tp.rst:254 #: ../../configuration/vpn/pptp.rst:192 -#: ../../configuration/vpn/sstp.rst:225 +#: ../../configuration/vpn/sstp.rst:227 msgid "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." msgstr "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." @@ -20042,11 +22670,11 @@ msgstr "``WLB_INTERFACE_NAME=[interfacename]``: Interface to be monitored" msgid "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" msgstr "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" -#: ../../configuration/interfaces/wireless.rst:91 +#: ../../configuration/interfaces/wireless.rst:112 msgid "``a`` - 802.11a - 54 Mbits/sec" msgstr "``a`` - 802.11a - 54 Mbits/sec" -#: ../../configuration/interfaces/wireless.rst:95 +#: ../../configuration/interfaces/wireless.rst:116 msgid "``ac`` - 802.11ac - 1300 Mbits/sec" msgstr "``ac`` - 802.11ac - 1300 Mbits/sec" @@ -20058,17 +22686,17 @@ msgstr "``accept-own-nexthop`` - Well-known communities value accept-o msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" -#: ../../configuration/firewall/bridge.rst:72 -#: ../../configuration/firewall/ipv4.rst:88 -#: ../../configuration/firewall/ipv6.rst:88 +#: ../../configuration/firewall/bridge.rst:91 +#: ../../configuration/firewall/ipv4.rst:112 +#: ../../configuration/firewall/ipv6.rst:112 msgid "``accept``: accept the packet." msgstr "``accept``: accept the packet." -#: ../../configuration/interfaces/wireless.rst:121 +#: ../../configuration/interfaces/wireless.rst:147 msgid "``access-point`` - Access-point forwards packets between other nodes" msgstr "``access-point`` - Access-point forwards packets between other nodes" -#: ../../configuration/vpn/ipsec.rst:61 +#: ../../configuration/vpn/ipsec.rst:62 msgid "``action`` keep-alive failure action:" msgstr "``action`` keep-alive failure action:" @@ -20076,11 +22704,19 @@ msgstr "``action`` keep-alive failure action:" msgid "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." msgstr "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." +#: ../../configuration/system/option.rst:59 +msgid "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." +msgstr "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." + #: ../../configuration/interfaces/bonding.rst:87 msgid "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." msgstr "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." -#: ../../configuration/vpn/ipsec.rst:98 +#: ../../configuration/service/suricata.rst:47 +msgid "``address`` IP address or subnet." +msgstr "``address`` IP address or subnet." + +#: ../../configuration/vpn/ipsec.rst:99 msgid "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" @@ -20088,6 +22724,10 @@ msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protoc msgid "``all-available`` all checking target addresses must be available to pass this check" msgstr "``all-available`` all checking target addresses must be available to pass this check" +#: ../../configuration/system/option.rst:69 +msgid "``amd_pstate={mode}`` Sets the p-state mode" +msgstr "``amd_pstate={mode}`` Sets the p-state mode" + #: ../../configuration/protocols/failover.rst:43 msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``any-available`` any of the checking target addresses must be available to pass this check" @@ -20108,7 +22748,11 @@ msgstr "``authentication`` - configure authentication between VyOS and a remote msgid "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" msgstr "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" -#: ../../configuration/interfaces/wireless.rst:92 +#: ../../configuration/interfaces/wireless.rst:117 +msgid "``ax`` - 802.11ax - exceeds 1GBit/sec" +msgstr "``ax`` - 802.11ax - exceeds 1GBit/sec" + +#: ../../configuration/interfaces/wireless.rst:113 msgid "``b`` - 802.11b - 11 Mbits/sec" msgstr "``b`` - 802.11b - 11 Mbits/sec" @@ -20116,7 +22760,7 @@ msgstr "``b`` - 802.11b - 11 Mbits/sec" msgid "``babel`` - Babel routing protocol (Babel)" msgstr "``babel`` - Babel routing protocol (Babel)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:79 +#: ../../configuration/loadbalancing/haproxy.rst:91 msgid "``begin`` Matches the beginning of the URL path" msgstr "``begin`` Matches the beginning of the URL path" @@ -20160,7 +22804,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating msgid "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" msgstr "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" -#: ../../configuration/vpn/ipsec.rst:66 +#: ../../configuration/vpn/ipsec.rst:67 msgid "``clear`` closes the CHILD_SA and does not take further action (default);" msgstr "``clear`` closes the CHILD_SA and does not take further action (default);" @@ -20176,11 +22820,11 @@ msgstr "``close-action = none | clear | hold | restart`` - defines the action to msgid "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." msgstr "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." -#: ../../configuration/vpn/ipsec.rst:47 +#: ../../configuration/vpn/ipsec.rst:48 msgid "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" msgstr "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" -#: ../../configuration/vpn/ipsec.rst:125 +#: ../../configuration/vpn/ipsec.rst:126 msgid "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." msgstr "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." @@ -20196,9 +22840,9 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)" msgid "``connection-type`` - how to handle this connection process. Possible variants:" msgstr "``connection-type`` - how to handle this connection process. Possible variants:" -#: ../../configuration/firewall/bridge.rst:74 -#: ../../configuration/firewall/ipv4.rst:90 -#: ../../configuration/firewall/ipv6.rst:90 +#: ../../configuration/firewall/bridge.rst:93 +#: ../../configuration/firewall/ipv4.rst:114 +#: ../../configuration/firewall/ipv6.rst:114 msgid "``continue``: continue parsing next rule." msgstr "``continue``: continue parsing next rule." @@ -20218,7 +22862,7 @@ msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE noti msgid "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." msgstr "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." -#: ../../configuration/vpn/ipsec.rst:56 +#: ../../configuration/vpn/ipsec.rst:57 msgid "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" msgstr "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" @@ -20230,7 +22874,7 @@ msgstr "``default-esp-group`` - ESP group to use by default for traffic encrypti msgid "``description`` - description for this peer;" msgstr "``description`` - description for this peer;" -#: ../../configuration/vpn/ipsec.rst:103 +#: ../../configuration/vpn/ipsec.rst:104 msgid "``dh-group`` dh-group;" msgstr "``dh-group`` dh-group;" @@ -20242,14 +22886,22 @@ msgstr "``dhcp-interface`` - ID for authentication generated from DHCP address d msgid "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" -#: ../../configuration/vpn/ipsec.rst:90 +#: ../../configuration/vpn/ipsec.rst:91 msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." +#: ../../configuration/vpn/ipsec.rst:161 +msgid "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." +msgstr "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." + #: ../../configuration/vpn/site2site_ipsec.rst:399 msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." +#: ../../configuration/vpn/ipsec.rst:171 +msgid "``disable-route-autoinstall`` Do not automatically install routes to remote" +msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote" + #: ../../configuration/vpn/ipsec.rst:166 msgid "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" @@ -20258,7 +22910,7 @@ msgstr "``disable-route-autoinstall`` Do not automatically install routes to rem msgid "``disable`` - disable this tunnel;" msgstr "``disable`` - disable this tunnel;" -#: ../../configuration/vpn/ipsec.rst:150 +#: ../../configuration/vpn/ipsec.rst:151 msgid "``disable`` Disable PFS;" msgstr "``disable`` Disable PFS;" @@ -20270,9 +22922,9 @@ msgstr "``disable`` disable IPComp compression (default);" msgid "``disable`` disable MOBIKE;" msgstr "``disable`` disable MOBIKE;" -#: ../../configuration/firewall/bridge.rst:76 -#: ../../configuration/firewall/ipv4.rst:92 -#: ../../configuration/firewall/ipv6.rst:92 +#: ../../configuration/firewall/bridge.rst:95 +#: ../../configuration/firewall/ipv4.rst:116 +#: ../../configuration/firewall/ipv6.rst:116 msgid "``drop``: drop the packet." msgstr "``drop``: drop the packet." @@ -20292,7 +22944,7 @@ msgstr "``ecdsa-sha2-nistp521``" msgid "``edp`` - Listen for EDP for Extreme routers/switches" msgstr "``edp`` - Listen for EDP for Extreme routers/switches" -#: ../../configuration/vpn/ipsec.rst:148 +#: ../../configuration/vpn/ipsec.rst:149 msgid "``enable`` Inherit Diffie-Hellman group from IKE group (default);" msgstr "``enable`` Inherit Diffie-Hellman group from IKE group (default);" @@ -20304,15 +22956,15 @@ msgstr "``enable`` enable IPComp compression;" msgid "``enable`` enable MOBIKE (default for IKEv2);" msgstr "``enable`` enable MOBIKE (default for IKEv2);" -#: ../../configuration/vpn/ipsec.rst:105 +#: ../../configuration/vpn/ipsec.rst:106 msgid "``encryption`` encryption algorithm;" msgstr "``encryption`` encryption algorithm;" -#: ../../configuration/vpn/ipsec.rst:156 +#: ../../configuration/vpn/ipsec.rst:157 msgid "``encryption`` encryption algorithm (default 128 bit AES-CBC);" msgstr "``encryption`` encryption algorithm (default 128 bit AES-CBC);" -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "``end`` Matches the end of the URL path." msgstr "``end`` Matches the end of the URL path." @@ -20324,7 +22976,7 @@ msgstr "``esp-group`` - define ESP group for encrypt traffic, defined by this tu msgid "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." msgstr "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:81 +#: ../../configuration/loadbalancing/haproxy.rst:93 msgid "``exact`` Requires an exactly match of the URL path" msgstr "``exact`` Requires an exactly match of the URL path" @@ -20336,10 +22988,22 @@ msgstr "``fdp`` - Listen for FDP for Foundry routers/switches" msgid "``file`` - path to the key file;" msgstr "``file`` - path to the key file;" +#: ../../configuration/service/suricata.rst:71 +msgid "``filename`` Log file (default: eve.json)." +msgstr "``filename`` Log file (default: eve.json)." + +#: ../../configuration/service/suricata.rst:73 +msgid "``filetype`` EVE logging destination (default: regular)." +msgstr "``filetype`` EVE logging destination (default: regular)." + #: ../../configuration/vpn/ipsec.rst:164 msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +#: ../../configuration/vpn/ipsec.rst:181 +msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" +msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" + #: ../../configuration/vpn/ipsec.rst:168 msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" @@ -20348,7 +23012,7 @@ msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisc msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" -#: ../../configuration/interfaces/wireless.rst:93 +#: ../../configuration/interfaces/wireless.rst:114 msgid "``g`` - 802.11g - 54 Mbits/sec (default)" msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" @@ -20356,15 +23020,27 @@ msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" +#: ../../configuration/service/suricata.rst:49 +msgid "``group`` Address group." +msgstr "``group`` Address group." + +#: ../../configuration/service/suricata.rst:60 +msgid "``group`` Port group." +msgstr "``group`` Port group." + +#: ../../configuration/system/option.rst:63 +msgid "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." +msgstr "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." + #: ../../configuration/system/task-scheduler.rst:21 msgid "``h`` - Execution interval in hours" msgstr "``h`` - Execution interval in hours" -#: ../../configuration/vpn/ipsec.rst:107 +#: ../../configuration/vpn/ipsec.rst:108 msgid "``hash`` hash algorithm." msgstr "``hash`` hash algorithm." -#: ../../configuration/vpn/ipsec.rst:158 +#: ../../configuration/vpn/ipsec.rst:159 msgid "``hash`` hash algorithm (default sha1)." msgstr "``hash`` hash algorithm (default sha1)." @@ -20376,11 +23052,15 @@ msgstr "``hold`` set action to hold;" msgid "``hold`` set action to hold (default)" msgstr "``hold`` set action to hold (default)" -#: ../../configuration/interfaces/wireless.rst:154 +#: ../../configuration/interfaces/wireless.rst:182 +msgid "``ht20`` - 20 MHz channel width" +msgstr "``ht20`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:185 msgid "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" msgstr "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" -#: ../../configuration/interfaces/wireless.rst:152 +#: ../../configuration/interfaces/wireless.rst:183 msgid "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" msgstr "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" @@ -20396,7 +23076,7 @@ msgstr "``id`` - static ID's for authentication. In general local and remote add msgid "``ike-group`` - IKE group to use for key exchanges;" msgstr "``ike-group`` - IKE group to use for key exchanges;" -#: ../../configuration/vpn/ipsec.rst:84 +#: ../../configuration/vpn/ipsec.rst:85 msgid "``ikev1`` use IKEv1 for Key