diff options
| author | rebortg <github@ghlr.de> | 2024-05-28 12:24:30 +0200 |
|---|---|---|
| committer | rebortg <github@ghlr.de> | 2024-05-28 12:24:30 +0200 |
| commit | 96039bd2f44018ae767930e252305bedece57156 (patch) | |
| tree | 650373a9398085999f8bbb45b09b4896ca489f5f | |
| parent | 0a3febc9524e7f5d3df856bd9cf58aafb3500252 (diff) | |
| parent | 2be191247b2f10f1bc3ae38f8bcb565ce0af0635 (diff) | |
| download | vyos-documentation-96039bd2f44018ae767930e252305bedece57156.tar.gz vyos-documentation-96039bd2f44018ae767930e252305bedece57156.zip | |
Merge branch 'current' of github.com:vyos/vyos-documentation into current
112 files changed, 4030 insertions, 1271 deletions
diff --git a/.github/reviewers.yml b/.github/reviewers.yml deleted file mode 100644 index 59342c56..00000000 --- a/.github/reviewers.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -'**/*': - - rebortg diff --git a/.github/vyos-linter.py b/.github/vyos-linter.py deleted file mode 100644 index 3dc7c2fc..00000000 --- a/.github/vyos-linter.py +++ /dev/null @@ -1,177 +0,0 @@ -import os -import re -import ipaddress -import sys -import ast - -IPV4SEG = r'(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])' -IPV4ADDR = r'\b(?:(?:' + IPV4SEG + r'\.){3,3}' + IPV4SEG + r')\b' -IPV6SEG = r'(?:(?:[0-9a-fA-F]){1,4})' -IPV6GROUPS = ( - r'(?:' + IPV6SEG + r':){7,7}' + IPV6SEG, # 1:2:3:4:5:6:7:8 - r'(?:\s' + IPV6SEG + r':){1,7}:', # 1:: 1:2:3:4:5:6:7:: - r'(?:' + IPV6SEG + r':){1,6}:' + IPV6SEG, # 1::8 1:2:3:4:5:6::8 1:2:3:4:5:6::8 - r'(?:' + IPV6SEG + r':){1,5}(?::' + IPV6SEG + r'){1,2}', # 1::7:8 1:2:3:4:5::7:8 1:2:3:4:5::8 - r'(?:' + IPV6SEG + r':){1,4}(?::' + IPV6SEG + r'){1,3}', # 1::6:7:8 1:2:3:4::6:7:8 1:2:3:4::8 - r'(?:' + IPV6SEG + r':){1,3}(?::' + IPV6SEG + r'){1,4}', # 1::5:6:7:8 1:2:3::5:6:7:8 1:2:3::8 - r'(?:' + IPV6SEG + r':){1,2}(?::' + IPV6SEG + r'){1,5}', # 1::4:5:6:7:8 1:2::4:5:6:7:8 1:2::8 - IPV6SEG + r':(?:(?::' + IPV6SEG + r'){1,6})', # 1::3:4:5:6:7:8 1::3:4:5:6:7:8 1::8 - r':(?:(?::' + IPV6SEG + r'){1,7}|:)', # ::2:3:4:5:6:7:8 ::2:3:4:5:6:7:8 ::8 :: - r'fe80:(?::' + IPV6SEG + r'){0,4}%[0-9a-zA-Z]{1,}', # fe80::7:8%eth0 fe80::7:8%1 (link-local IPv6 addresses with zone index) - r'::(?:ffff(?::0{1,4}){0,1}:){0,1}[^\s:]' + IPV4ADDR, # ::255.255.255.255 ::ffff:255.255.255.255 ::ffff:0:255.255.255.255 (IPv4-mapped IPv6 addresses and IPv4-translated addresses) - r'(?:' + IPV6SEG + r':){1,4}:[^\s:]' + IPV4ADDR, # 2001:db8:3:4::192.0.2.33 64:ff9b::192.0.2.33 (IPv4-Embedded IPv6 Address) -) -IPV6ADDR = '|'.join(['(?:{})'.format(g) for g in IPV6GROUPS[::-1]]) # Reverse rows for greedy match - -MAC = r'([0-9A-F]{2}[:-]){5}([0-9A-F]{2})' - -NUMBER = r"([\s']\d+[\s'])" - - -def lint_mac(cnt, line): - mac = re.search(MAC, line, re.I) - if mac is not None: - mac = mac.group() - u_mac = re.search(r'((00)[:-](53)([:-][0-9A-F]{2}){4})', mac, re.I) - m_mac = re.search(r'((90)[:-](10)([:-][0-9A-F]{2}){4})', mac, re.I) - if u_mac is None and m_mac is None: - return (f"Use MAC reserved for Documentation (RFC7042): {mac}", cnt, 'error') - - -def lint_ipv4(cnt, line): - ip = re.search(IPV4ADDR, line, re.I) - if ip is not None: - ip = ipaddress.ip_address(ip.group().strip(' ')) - # https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Address.is_private - if ip.is_private: - return None - if ip.is_multicast: - return None - if ip.is_global is False: - return None - return (f"Use IPv4 reserved for Documentation (RFC 5737) or private Space: {ip}", cnt, 'error') - - -def lint_ipv6(cnt, line): - ip = re.search(IPV6ADDR, line, re.I) - if ip is not None: - ip = ipaddress.ip_address(ip.group().strip(' ')) - if ip.is_private: - return None - if ip.is_multicast: - return None - if ip.is_global is False: - return None - return (f"Use IPv6 reserved for Documentation (RFC 3849) or private Space: {ip}", cnt, 'error') - - -def lint_AS(cnt, line): - number = re.search(NUMBER, line, re.I) - if number: - pass - # find a way to detect AS numbers - - -def lint_linelen(cnt, line): - line = line.rstrip() - if len(line) > 80: - return (f"Line too long: len={len(line)}", cnt, 'warning') - -def handle_file_action(filepath): - errors = [] - try: - with open(filepath) as fp: - line = fp.readline() - cnt = 1 - test_line_lenght = True - start_vyoslinter = True - indentation = 0 - while line: - # search for ignore linter comments in lines - if ".. stop_vyoslinter" in line: - start_vyoslinter = False - if ".. start_vyoslinter" in line: - start_vyoslinter = True - if start_vyoslinter: - # ignore every '.. code-block::' for line lenght - # rst code-block have its own style in html the format in rst - # and the build page must be the same - if test_line_lenght is False: - if len(line) > indentation: - #print(f"'{line}'") - #print(indentation) - if line[indentation].isspace() is False: - test_line_lenght = True - - if ".. code-block::" in line: - test_line_lenght = False - indentation = 0 - for i in line: - if i.isspace(): - indentation = indentation + 1 - else: - break - - err_mac = lint_mac(cnt, line.strip()) - # disable mac detection for the moment, too many false positives - err_mac = None - err_ip4 = lint_ipv4(cnt, line.strip()) - err_ip6 = lint_ipv6(cnt, line.strip()) - if test_line_lenght: - err_len = lint_linelen(cnt, line) - else: - err_len = None - if err_mac: - errors.append(err_mac) - if err_ip4: - errors.append(err_ip4) - if err_ip6: - errors.append(err_ip6) - if err_len: - errors.append(err_len) - - line = fp.readline() - cnt += 1 - - # ensure linter was not stop on top and forgot to tun on again - if start_vyoslinter == False: - errors.append((f"Don't forgett to turn linter back on", cnt, 'error')) - finally: - fp.close() - - if len(errors) > 0: - ''' - "::{$type} file={$filename},line={$line},col=$column::{$log}" - ''' - print(f"File: {filepath}") - for error in errors: - print(f"::{error[2]} file={filepath},line={error[1]}::{error[0]}") - print('') - return False - - -def main(): - bool_error = True - print('start') - try: - files = ast.literal_eval(sys.argv[1]) - for file in files: - if file[-4:] in [".rst", ".txt"] and "_build" not in file: - if handle_file_action(file) is False: - bool_error = False - except Exception as e: - for root, dirs, files in os.walk("docs"): - path = root.split(os.sep) - for file in files: - if file[-4:] in [".rst", ".txt"] and "_build" not in path: - fpath = '/'.join(path) - filepath = f"{fpath}/{file}" - if handle_file_action(filepath) is False: - bool_error = False - - return bool_error - - -if __name__ == "__main__": - if main() == False: - exit(1) diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml index 81134206..c3696ea4 100644 --- a/.github/workflows/auto-author-assign.yml +++ b/.github/workflows/auto-author-assign.yml @@ -3,25 +3,12 @@ on: pull_request_target: types: [opened, reopened, ready_for_review, locked] + permissions: pull-requests: write + contents: read jobs: - # https://github.com/marketplace/actions/auto-author-assign assign-author: - runs-on: ubuntu-latest - steps: - - name: "Assign Author to PR" - uses: toshimaru/auto-author-assign@v1.3.5 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - - # https://github.com/shufo/auto-assign-reviewer-by-files - assign_reviewer: - runs-on: ubuntu-latest - steps: - - name: Request review based on files changes and/or groups the author belongs to - uses: shufo/auto-assign-reviewer-by-files@v1.