Exchange;" msgstr "``ikev1`` use IKEv1 for Key Exchange;" @@ -20404,7 +23084,7 @@ msgstr "``ikev1`` use IKEv1 for Key Exchange;" msgid "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" msgstr "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" -#: ../../configuration/vpn/ipsec.rst:75 +#: ../../configuration/vpn/ipsec.rst:76 msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." @@ -20412,7 +23092,7 @@ msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticat msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" -#: ../../configuration/vpn/ipsec.rst:86 +#: ../../configuration/vpn/ipsec.rst:87 msgid "``ikev2`` use IKEv2 for Key Exchange;" msgstr "``ikev2`` use IKEv2 for Key Exchange;" @@ -20420,14 +23100,22 @@ msgstr "``ikev2`` use IKEv2 for Key Exchange;" msgid "``in``: Ruleset for forwarded packets on an inbound interface" msgstr "``in``: Ruleset for forwarded packets on an inbound interface" +#: ../../configuration/system/option.rst:68 +msgid "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" +msgstr "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" + #: ../../configuration/vpn/site2site_ipsec.rst:72 msgid "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" msgstr "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" -#: ../../configuration/system/option.rst:50 +#: ../../configuration/system/option.rst:48 msgid "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" msgstr "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" +#: ../../configuration/vpn/ipsec.rst:185 +msgid "``interface`` Interface Name to use. The name of the interface on which" +msgstr "``interface`` Interface Name to use. The name of the interface on which" + #: ../../configuration/vpn/ipsec.rst:170 msgid "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" msgstr "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" @@ -20436,11 +23124,15 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." +#: ../../configuration/service/ntp.rst:72 +msgid "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." +msgstr "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." + #: ../../configuration/policy/route-map.rst:369 msgid "``internet`` - Well-known communities value 0" msgstr "``internet`` - Well-known communities value 0" -#: ../../configuration/vpn/ipsec.rst:71 +#: ../../configuration/vpn/ipsec.rst:72 msgid "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" @@ -20448,9 +23140,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)" msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)" -#: ../../configuration/firewall/bridge.rst:78 -#: ../../configuration/firewall/ipv4.rst:96 -#: ../../configuration/firewall/ipv6.rst:96 +#: ../../configuration/firewall/bridge.rst:97 +#: ../../configuration/firewall/ipv4.rst:120 +#: ../../configuration/firewall/ipv6.rst:120 msgid "``jump``: jump to another custom chain." msgstr "``jump``: jump to another custom chain." @@ -20458,7 +23150,7 @@ msgstr "``jump``: jump to another custom chain." msgid "``kernel`` - Kernel routes" msgstr "``kernel`` - Kernel routes" -#: ../../configuration/vpn/ipsec.rst:80 +#: ../../configuration/vpn/ipsec.rst:81 msgid "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" msgstr "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" @@ -20466,15 +23158,19 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" -#: ../../configuration/service/https.rst:96 +#: ../../configuration/service/https.rst:99 msgid "``key`` use API keys configured in ``service https api keys``" msgstr "``key`` use API keys configured in ``service https api keys``" -#: ../../configuration/system/option.rst:137 +#: ../../configuration/system/option.rst:157 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:250 +msgid "``ldap`` LDAP protocol check." +msgstr "``ldap`` LDAP protocol check." + +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" @@ -20482,19 +23178,19 @@ msgstr "``least-connection`` Distributes requests to the server with the fewest msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -#: ../../configuration/vpn/ipsec.rst:128 +#: ../../configuration/vpn/ipsec.rst:129 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:131 +#: ../../configuration/vpn/ipsec.rst:132 msgid "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" msgstr "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:134 +#: ../../configuration/vpn/ipsec.rst:135 msgid "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" msgstr "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" -#: ../../configuration/vpn/ipsec.rst:88 +#: ../../configuration/vpn/ipsec.rst:89 msgid "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" @@ -20538,7 +23234,7 @@ msgstr "``m`` - Execution interval in minutes" msgid "``main`` Routing table used by VyOS and other interfaces not participating in PBR" msgstr "``main`` Routing table used by VyOS and other interfaces not participating in PBR" -#: ../../configuration/vpn/ipsec.rst:95 +#: ../../configuration/vpn/ipsec.rst:96 msgid "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" msgstr "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" @@ -20558,27 +23254,39 @@ msgstr "``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:" msgid "``mode`` - mode for authentication between VyOS and remote peer:" msgstr "``mode`` - mode for authentication between VyOS and remote peer:" -#: ../../configuration/vpn/ipsec.rst:93 +#: ../../configuration/vpn/ipsec.rst:94 msgid "``mode`` IKEv1 Phase 1 Mode Selection:" msgstr "``mode`` IKEv1 Phase 1 Mode Selection:" -#: ../../configuration/vpn/ipsec.rst:139 +#: ../../configuration/vpn/ipsec.rst:140 msgid "``mode`` the type of the connection:" msgstr "``mode`` the type of the connection:" -#: ../../configuration/interfaces/wireless.rst:123 +#: ../../configuration/interfaces/wireless.rst:149 msgid "``monitor`` - Passively monitor all packets on the frequency/channel" msgstr "``monitor`` - Passively monitor all packets on the frequency/channel" -#: ../../configuration/interfaces/wireless.rst:240 +#: ../../configuration/interfaces/wireless.rst:274 +msgid "``multi-user-beamformee`` - Support for operation as multi user beamformee" +msgstr "``multi-user-beamformee`` - Support for operation as multi user beamformee" + +#: ../../configuration/interfaces/wireless.rst:243 msgid "``multi-user-beamformee`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformee`` - Support for operation as single user beamformer" -#: ../../configuration/interfaces/wireless.rst:239 +#: ../../configuration/interfaces/wireless.rst:272 +msgid "``multi-user-beamformer`` - Support for operation as multi user beamformer" +msgstr "``multi-user-beamformer`` - Support for operation as multi user beamformer" + +#: ../../configuration/interfaces/wireless.rst:355 msgid "``multi-user-beamformer`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformer`` - Support for operation as single user beamformer" -#: ../../configuration/interfaces/wireless.rst:94 +#: ../../configuration/loadbalancing/haproxy.rst:252 +msgid "``mysql`` MySQL protocol check." +msgstr "``mysql`` MySQL protocol check." + +#: ../../configuration/interfaces/wireless.rst:115 msgid "``n`` - 802.11n - 600 Mbits/sec" msgstr "``n`` - 802.11n - 600 Mbits/sec" @@ -20586,43 +23294,43 @@ msgstr "``n`` - 802.11n - 600 Mbits/sec" msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." -#: ../../configuration/firewall/global-options.rst:79 +#: ../../configuration/firewall/global-options.rst:84 msgid "``net.ipv4.conf.all.accept_redirects``" msgstr "``net.ipv4.