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - config: .github/reviewers.yml + uses: vyos/.github/.github/workflows/assign-author.yml@feature/T6349-reusable-workflows + secrets: inherit diff --git a/.github/workflows/check-pr-conflicts.yml b/.github/workflows/check-pr-conflicts.yml new file mode 100644 index 00000000..0c659e6e --- /dev/null +++ b/.github/workflows/check-pr-conflicts.yml @@ -0,0 +1,14 @@ + +name: "PR Conflicts checker" +on: + pull_request_target: + types: [synchronize] + +permissions: + pull-requests: write + contents: read + +jobs: + check-pr-conflict-call: + uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@feature/T6349-reusable-workflows + secrets: inherit diff --git a/.github/workflows/lint-doc.yml b/.github/workflows/lint-doc.yml new file mode 100644 index 00000000..7f2f2099 --- /dev/null +++ b/.github/workflows/lint-doc.yml @@ -0,0 +1,10 @@ +name: Lint Doc +on: + pull_request: + +jobs: + lint-doc: + uses: vyos/.github/.github/workflows/lint-doc.yml@feature/T6349-reusable-workflows + secrets: inherit + + diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 67556017..00000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Linting -on: - pull_request: - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: File Changes - id: file_changes - uses: trilom/file-changes-action@v1.2.3 - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: run python based linter - run: python .github/vyos-linter.py '${{ steps.file_changes.outputs.files_modified }}' - - env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - diff --git a/.github/workflows/pr-conflicts.yml b/.github/workflows/pr-conflicts.yml deleted file mode 100644 index 8f2db469..00000000 --- a/.github/workflows/pr-conflicts.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: "PR Conflicts checker" -on: - pull_request_target: - types: [synchronize] - -jobs: - Conflict_Check: - name: 'Check PR status: conflicts and resolution' - runs-on: ubuntu-22.04 - steps: - - name: check if PRs are dirty - uses: eps1lon/actions-label-merge-conflict@releases/2.x - with: - dirtyLabel: "state: conflict" - removeOnDirtyLabel: "state: conflict resolved" - repoToken: "${{ secrets.GITHUB_TOKEN }}" - commentOnDirty: "This pull request has conflicts, please resolve those before we can evaluate the pull request." - commentOnClean: "Conflicts have been resolved. A maintainer will review the pull request shortly." - diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..fca42748 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,2 @@ +* @vyos/reviewers +* @rebortg
\ No newline at end of file @@ -90,12 +90,14 @@ If the `vyos/vyos-documentation` container could not be found locally it will be automatically fetched from Dockerhub. ```bash -$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs \ - -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation make html +$ git clone https://github.com/vyos/vyos-documentation.git -# sphinx autobuild -$ docker run --rm -it -p 8000:8000 -v "$(pwd)":/vyos -w /vyos/docs -e \ - GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation make livehtml +$ cd vyos-documentation + +$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation make html + +# For sphinx autobuild +$ docker run --rm -it -p 8000:8000 -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation make livehtml ``` ### Test the docs @@ -103,13 +105,11 @@ $ docker run --rm -it -p 8000:8000 -v "$(pwd)":/vyos -w /vyos/docs -e \ To test all files, run: ```bash -$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs \ - -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation vale . +$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation vale . ``` to test a specific file (e.g. `quick-start.rst`) ```bash -$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) \ - -e GOSU_GID=$(id -g) vyos/vyos-documentation vale quick-start.rst +$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation vale quick-start.rst ``` diff --git a/docker/Dockerfile b/docker/Dockerfile index fc457582..d8a71872 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,7 +1,7 @@ # Must be run with --privileged flag # Recommended to run the container with a volume mapped # in order to easy exprort images built to "external" world -FROM debian:11 +FROM debian:12 LABEL authors="VyOS Maintainers <maintainers@vyos.io>" ENV DEBIAN_FRONTEND noninteractive @@ -27,16 +27,14 @@ RUN apt-get update && apt-get install -y \ curl \ dos2unix - - -RUN pip3 install Sphinx -RUN pip3 install sphinx-rtd-theme -RUN pip3 install sphinx-autobuild -RUN pip3 install sphinx-notfound-page -RUN pip3 install lxml -RUN pip3 install myst-parser -RUN pip3 install sphinx_design - +RUN pip3 install --break-system-packages \ + Sphinx \ + sphinx-rtd-theme \ + sphinx-autobuild \ + sphinx-notfound-page \ + lxml \ + myst-parser \ + sphinx_design # Cleanup RUN rm -rf /var/lib/apt/lists/* @@ -44,13 +42,11 @@ RUN rm -rf /var/lib/apt/lists/* EXPOSE 8000 # Allow password-less 'sudo' for all users in group 'sudo' -RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \ - chmod a+s /usr/sbin/useradd /usr/sbin/groupadd /usr/sbin/gosu /usr/sbin/usermod - +RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers COPY entrypoint.sh /usr/local/bin/entrypoint.sh -# we need to convert the entrypoint with appropriate line endings, else +# We need to convert the entrypoint with appropriate line endings, else # there will be an error: # standard_init_linux.go:175: exec user process caused # "no such file or directory" diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 8db41103..c44f5047 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -23,10 +23,10 @@ if ! grep -q $NEW_GID /etc/group; then groupadd --gid $NEW_GID $USER_NAME fi -useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME +useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME --key UID_MIN=500 usermod --append --groups sudo $USER_NAME -sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME +chown $NEW_UID:$NEW_GID /home/$USER_NAME export HOME=/home/$USER_NAME # Execute process -exec /usr/sbin/gosu $USER_NAME "$@" +/usr/sbin/gosu $USER_NAME "$@" diff --git a/docs/_include/interface-evpn-uplink.txt b/docs/_include/interface-evpn-uplink.txt new file mode 100644 index 00000000..3495361d --- /dev/null +++ b/docs/_include/interface-evpn-uplink.txt @@ -0,0 +1,11 @@ +.. cfgcmd:: set interfaces {{ var0 }} <interface> evpn uplink + + When all the underlay links go down the PE no longer has access + to the VxLAN +overlay. To prevent blackholing of traffic the + server/ES links are protodowned on the PE. + + A link can be setup for uplink tracking via the following example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} evpn uplink diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 8f778f989d8fed30eec0a95d5b1fbb67594c67d +Subproject f980f8b8010a9681c387d47c476254c89b0c4a2 diff --git a/docs/_locale/de/LC_MESSAGES/cli.mo b/docs/_locale/de/LC_MESSAGES/cli.mo Binary files differindex 458b4cbd..02f6fdee 100644 --- a/docs/_locale/de/LC_MESSAGES/cli.mo +++ b/docs/_locale/de/LC_MESSAGES/cli.mo diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.mo Binary files differindex 0f5432f2..7318a633 100644 --- a/docs/_locale/de/LC_MESSAGES/configuration.mo +++ b/docs/_locale/de/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/de/LC_MESSAGES/contributing.mo b/docs/_locale/de/LC_MESSAGES/contributing.mo Binary files differindex ed62e819..13fb0c19 100644 --- a/docs/_locale/de/LC_MESSAGES/contributing.mo +++ b/docs/_locale/de/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/de/LC_MESSAGES/documentation.mo b/docs/_locale/de/LC_MESSAGES/documentation.mo Binary files differindex 5c8bb64e..e078ffb1 100644 --- a/docs/_locale/de/LC_MESSAGES/documentation.mo +++ b/docs/_locale/de/LC_MESSAGES/documentation.mo diff --git a/docs/_locale/de/cli.pot b/docs/_locale/de/cli.pot index 71b339f5..70bb4156 100644 --- a/docs/_locale/de/cli.pot +++ b/docs/_locale/de/cli.pot @@ -28,23 +28,23 @@ msgstr "**Working configuration** is the one that is currently being modified in msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." @@ -52,7 +52,7 @@ msgstr "All changes in the working config will thus be lost." msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." @@ -72,11 +72,11 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Compare configurations" @@ -92,11 +92,11 @@ msgstr "Configuration Overview" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +104,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "Example:" @@ -124,11 +124,11 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ` msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Local Archive" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." @@ -164,31 +164,31 @@ msgstr "Operational mode allows for commands to perform operational system tasks msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Saving and loading manually" @@ -200,11 +200,11 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" @@ -228,15 +228,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -252,11 +252,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd: msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." @@ -268,7 +268,7 @@ msgstr "These commands are also relative to the level you are inside and only re msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." @@ -280,7 +280,7 @@ msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this a msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." @@ -288,11 +288,11 @@ msgstr "To remove an existing comment from your current configuration, specify a msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." @@ -300,15 +300,15 @@ msgstr "Use this command to preserve configuration changes upon reboot. By defau msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." @@ -324,7 +324,7 @@ msgstr "View the current active configuration in JSON format." msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." @@ -348,7 +348,7 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "When entering the configuration mode you are navigating inside a tree st msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +368,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -384,15 +384,15 @@ msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,19 +400,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." +msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -420,19 +424,19 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user>:<passwd>@<host>/<dir>``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -448,11 +452,11 @@ msgstr "``q`` key can be used to cancel output" msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" @@ -460,7 +464,7 @@ msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host>/<dir>``" diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index 15fcb065..f0ae9a1d 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Already-selected external check**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." @@ -105,6 +105,7 @@ msgstr "**Applies to:** Outbound Traffic." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -437,6 +438,10 @@ msgstr "**Queueing discipline** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." @@ -580,6 +585,10 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -2180,6 +2189,10 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from `<origin>`." +msgstr "Allow cross-origin requests from `<origin>`." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -2431,7 +2444,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2691,7 +2704,7 @@ msgstr "Authentication" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel is a modern routing protocol designed to be robust and efficient b msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2936,7 +2953,7 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." @@ -3155,6 +3172,10 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" @@ -3797,10 +3818,14 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configure sFlow agent IPv4 or IPv6 address" @@ -3853,7 +3878,7 @@ msgstr "Configure the discrete port under which the RADIUS server can be reached msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." @@ -4053,6 +4078,10 @@ msgstr "Create `<user>` for local authentication on this system. The users passw msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -4636,6 +4665,10 @@ msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reachin msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" @@ -4856,6 +4889,10 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Disables interface-based IPv4 