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:69 +#: ../../configuration/firewall/global-options.rst:74 msgid "``net.ipv4.conf.all.accept_source_route``" msgstr "``net.ipv4.conf.all.accept_source_route``" -#: ../../configuration/firewall/global-options.rst:94 +#: ../../configuration/firewall/global-options.rst:99 msgid "``net.ipv4.conf.all.log_martians``" msgstr "``net.ipv4.conf.all.log_martians``" -#: ../../configuration/firewall/global-options.rst:102 +#: ../../configuration/firewall/global-options.rst:107 msgid "``net.ipv4.conf.all.rp_filter``" msgstr "``net.ipv4.conf.all.rp_filter``" -#: ../../configuration/firewall/global-options.rst:87 +#: ../../configuration/firewall/global-options.rst:92 msgid "``net.ipv4.conf.all.send_redirects``" msgstr "``net.ipv4.conf.all.send_redirects``" -#: ../../configuration/firewall/global-options.rst:61 +#: ../../configuration/firewall/global-options.rst:66 msgid "``net.ipv4.icmp_echo_ignore_broadcasts``" msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``" -#: ../../configuration/firewall/global-options.rst:117 +#: ../../configuration/firewall/global-options.rst:122 msgid "``net.ipv4.tcp_rfc1337``" msgstr "``net.ipv4.tcp_rfc1337``" -#: ../../configuration/firewall/global-options.rst:109 +#: ../../configuration/firewall/global-options.rst:114 msgid "``net.ipv4.tcp_syncookies``" msgstr "``net.ipv4.tcp_syncookies``" -#: ../../configuration/firewall/global-options.rst:80 +#: ../../configuration/firewall/global-options.rst:85 msgid "``net.ipv6.conf.all.accept_redirects``" msgstr "``net.ipv6.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:70 +#: ../../configuration/firewall/global-options.rst:75 msgid "``net.ipv6.conf.all.accept_source_route``" msgstr "``net.ipv6.conf.all.accept_source_route``" @@ -20654,7 +23362,7 @@ msgstr "``none`` - Execution interval in minutes" msgid "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." msgstr "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." -#: ../../configuration/vpn/ipsec.rst:50 +#: ../../configuration/vpn/ipsec.rst:51 msgid "``none`` set action to none (default);" msgstr "``none`` set action to none (default);" @@ -20662,11 +23370,15 @@ msgstr "``none`` set action to none (default);" msgid "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." msgstr "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." +#: ../../configuration/firewall/bridge.rst:104 +msgid "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." +msgstr "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." + #: ../../configuration/service/ntp.rst:60 msgid "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" msgstr "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" -#: ../../configuration/vpn/ipsec.rst:164 +#: ../../configuration/vpn/ipsec.rst:168 msgid "``options``" msgstr "``options``" @@ -20682,6 +23394,10 @@ msgstr "``ospfv3`` - Open Shortest Path First (IPv6) (OSPFv3)" msgid "``out``: Ruleset for forwarded packets on an outbound interface" msgstr "``out``: Ruleset for forwarded packets on an outbound interface" +#: ../../configuration/system/option.rst:61 +msgid "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." +msgstr "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." + #: ../../configuration/vpn/site2site_ipsec.rst:54 msgid "``passphrase`` - local private key passphrase" msgstr "``passphrase`` - local private key passphrase" @@ -20698,14 +23414,22 @@ msgstr "``password`` - passphrase private key, if needed." msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." +#: ../../configuration/pki/index.rst:165 +msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." +msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." + #: ../../configuration/loadbalancing/wan.rst:88 msgid "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." msgstr "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." -#: ../../configuration/vpn/ipsec.rst:145 +#: ../../configuration/vpn/ipsec.rst:146 msgid "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" msgstr "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "``pgsql`` PostgreSQL protocol check." +msgstr "``pgsql`` PostgreSQL protocol check." + #: ../../configuration/service/ntp.rst:63 msgid "``pool`` mobilizes persistent client mode association with a number of remote servers." msgstr "``pool`` mobilizes persistent client mode association with a number of remote servers." @@ -20715,6 +23439,10 @@ msgstr "``pool`` mobilizes persistent client mode association with a number of r msgid "``port`` - define port. Have effect only when used together with ``prefix``;" msgstr "``port`` - define port. Have effect only when used together with ``prefix``;" +#: ../../configuration/service/suricata.rst:58 +msgid "``port`` Port number." +msgstr "``port`` Port number." + #: ../../configuration/vpn/site2site_ipsec.rst:38 msgid "``pre-shared-secret`` - use predefined shared secret phrase;" msgstr "``pre-shared-secret`` - use predefined shared secret phrase;" @@ -20731,7 +23459,7 @@ msgstr "``prefix`` - IP network at local side." msgid "``prefix`` - IP network at remote side." msgstr "``prefix`` - IP network at remote side." -#: ../../configuration/vpn/ipsec.rst:109 +#: ../../configuration/vpn/ipsec.rst:110 msgid "``prf`` pseudo-random function." msgstr "``prf`` pseudo-random function." @@ -20739,15 +23467,15 @@ msgstr "``prf`` pseudo-random function." msgid "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" msgstr "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" -#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:49 msgid "``processor.max_cstate=1`` Limit processor to maximum C-state 1" msgstr "``processor.max_cstate=1`` Limit processor to maximum C-state 1" -#: ../../configuration/vpn/ipsec.rst:154 +#: ../../configuration/vpn/ipsec.rst:155 msgid "``proposal`` ESP-group proposal with number <1-65535>:" msgstr "``proposal`` ESP-group proposal with number <1-65535>:" -#: ../../configuration/vpn/ipsec.rst:101 +#: ../../configuration/vpn/ipsec.rst:102 msgid "``proposal`` the list of proposals and their parameters:" msgstr "``proposal`` the list of proposals and their parameters:" @@ -20759,9 +23487,13 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en msgid "``psk`` - Preshared secret key name:" msgstr "``psk`` - Preshared secret key name:" -#: ../../configuration/firewall/bridge.rst:83 -#: ../../configuration/firewall/ipv4.rst:101 -#: ../../configuration/firewall/ipv6.rst:101 +#: ../../configuration/service/ntp.rst:70 +msgid "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." +msgstr "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." + +#: ../../configuration/firewall/bridge.rst:102 +#: ../../configuration/firewall/ipv4.rst:125 +#: ../../configuration/firewall/ipv6.rst:125 msgid "``queue``: Enqueue packet to userspace." msgstr "``queue``: Enqueue packet to userspace." @@ -20769,8 +23501,16 @@ msgstr "``queue``: Enqueue packet to userspace." msgid "``rate``: Number of packets. Default 5." msgstr "``rate``: Number of packets. Default 5." -#: ../../configuration/firewall/ipv4.rst:94 -#: ../../configuration/firewall/ipv6.rst:94 +#: ../../configuration/service/ntp.rst:152 +msgid "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." +msgstr "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." + +#: ../../configuration/loadbalancing/haproxy.rst:251 +msgid "``redis`` Redis protocol check." +msgstr "``redis`` Redis protocol check." + +#: ../../configuration/firewall/ipv4.rst:118 +#: ../../configuration/firewall/ipv6.rst:118 msgid "``reject``: reject the packet." msgstr "``reject``: reject the packet." @@ -20794,7 +23534,7 @@ msgstr "``remote`` - define the remote destination for match traffic, which shou msgid "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" msgstr "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" -#: ../../configuration/loadbalancing/reverse-proxy.rst:64 +#: ../../configuration/loadbalancing/haproxy.rst:76 msgid "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" msgstr "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" @@ -20806,7 +23546,7 @@ msgstr "``resp-time``: the maximum response time for ping in seconds. Range 1... msgid "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." msgstr "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." -#: ../../configuration/vpn/ipsec.rst:68 +#: ../../configuration/vpn/ipsec.rst:69 msgid "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" @@ -20815,9 +23555,9 @@ msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh msgid "``restart`` set action to restart;" msgstr "``restart`` set action to restart;" -#: ../../configuration/firewall/bridge.rst:80 -#: ../../configuration/firewall/ipv4.rst:98 -#: ../../configuration/firewall/ipv6.rst:98 +#: ../../configuration/firewall/bridge.rst:99 +#: ../../configuration/firewall/ipv4.rst:122 +#: ../../configuration/firewall/ipv6.rst:122 msgid "``return``: Return from the current chain and continue at the next rule of the last chain." msgstr "``return``: Return from the current chain and continue at the next rule of the last chain." @@ -20833,7 +23573,7 @@ msgstr "``ripng`` - Routing Information Protocol next-generation (IPv6) (RIPng)" msgid "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." -#: ../../configuration/loadbalancing/reverse-proxy.rst:106 +#: ../../configuration/loadbalancing/haproxy.rst:118 msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" @@ -20873,15 +23613,28 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" -#: ../../configuration/firewall/index.rst:90 +#: ../../configuration/firewall/index.rst:113 msgid "``set firewall bridge forward filter ...``." msgstr "``set firewall bridge forward filter ...``." -#: ../../configuration/firewall/index.rst:61 +#: ../../configuration/firewall/index.rst:118 +msgid "``set firewall bridge input filter ...``." +msgstr "``set firewall bridge input filter ...``." + +#: ../../configuration/firewall/index.rst:123 +msgid "``set firewall bridge output filter ...``." +msgstr "``set firewall bridge output filter ...``." + +#: ../../configuration/firewall/bridge.rst:44 +#: ../../configuration/firewall/index.rst:108 +msgid "``set firewall bridge prerouting filter ...``." +msgstr "``set firewall bridge prerouting filter ...``." + +#: ../../configuration/firewall/index.rst:75 msgid "``set firewall ipv4 forward filter ...``." msgstr "``set firewall ipv4 forward filter ...``." -#: ../../configuration/firewall/index.rst:54 +#: ../../configuration/firewall/index.rst:68 msgid "``set firewall ipv4 input filter ...``." msgstr "``set firewall ipv4 input filter ...``." @@ -20889,11 +23642,11 @@ msgstr "``set firewall ipv4 input filter ...``." msgid "``set firewall ipv4 output filter ...``." msgstr "``set firewall ipv4 output filter ...``." -#: ../../configuration/firewall/index.rst:63 +#: ../../configuration/firewall/index.rst:77 msgid "``set firewall ipv6 forward filter ...``." msgstr "``set firewall ipv6 forward filter ...``." -#: ../../configuration/firewall/index.rst:56 +#: ../../configuration/firewall/index.rst:70 msgid "``set firewall ipv6 input filter ...``." msgstr "``set firewall ipv6 input filter ...``." @@ -20901,19 +23654,25 @@ msgstr "``set firewall ipv6 input filter ...``." msgid "``set firewall ipv6 output filter ...``." msgstr "``set firewall ipv6 output filter ...``." -#: ../../configuration/interfaces/wireless.rst:238 +#: ../../configuration/interfaces/wireless.rst:270 +#: ../../configuration/interfaces/wireless.rst:353 msgid "``single-user-beamformee`` - Support for operation as single user beamformee" msgstr "``single-user-beamformee`` - Support for operation as single user beamformee" -#: ../../configuration/interfaces/wireless.rst:237 +#: ../../configuration/interfaces/wireless.rst:268 +#: ../../configuration/interfaces/wireless.rst:351 msgid "``single-user-beamformer`` - Support for operation as single user beamformer" msgstr "``single-user-beamformer`` - Support for operation as single user beamformer" +#: ../../configuration/loadbalancing/haproxy.rst:254 +msgid "``smtp`` SMTP protocol check." +msgstr "``smtp`` SMTP protocol check." + #: ../../configuration/service/lldp.rst:68 msgid "``sonmp`` - Listen for SONMP for Nortel routers/switches" msgstr "``sonmp`` - Listen for SONMP for Nortel routers/switches" -#: ../../configuration/loadbalancing/reverse-proxy.rst:104 +#: ../../configuration/loadbalancing/haproxy.rst:116 msgid "``source-address`` Distributes requests based on the source IP address of the client" msgstr "``source-address`` Distributes requests based on the source IP address of the client" @@ -20933,15 +23692,15 @@ msgstr "``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com` msgid "``ssh-rsa``" msgstr "``ssh-rsa``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:66 +#: ../../configuration/loadbalancing/haproxy.rst:78 msgid "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" msgstr "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:65 +#: ../../configuration/loadbalancing/haproxy.rst:77 msgid "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" msgstr "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" -#: ../../configuration/vpn/ipsec.rst:54 +#: ../../configuration/vpn/ipsec.rst:55 msgid "``start`` tries to immediately re-create the CHILD_SA;" msgstr "``start`` tries to immediately re-create the CHILD_SA;" @@ -20949,24 +23708,24 @@ msgstr "``start`` tries to immediately re-create the CHILD_SA;" msgid "``static`` - Statically configured routes" msgstr "``static`` - Statically configured routes" -#: ../../configuration/interfaces/wireless.rst:122 +#: ../../configuration/interfaces/wireless.rst:148 msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/haproxy.rst:237 msgid "``status 200-399`` Expecting a non-failure response code" msgstr "``status 200-399`` Expecting a non-failure response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +#: ../../configuration/loadbalancing/haproxy.rst:236 msgid "``status 200`` Expecting a 200 response code" msgstr "``status 200`` Expecting a 200 response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +#: ../../configuration/loadbalancing/haproxy.rst:238 msgid "``string success`` Expecting the string `success` in the response body" msgstr "``string success`` Expecting the string `success` in the response body" -#: ../../configuration/firewall/ipv4.rst:103 -#: ../../configuration/firewall/ipv6.rst:103 +#: ../../configuration/firewall/ipv4.rst:127 +#: ../../configuration/firewall/ipv6.rst:127 msgid "``synproxy``: synproxy the packet." msgstr "``synproxy``: synproxy the packet." @@ -21006,15 +23765,27 @@ msgstr "``test-script``: A user defined script must return 0 to be considered su msgid "``threshold``: ``below`` or ``above`` the specified rate limit." msgstr "``threshold``: ``below`` or ``above`` the specified rate limit." -#: ../../configuration/system/option.rst:127 +#: ../../configuration/system/option.rst:147 msgid "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." msgstr "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." -#: ../../configuration/vpn/ipsec.rst:73 +#: ../../configuration/service/ntp.rst:49 +msgid "``time1.vyos.net``" +msgstr "``time1.vyos.net``" + +#: ../../configuration/service/ntp.rst:50 +msgid "``time2.vyos.net``" +msgstr "``time2.vyos.net``" + +#: ../../configuration/service/ntp.rst:51 +msgid "``time3.vyos.net``" +msgstr "``time3.vyos.net``" + +#: ../../configuration/vpn/ipsec.rst:74 msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" -#: ../../configuration/service/https.rst:98 +#: ../../configuration/service/https.rst:101 msgid "``token`` use JWT tokens." msgstr "``token`` use JWT tokens." @@ -21022,15 +23793,15 @@ msgstr "``token`` use JWT tokens." msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." -#: ../../configuration/vpn/ipsec.rst:143 +#: ../../configuration/vpn/ipsec.rst:144 msgid "``transport`` transport mode;" msgstr "``transport`` transport mode;" -#: ../../configuration/vpn/ipsec.rst:63 +#: ../../configuration/vpn/ipsec.rst:64 msgid "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" msgstr "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" -#: ../../configuration/vpn/ipsec.rst:52 +#: ../../configuration/vpn/ipsec.rst:53 msgid "``trap`` installs a trap policy for the CHILD_SA;" msgstr "``trap`` installs a trap policy for the CHILD_SA;" @@ -21050,7 +23821,7 @@ msgstr "``ttyUSBX`` - USB Serial device name" msgid "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" msgstr "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" -#: ../../configuration/vpn/ipsec.rst:141 +#: ../../configuration/vpn/ipsec.rst:142 msgid "``tunnel`` tunnel mode (default);" msgstr "``tunnel`` tunnel mode (default);" @@ -21058,6 +23829,10 @@ msgstr "``tunnel`` tunnel mode (default);" msgid "``type``: Specify the type of test. type can be ping, ttl or a user defined script" msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defined script" +#: ../../configuration/service/suricata.rst:75 +msgid "``type`` Log types." +msgstr "``type`` Log types." + #: ../../configuration/vpn/site2site_ipsec.rst:56 msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" @@ -21070,6 +23845,10 @@ msgstr "``virtual-address`` - Defines a virtual IP address which is requested by msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." +#: ../../configuration/vpn/ipsec.rst:192 +msgid "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" +msgstr "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" + #: ../../configuration/vpn/ipsec.rst:172 msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." @@ -21114,23 +23893,39 @@ msgstr "``xor-hash`` - XOR policy: Transmit based on the selected transmit hash msgid "``yes`` enable remote host re-authentication during an IKE rekey;" msgstr "``yes`` enable remote host re-authentication during an IKE rekey;" -#: ../../configuration/service/ntp.rst:90 +#: ../../configuration/service/ntp.rst:160 +msgid "`all`: All received packets will be timestamped." +msgstr "`all`: All received packets will be timestamped." + +#: ../../configuration/service/ntp.rst:97 msgid "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." msgstr "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." -#: ../../configuration/service/ntp.rst:94 +#: ../../configuration/service/ntp.rst:168 +msgid "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." +msgstr "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." + +#: ../../configuration/service/ntp.rst:162 +msgid "`ntp`: Only received NTP protocol packets will be timestamped." +msgstr "`ntp`: Only received NTP protocol packets will be timestamped." + +#: ../../configuration/service/ntp.rst:164 +msgid "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." +msgstr "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." + +#: ../../configuration/service/ntp.rst:101 msgid "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." msgstr "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." -#: ../../configuration/system/option.rst:69 +#: ../../configuration/system/option.rst:89 msgid "`source-address` and `source-interface` can not be used at the same time." msgstr "`source-address` and `source-interface` can not be used at the same time." -#: ../../configuration/service/ntp.rst:102 +#: ../../configuration/service/ntp.rst:109 msgid "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." msgstr "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." -#: ../../configuration/service/ntp.rst:107 +#: ../../configuration/service/ntp.rst:114 msgid "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" msgstr "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" @@ -21151,17 +23946,17 @@ msgstr "a blank indicates that no test has been carried out" msgid "aes256 Encryption" msgstr "aes256 Encryption" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "alert" msgstr "alert" -#: ../../configuration/system/syslog.rst:110 -#: ../../configuration/system/syslog.rst:169 -#: ../../configuration/system/syslog.rst:219 +#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:187 +#: ../../configuration/system/syslog.rst:237 msgid "all" msgstr "all" -#: ../../configuration/vrf/index.rst:447 +#: ../../configuration/vrf/index.rst:443 msgid "an RD / RTLIST" msgstr "an RD / RTLIST" @@ -21177,11 +23972,11 @@ msgstr "any: any IP address to match." msgid "any: any IPv6 address to match." msgstr "any: any IPv6 address to match." -#: ../../configuration/system/syslog.rst:120 +#: ../../configuration/system/syslog.rst:138 msgid "auth" msgstr "auth" -#: ../../configuration/system/syslog.rst:221 +#: ../../configuration/system/syslog.rst:239 msgid "authorization" msgstr "authorization" @@ -21233,23 +24028,23 @@ msgstr "client-prefix-length" msgid "client example (debian 9)" msgstr "client example (debian 9)" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock" msgstr "clock" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock daemon (note 2)" msgstr "clock daemon (note 2)" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "crit" msgstr "crit" -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "cron" msgstr "cron" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "daemon" msgstr "daemon" @@ -21269,7 +24064,7 @@ msgstr "ddclient_ uses two methods to update a DNS record. The first one will se msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ will skip any address located before the string set in `<pattern>`." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "debug" msgstr "debug" @@ -21293,7 +24088,7 @@ msgstr "default-preference" msgid "default-router" msgstr "default-router" -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "default min-threshold" msgstr "default min-threshold" @@ -21301,7 +24096,7 @@ msgstr "default min-threshold" msgid "deprecate-prefix" msgstr "deprecate-prefix" -#: ../../configuration/highavailability/index.rst:364 +#: ../../configuration/highavailability/index.rst:368 msgid "destination-hashing" msgstr "destination-hashing" @@ -21309,11 +24104,11 @@ msgstr "destination-hashing" msgid "dhcp-server-identifier" msgstr "dhcp-server-identifier" -#: ../../configuration/highavailability/index.rst:374 +#: ../../configuration/highavailability/index.rst:378 msgid "direct" msgstr "direct" -#: ../../configuration/system/syslog.rst:223 +#: ../../configuration/system/syslog.rst:241 msgid "directory" msgstr "directory" @@ -21341,7 +24136,7 @@ msgstr "domain-name-servers" msgid "domain-search" msgstr "domain-search" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "emerg" msgstr "emerg" @@ -21361,7 +24156,7 @@ msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "err" msgstr "err" @@ -21385,7 +24180,7 @@ msgstr "failover" msgid "fast: Request partner to transmit LACPDUs every 1 second" msgstr "fast: Request partner to transmit LACPDUs every 1 second" -#: ../../configuration/system/syslog.rst:225 +#: ../../configuration/system/syslog.rst:243 msgid "file <file name>" msgstr "file <file name>" @@ -21394,7 +24189,7 @@ msgstr "file <file name>" msgid "filter-list" msgstr "filter-list" -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "ftp" msgstr "ftp" @@ -21418,14 +24213,18 @@ msgstr "hop-limit" msgid "host: single host IP address to match." msgstr "host: single host IP address to match." -#: ../../configuration/system/option.rst:119 +#: ../../configuration/system/option.rst:139 msgid "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" msgstr "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" -#: ../../configuration/interfaces/openvpn.rst:675 +#: ../../configuration/interfaces/openvpn.rst:816 msgid "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" msgstr "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" +#: ../../configuration/system/option.rst:73 +msgid "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" +msgstr "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" + #: ../../configuration/system/acceleration.rst:28 msgid "if there is a supported device, enable Intel® QAT" msgstr "if there is a supported device, enable Intel® QAT" @@ -21434,10 +24233,14 @@ msgstr "if there is a supported device, enable Intel® QAT" msgid "if there is non device the command will show ```No QAT device found```" msgstr "if there is non device the command will show ```No QAT device found```" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "info" msgstr "info" +#: ../../configuration/trafficpolicy/index.rst:232 +msgid "inherit matches from another group" +msgstr "inherit matches from another group" + #: ../../configuration/service/router-advert.rst:1 msgid "interval" msgstr "interval" @@ -21459,7 +24262,7 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" -#: ../../configuration/interfaces/ethernet.rst:106 +#: ../../configuration/interfaces/ethernet.rst:114 msgid "it can be used with any NIC" msgstr "it can be used with any NIC" @@ -21467,7 +24270,7 @@ msgstr "it can be used with any NIC" msgid "it can be used with any NIC," msgstr "it can be used with any NIC," -#: ../../configuration/interfaces/ethernet.rst:108 +#: ../../configuration/interfaces/ethernet.rst:116 msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" @@ -21475,7 +24278,7 @@ msgstr "it does not increase hardware device interrupt rate, although it does in msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/system/syslog.rst:130 msgid "kern" msgstr "kern" @@ -21491,7 +24294,7 @@ msgstr "ldpd" msgid "lease" msgstr "lease" -#: ../../configuration/highavailability/index.rst:361 +#: ../../configuration/highavailability/index.rst:365 msgid "least-connection" msgstr "least-connection" @@ -21515,75 +24318,75 @@ msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actuall msgid "link-mtu" msgstr "link-mtu" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local0" msgstr "local0" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local1" msgstr "local1" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local2" msgstr "local2" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local3" msgstr "local3" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local4" msgstr "local4" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local5" msgstr "local5" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "local6" msgstr "local6" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local7" msgstr "local7" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local use 0 (local0)" msgstr "local use 0 (local0)" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local use 1 (local1)" msgstr "local use 1 (local1)" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local use 2 (local2)" msgstr "local use 2 (local2)" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local use 3 (local3)" msgstr "local use 3 (local3)" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local use 4 (local4)" msgstr "local use 4 (local4)" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local use 5 (local5)" msgstr "local use 5 (local5)" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local use 7 (local7)" msgstr "local use 7 (local7)" -#: ../../configuration/highavailability/index.rst:365 +#: ../../configuration/highavailability/index.rst:369 msgid "locality-based-least-connection" msgstr "locality-based-least-connection" -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "logalert" msgstr "logalert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "logaudit" msgstr "logaudit" @@ -21593,7 +24396,7 @@ msgstr "logaudit" msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "lpr" msgstr "lpr" @@ -21613,7 +24416,7 @@ msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or msgid "mDNS repeater can be temporarily disabled without deleting the service using" msgstr "mDNS repeater can be temporarily disabled without deleting the service using" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "mail" msgstr "mail" @@ -21666,7 +24469,11 @@ msgstr "network: network/netmask to match (requires inverse-match be defined)." msgid "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" msgstr "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/vpn/ipsec.rst:171 +msgid "networks;" +msgstr "networks;" + +#: ../../configuration/system/syslog.rst:144 msgid "news" msgstr "news" @@ -21686,11 +24493,11 @@ msgstr "no-on-link-flag" msgid "notfound" msgstr "notfound" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "notice" msgstr "notice" -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:154 msgid "ntp" msgstr "ntp" @@ -21805,7 +24612,7 @@ msgstr "right subnet: `10.0.0.0/24` site2,remote office side" msgid "ripd" msgstr "ripd" -#: ../../configuration/highavailability/index.rst:359 +#: ../../configuration/highavailability/index.rst:363 msgid "round-robin" msgstr "round-robin" @@ -21818,7 +24625,7 @@ msgstr "route-map" msgid "routers" msgstr "routers" -#: ../../configuration/system/flow-accounting.rst:144 +#: ../../configuration/system/flow-accounting.rst:148 #: ../../configuration/system/sflow.rst:3 msgid "sFlow" msgstr "sFlow" @@ -21827,10 +24634,14 @@ msgstr "sFlow" msgid "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." msgstr "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:150 msgid "security" msgstr "security" +#: ../../configuration/vpn/ipsec.rst:188 +msgid "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." +msgstr "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." + #: ../../configuration/service/dhcp-server.rst:339 msgid "server-identifier" msgstr "server-identifier" @@ -21865,7 +24676,7 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "software filters can easily be added to hash over new protocols" msgstr "software filters can easily be added to hash over new protocols" @@ -21873,7 +24684,7 @@ msgstr "software filters can easily be added to hash over new protocols" msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," -#: ../../configuration/highavailability/index.rst:363 +#: ../../configuration/highavailability/index.rst:367 msgid "source-hashing" msgstr "source-hashing" @@ -21903,11 +24714,15 @@ msgstr "strict: Each incoming packet is tested against the FIB and if the interf msgid "subnet-mask" msgstr "subnet-mask" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/service/suricata.rst:5 +msgid "suricata" +msgstr "suricata" + +#: ../../configuration/system/syslog.rst:140 msgid "syslog" msgstr "syslog" -#: ../../configuration/system/syslog.rst:228 +#: ../../configuration/system/syslog.rst:246 msgid "tail" msgstr "tail" @@ -21938,12 +24753,12 @@ msgstr "time-server" msgid "time-servers" msgstr "time-servers" -#: ../../configuration/highavailability/index.rst:375 +#: ../../configuration/highavailability/index.rst:379 #: ../../configuration/service/router-advert.rst:20 msgid "tunnel" msgstr "tunnel" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "use 6 (local6)" msgstr "use 6 (local6)" @@ -21951,11 +24766,11 @@ msgstr "use 6 (local6)" msgid "use this command to check if there is an Intel® QAT supported Processor in your system." msgstr "use this command to check if there is an Intel® QAT supported Processor in your system." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "user" msgstr "user" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "uucp" msgstr "uucp" @@ -21971,11 +24786,15 @@ msgstr "valid-lifetime" msgid "veth interfaces need to be created in pairs - it's called the peer name" msgstr "veth interfaces need to be created in pairs - it's called the peer name" +#: ../../configuration/vpn/ipsec.rst:184 +msgid "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" +msgstr "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" + #: ../../configuration/service/router-advert.rst:21 msgid "vxlan" msgstr "vxlan" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "warning" msgstr "warning" @@ -21983,11 +24802,11 @@ msgstr "warning" msgid "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." msgstr "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." -#: ../../configuration/highavailability/index.rst:362 +#: ../../configuration/highavailability/index.rst:366 msgid "weighted-least-connection" msgstr "weighted-least-connection" -#: ../../configuration/highavailability/index.rst:360 +#: ../../configuration/highavailability/index.rst:364 msgid "weighted-round-robin" msgstr "weighted-round-robin" |