static route." @@ -4974,10 +5011,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5271,10 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5485,10 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." @@ -5488,6 +5537,10 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `<member>` interface to bond `<interface>`." msgstr "Enslave `<member>` interface to bond `<interface>`." @@ -5747,7 +5800,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Example Configuration" @@ -5789,7 +5842,8 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6078,6 +6132,10 @@ msgstr "First, on both routers run the operational command \"generate pki key-pa msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki>` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki>` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6138,6 +6196,30 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." @@ -6341,7 +6423,7 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." @@ -6379,6 +6461,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." @@ -6553,7 +6639,7 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6663,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Global parameters" @@ -6590,6 +6676,10 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6627,6 +6717,10 @@ msgstr "HTTP basic authentication username" msgid "HTTP client" msgstr "HTTP client" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -7859,6 +7953,10 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." @@ -8480,6 +8578,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." @@ -8520,7 +8622,7 @@ msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8540,7 +8642,7 @@ msgstr "Lifetime is decremented by the number of seconds since the last RA - use msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8552,7 +8654,7 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" @@ -9339,6 +9441,10 @@ msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. Thi msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." #: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + +#: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Multiple aliases can pe specified per host-name." @@ -9859,7 +9965,7 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" @@ -10039,7 +10145,7 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10523,10 @@ msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Performance" @@ -10523,7 +10633,7 @@ msgstr "Port Groups" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" @@ -10809,7 +10919,7 @@ msgstr "Publish a port for the container." msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11133,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11055,7 +11165,7 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11512,11 @@ msgstr "Rule-Sets" msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." @@ -11414,11 +11524,11 @@ msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` an msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" @@ -11537,7 +11647,7 @@ msgstr "SSH was designed as a replacement for Telnet and for unsecured remote sh msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11650,6 +11760,10 @@ msgstr "Scripting" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -11857,6 +11971,10 @@ msgstr "Set Virtual Tunnel Interface" msgid "Set a container description" msgstr "Set a container description" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11995,7 @@ msgstr "Set a limit on the maximum number of concurrent logged-in users on the s msgid "Set a meaningful description." msgstr "Set a meaningful description." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." @@ -11904,7 +12022,7 @@ msgstr "Set action for the route-map policy." msgid "Set action to take on entries matching this rule." msgstr "Set action to take on entries matching this rule." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." @@ -12309,6 +12427,14 @@ msgstr "Set the address of the backend port" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12345,6 +12471,10 @@ msgstr "Set the global setting for invalid packets." msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" @@ -12361,6 +12491,10 @@ msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can re msgid "Set the maximum number of TCP half-open connections." msgstr "Set the maximum number of TCP half-open connections." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." @@ -12429,6 +12563,10 @@ msgstr "Set the routing table to forward packet with." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets†to record entries in the connection tracking table." msgstr "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets†to record entries in the connection tracking table." @@ -12459,6 +12597,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Sets the image name in the hub registry" @@ -12683,7 +12833,7 @@ msgstr "Show a list of installed certificates" msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given `<interface>`" msgstr "Show available offloading functions on given `<interface>`" @@ -12701,7 +12851,7 @@ msgstr "Show bridge `<name>` mdb displays the current multicast group membership #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12895,7 @@ msgstr "Show detailed information about the underlaying physical links on given #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12927,7 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" @@ -12895,7 +13045,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13475,7 +13625,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13524,6 +13674,10 @@ msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." #: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + +#: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13997,7 @@ msgstr "Temporary disable this RADIUS server. It won't be queried." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -13879,7 +14033,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -13923,7 +14077,7 @@ msgstr "The DN and password to bind as while performing searches. As the passwor msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14040,7 +14194,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14202,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14275,7 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" @@ -14397,7 +14551,7 @@ msgstr "The following commands translate to \"--net host\" when the container is msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14413,11 +14567,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14772,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -16161,11 +16315,19 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16665,7 +16827,7 @@ msgstr "This will show you a statistic of all rule-sets since the last boot." msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16915,7 +17077,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17188,6 +17350,10 @@ msgstr "USB to serial converters will handle most of their work in software so y msgid "UUCP subsystem" msgstr "UUCP subsystem" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Unicast" @@ -18192,7 +18358,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19430,7 @@ msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log- msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" @@ -19432,11 +19598,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19464,6 +19630,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19528,7 +19698,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19724,6 +19894,10 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" @@ -20292,6 +20466,10 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." @@ -20775,6 +20953,18 @@ msgstr "``static`` - Statically configured routes" msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +21014,10 @@ msgstr "``throughput``: A server profile focused on improving network throughput msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." @@ -20888,6 +21082,22 @@ msgstr "``vnc`` - Virtual Network Control (VNC)" msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - options for x509 authentication mode:" @@ -21249,10 +21459,18 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "it can be used with any NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." @@ -21647,6 +21865,10 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," diff --git a/docs/_locale/de/contributing.pot b/docs/_locale/de/contributing.pot index 43e97407..9e7d1188 100644 --- a/docs/_locale/de/contributing.pot +++ b/docs/_locale/de/contributing.pot @@ -72,6 +72,18 @@ msgstr "Ein guter Ansatz für das Schreiben von Commit-Nachrichten ist es, einen msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "Eine Reihe von Flags kann eingerichtet werden, um das Verhalten von VyOS zur Laufzeit zu ändern. Diese Flags können entweder durch Umgebungsvariablen oder durch das Erstellen von Dateien umgeschaltet werden." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "Eine einzelne, kurze Zusammenfassung des Commits (empfohlen 50 Zeichen oder weniger, nicht mehr als 80 Zeichen), die ein Präfix der geänderten Komponente und die entsprechende Phabricator_ Referenz enthält, z.B. ``snmp: T1111:`` oder ``Ethernet: T2222:`` - mehrere Komponenten können verkettet werden, wie z.B. ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Auch Akronyme **müssen** groß geschrieben werden, um sie optisch von n msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Hinzufügen einer Datei zum Git-Index mit ``git add myfile``, oder für ein ganzes Verzeichnis: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Eine oder mehrere IP-Adressen hinzufügen" @@ -155,6 +167,14 @@ msgstr "Jedes \"modifizierte\" Paket kann sich auf eine geänderte Version von z msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Alle Pakete im Paketverzeichnis werden während des Builds zur iso hinzugefügt und ersetzen die Upstream-Pakete. Stellen Sie sicher, dass Sie diese löschen (sowohl die Quellverzeichnisse als auch die erstellten deb-Pakete), wenn Sie eine Iso aus reinen Upstream-Paketen erstellen wollen." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "Da Smoketests die Systemkonfiguration ändern und Sie aus der Ferne eingeloggt sind, kann es sein, dass Sie die Verbindung zum System verlieren." @@ -219,6 +239,10 @@ msgstr "Startzeitpunkt" msgid "Bug Report/Issue" msgstr "Fehlerbericht/Ereignis" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Erstellen" @@ -303,7 +327,7 @@ msgstr "Befehlsdefinitionen sind rein deklarativ und können keine Logik enthalt msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Ãœbertragen Sie die Änderungen durch den Aufruf von ``git commit``. Bitte verwenden Sie eine aussagekräftige Commit-Ãœberschrift (siehe oben) und vergessen Sie nicht, die Phabricator_ ID anzugeben." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Last Tests der Konfiguration" @@ -331,7 +355,7 @@ msgstr "Continuous Integration" msgid "Customize" msgstr "Anpassen" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "DHCP-Client und DHCPv6-Präfix-Delegation" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "Jeder Änderungssatz muss konsistent (in sich geschlossen) sein! Beheben Sie nicht mehrere Fehler in einem einzigen Commit. Wenn Sie bereits an mehreren Fehlerkorrekturen in derselben Datei gearbeitet haben, verwenden Sie `git add --patch`, um nur die Teile, die sich auf das eine Problem beziehen, in Ihren nächsten Commit aufzunehmen." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "Example:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Feature Anfrage" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "Firmware" @@ -578,11 +610,15 @@ msgstr "Schrecklich: \"Tcp connection timeout\"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Schrecklich: \"frobnication algorithm.\"" -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "Wie können wir diesen Fehler reproduzieren?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "IP- und IPv6-Optionen" @@ -606,14 +642,30 @@ msgstr "Wenn ein Verb wesentlich ist, behalten Sie es bei. Zum Beispiel ist im H msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "Falls zutreffend, sollte ein Verweis auf einen vorhergehenden Commit gemacht werden, der diese Commits beim Durchsuchen der History gut miteinander verbindet: ``Nach dem Commit abcd12ef (\"snmp: this is a headline\") fehlt eine Python-Import-Anweisung, die folgende Ausnahme auslöst: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "Wenn in den Commits Ihres Pull-Requests keine Phabricator_ Referenz vorhanden ist, müssen wir Sie bitten, die Commit-Nachricht zu ändern. Andernfalls müssen wir sie ablehnen." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Wenn Sie mutig genug sind, sich ein ISO-Image zu erstellen, das ein beliebiges modifiziertes Paket aus unserer GitHub-Organisation enthält, sind Sie hier genau richtig." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Wenn Sie Ihren Kernel aktualisieren oder neue Treiber einbinden, benötigen Sie möglicherweise eine neue Firmware. Erstellen Sie ein neues ``vyos-linux-firmware`` Paket mit den enthaltenen Hilfsskripten." @@ -626,7 +678,7 @@ msgstr "In a big system, such as VyOS, that is comprised of multiple components, msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "Darüber hinaus hilft dies auch beim Durchsuchen der GitHub-Codebasis auf einem mobilen Gerät, wenn Sie ein verrückter Wissenschaftler sind." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." @@ -690,10 +742,14 @@ msgstr "Intel QAT" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Interface based tests" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Issues/Feature requests" @@ -706,6 +762,10 @@ msgstr "Issues or bugs are found in any software project. VyOS is not an excepti msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Linux Kernel" msgid "Live System" msgstr "Live System" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "MTU size" @@ -770,11 +830,11 @@ msgstr "MTU size" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Manual Smoketest Run" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Manual config load test" @@ -851,7 +911,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t msgid "Old concept/syntax" msgstr "Old concept/syntax" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." @@ -863,7 +923,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own." @@ -903,7 +963,7 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." @@ -936,11 +996,11 @@ msgstr "Please use the following template as good starting point when developing msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Port description" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Port disable" @@ -964,7 +1024,11 @@ msgstr "Prerequisites" msgid "Priorities" msgstr "Priorities" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Provide as much information as you can" @@ -996,7 +1060,7 @@ msgstr "Rationale: this seems to be the unwritten standard in network device CLI msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Report a Bug" @@ -1041,7 +1105,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." @@ -1077,6 +1141,14 @@ msgstr "Suppose you want to make a change in the webproxy script but yet you do msgid "System Startup" msgstr "System Startup" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "The ``verify()`` function takes your internal representation of the conf msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "The default template processor for VyOS code is Jinja2_." msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." @@ -1201,7 +1277,7 @@ msgstr "The most obvious reasons could be:" msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "The original repo is at https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." @@ -1265,6 +1341,10 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "This chapter lists those exceptions and gives you a brief overview what msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" @@ -1353,6 +1437,10 @@ msgstr "To enable boot time graphing change the Kernel commandline and add the f msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." @@ -1413,7 +1501,7 @@ msgstr "Useful commands are:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (incl. VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" @@ -1457,6 +1545,10 @@ msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. O msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." @@ -1473,6 +1565,10 @@ msgstr "We now need to mount some required, volatile filesystems" msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "When you are able to verify that it is actually a bug, spend some time t msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "When you believe you have found a bug, it is always a good idea to verif msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "Which version of VyOS are you using? ``run show version``" @@ -1574,6 +1670,10 @@ msgstr "You can type ``help`` to get an overview of the available commands, and msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/de/documentation.pot b/docs/_locale/de/documentation.pot index 27c45a75..42d57656 100644 --- a/docs/_locale/de/documentation.pot +++ b/docs/_locale/de/documentation.pot @@ -177,6 +177,10 @@ msgid "If there some troubleshooting guides related to the commands. Explain it msgstr "If there some troubleshooting guides related to the commands. Explain it in the next optional part." #: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + +#: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" diff --git a/docs/_locale/en/LC_MESSAGES/cli.mo b/docs/_locale/en/LC_MESSAGES/cli.mo Binary files differindex 907726f2..4a9800a8 100644 --- a/docs/_locale/en/LC_MESSAGES/cli.mo +++ b/docs/_locale/en/LC_MESSAGES/cli.mo diff --git a/docs/_locale/en/LC_MESSAGES/configuration.mo b/docs/_locale/en/LC_MESSAGES/configuration.mo Binary files differindex d43c6e6c..690b62d0 100644 --- a/docs/_locale/en/LC_MESSAGES/configuration.mo +++ b/docs/_locale/en/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/en/LC_MESSAGES/contributing.mo b/docs/_locale/en/LC_MESSAGES/contributing.mo Binary files differindex e4cef782..36a82404 100644 --- a/docs/_locale/en/LC_MESSAGES/contributing.mo +++ b/docs/_locale/en/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/en/LC_MESSAGES/documentation.mo b/docs/_locale/en/LC_MESSAGES/documentation.mo Binary files differindex 1ced609e..b404d64c 100644 --- a/docs/_locale/en/LC_MESSAGES/documentation.mo +++ b/docs/_locale/en/LC_MESSAGES/documentation.mo diff --git a/docs/_locale/es/LC_MESSAGES/cli.mo b/docs/_locale/es/LC_MESSAGES/cli.mo Binary files differindex 6f9a866d..c650bc45 100644 --- a/docs/_locale/es/LC_MESSAGES/cli.mo +++ b/docs/_locale/es/LC_MESSAGES/cli.mo diff --git a/docs/_locale/es/LC_MESSAGES/configuration.mo b/docs/_locale/es/LC_MESSAGES/configuration.mo Binary files differindex 953167c3..fd5da1d5 100644 --- a/docs/_locale/es/LC_MESSAGES/configuration.mo +++ b/docs/_locale/es/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/es/LC_MESSAGES/contributing.mo b/docs/_locale/es/LC_MESSAGES/contributing.mo Binary files differindex dbd1a68a..cf0faaa8 100644 --- a/docs/_locale/es/LC_MESSAGES/contributing.mo +++ b/docs/_locale/es/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/es/LC_MESSAGES/documentation.mo b/docs/_locale/es/LC_MESSAGES/documentation.mo Binary files differindex 1aaaddab..97ee8dba 100644 --- a/docs/_locale/es/LC_MESSAGES/documentation.mo +++ b/docs/_locale/es/LC_MESSAGES/documentation.mo diff --git a/docs/_locale/es/cli.pot b/docs/_locale/es/cli.pot index 57494692..1c4c9191 100644 --- a/docs/_locale/es/cli.pot +++ b/docs/_locale/es/cli.pot @@ -28,23 +28,23 @@ msgstr "**Configuración de trabajo** es la que se está modificando actualmente msgid "A VyOS system has three major types of configurations:" msgstr "Un sistema VyOS tiene tres tipos principales de configuraciones:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "Un reinicio porque no ingresaste ``confirm`` no te llevará necesariamente a la *configuración guardada*, sino al punto anterior a la desafortunada confirmación." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Acceder al modo de operación desde el modo de configuración" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "El acceso a estos comandos es posible mediante el uso del comando ``ejecutar [comando]``. Desde este mando tendrás acceso a todo lo accesible desde el modo operativo." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Agregue un comentario como una anotación a un nodo de configuración." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "Todos los cambios en la configuración de trabajo se perderán." @@ -52,7 +52,7 @@ msgstr "Todos los cambios en la configuración de trabajo se perderán." msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "Todos los comandos ejecutados aquà son relativos al nivel de configuración que ha ingresado. Puede hacer todo desde el nivel superior, pero los comandos serán bastante largos al escribirlos manualmente." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "Una cosa importante a tener en cuenta es que dado que el comentario se agrega en la parte superior de la sección, no aparecerá si el `` mostrar<section> Se utiliza el comando ``. Con el ejemplo anterior, el comando `show firewall` volverÃa comenzando después de la lÃnea ``firewall {``, ocultando el comentario." @@ -72,11 +72,11 @@ msgstr "De forma predeterminada, la configuración se muestra en una jerarquÃa msgid "Command Line Interface" msgstr "Interfaz de lÃnea de comandos" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "La finalización de comandos y la ayuda de sintaxis con ``?`` y ``[tab]`` también funcionarán." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Comparar configuraciones" @@ -92,11 +92,11 @@ msgstr "Descripción general de la configuración" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Los comandos de configuración se aplanan del árbol en comandos de 'una sola lÃnea' que se muestran en :opcmd:`mostrar comandos de configuración` desde el modo de operación. Los comandos son relativos al nivel en el que se ejecutan y toda la información redundante del nivel actual se elimina del comando ingresado." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "No se puede salir del modo de configuración mientras existan cambios no confirmados. Para salir del modo de configuración sin aplicar los cambios, se debe utilizar el comando :cfgcmd:`exit descartar`." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Copie un elemento de configuración." @@ -104,7 +104,7 @@ msgstr "Copie un elemento de configuración." msgid "Editing the configuration" msgstr "Editando la configuración" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "Ejemplo:" @@ -124,11 +124,11 @@ msgstr "Por ejemplo, al escribir ``sh`` seguido de la tecla ``TAB`` se completar msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Obtenga una colección de todos los comandos establecidos necesarios que condujeron a la configuración en ejecución." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "Si está conectado de forma remota, perderá su conexión. Es posible que desee copiar primero la configuración, editarla para garantizar la conectividad y cargar la configuración editada." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "En el caso de que desee eliminar completamente su configuración y restaurar la predeterminada, puede ingresar el siguiente comando en el modo de configuración:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "También es posible mostrar todos los comandos `set` dentro del modo de configuración usando :cfgcmd:`show | comandos`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Archivo local" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Administrar configuraciones" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Tenga en cuenta que el comando ``mostrar`` respeta su nivel de edición y desde este nivel puede ver el conjunto de reglas de firewall modificado con solo ``mostrar`` sin parámetros." @@ -164,31 +164,31 @@ msgstr "El modo operativo permite que los comandos realicen tareas operativas de msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Cambios rápidos de ``$`` a ``#``. Para salir del modo de configuración, escriba ``exit``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Archivo remoto" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Cambiar el nombre de un elemento de configuración." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Restaurar predeterminado" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Las revisiones se almacenan en el disco. Puede verlos, compararlos y revertirlos a cualquier revisión anterior si algo sale mal." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Cambios de reversión" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Retroceder a la revisión N (actualmente requiere reiniciar)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Guardar y cargar manualmente" @@ -200,11 +200,11 @@ msgstr "Consulte la sección de configuración de este documento para obtener mà msgid "Seeing and navigating the configuration" msgstr "Ver y navegar por la configuración" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Mostrar diferencia de revisión de confirmación." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Especifique la ubicación remota del archivo de confirmación como cualquiera de los siguientes :abbr:`URI (Identificador uniforme de recursos)`" @@ -228,15 +228,15 @@ msgstr "El comando :cfgcmd:`show` dentro del modo de configuración mostrará la msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "El comando ``comentario`` le permite insertar un comentario encima del ``<config node> `` sección de configuración. Cuando se muestran, los comentarios se encierran con ``/*`` y ``*/`` como delimitadores de apertura/cierre. Los comentarios deben confirmarse, al igual que otros cambios de configuración." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "El comando :cfgcmd:`compare` le permite comparar diferentes tipos de configuraciones. También le permite comparar diferentes revisiones a través del comando :cfgcmd:`compare NM`, donde N y M son números de revisión. La salida describirá cómo es la configuración N en comparación con M indicando con un signo más (``+``) las partes adicionales que tiene N en comparación con M, e indicando con un signo menos (``-``) las que faltan. las partes N fallan en comparación con M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "El comando anterior también te permite ver la diferencia entre dos confirmaciones. De forma predeterminada, se muestra la diferencia con la configuración en ejecución." @@ -252,11 +252,11 @@ msgstr "La configuración se puede editar mediante el uso de los comandos :cfgcm msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "El nivel de jerarquÃa actual se puede cambiar con el comando :cfgcmd:`edit`." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "El número de revisiones no afecta el archivo de confirmación." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Entonces es posible que desee :cfgcmd:`save` para eliminar también la configuración guardada." @@ -268,7 +268,7 @@ msgstr "Estos comandos también son relativos al nivel en el que se encuentra y msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "Estos dos comandos anteriores son esencialmente los mismos, solo que se ejecutan desde diferentes niveles en la jerarquÃa." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "Esto significa que hace cuatro confirmaciones hicimos ``set system ipv6 disabled-forwarding``." @@ -280,7 +280,7 @@ msgstr "Para eliminar una entrada de configuración, use el comando :cfgcmd:`del msgid "To enter configuration mode use the ``configure`` command:" msgstr "Para ingresar al modo de configuración use el comando ``configure``:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "Para eliminar un comentario existente de su configuración actual, especifique una cadena vacÃa entre comillas dobles (``""``) como texto del comentario." @@ -288,11 +288,11 @@ msgstr "Para eliminar un comentario existente de su configuración actual, espec msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use los comandos ``mostrar configuración | comando strip-private`` cuando desee ocultar datos privados. Es posible que desee hacerlo si desea compartir su configuración en el `foro`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Utilice este comando para cargar una configuración que reemplazará la configuración en ejecución. Defina la ubicación del archivo de configuración que se va a cargar. Puede utilizar una ruta a un archivo local, una dirección SCP, una dirección SFTP, una dirección FTP, una dirección HTTP, una dirección HTTPS o una dirección TFTP." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Utilice este comando para conservar los cambios de configuración al reiniciar. De forma predeterminada, se almacena en */config/config.boot*. En caso de que desee almacenar el archivo de configuración en otro lugar, puede agregar una ruta local, una dirección SCP, una dirección FTP o una dirección TFTP." @@ -300,15 +300,15 @@ msgstr "Utilice este comando para conservar los cambios de configuración al rei msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Utilice este comando para establecer el valor de un parámetro o para crear un nuevo elemento." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use este comando para detectar cuáles son las diferencias entre las diferentes configuraciones." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Utilice este comando para confirmar temporalmente sus cambios y establecer la cantidad de minutos disponibles para la validación. Se debe ingresar ``confirmar`` dentro de esos minutos, de lo contrario, el sistema se reiniciará con la configuración anterior. El valor predeterminado es 10 minutos." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "Ver todas las revisiones existentes en el sistema local." @@ -324,7 +324,7 @@ msgstr "Ver la configuración activa actual en formato JSON." msgid "View the current active configuration in readable JSON format." msgstr "Vea la configuración activa actual en formato JSON legible." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS puede cargar la configuración en una ubicación remota después de cada llamada a :cfgcmd:`commit`. Deberá establecer la ubicación del archivo de confirmación. Se admiten servidores TFTP, FTP, SCP y SFTP. Cada vez que un :cfgcmd:`commit` tiene éxito, el archivo ``config.boot`` se copiará en los destinos definidos. El nombre de archivo utilizado en el host remoto será ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS viene con un sistema de control de versiones integrado para la configuración del sistema. Mantiene automáticamente una copia de seguridad de todas las configuraciones anteriores que se han comprometido en el sistema. Las configuraciones se versionan localmente para revertirlas, pero también se pueden almacenar en un host remoto por razones de archivado/copia de seguridad." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS le permite comparar diferentes configuraciones." @@ -348,7 +348,7 @@ msgstr "VyOS utiliza un archivo de configuración unificado para la configuracià msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "¿Qué pasa si estás haciendo algo peligroso? Suponga que desea configurar un firewall y no está seguro de que no haya errores que lo bloqueen del sistema. Puede usar la confirmación confirmada. Si ejecuta el comando ``commit-confirm``, sus cambios se confirmarán, y si no ejecuta el comando ``confirm`` en 10 minutos, su sistema se reiniciará con la revisión de configuración anterior." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "Al ingresar al modo de configuración, está navegando dentro de una est msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "Al ingresar al modo de configuración, el aviso cambia de ``$`` a ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "Cuando está dentro del modo de configuración, no puede ejecutar directamente los comandos operativos." @@ -368,7 +368,7 @@ msgstr "Cuando está dentro del modo de configuración, no puede ejecutar direct msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "Cuando la salida de un comando da como resultado más lÃneas de las que se pueden mostrar en la pantalla de la terminal, la salida se pagina como lo indica un indicador ``:``." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "Al usar el comando save_, puede agregar una ubicación especÃfica donde almacenar su archivo de configuración. Y, cuando lo necesites, podrás cargarlo con el comando ``load``:" @@ -384,15 +384,15 @@ msgstr "Ahora se encuentra en un subnivel relativo a ``interfaces ethernet eth0` msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "También puede cambiar el nombre de los subárboles de configuración:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "Puede copiar y eliminar subárboles de configuración. Suponga que configura un conjunto de reglas de cortafuegos ``FromWorld`` con una regla que permite el tráfico desde una subred especÃfica. Ahora desea configurar una regla similar, pero para una subred diferente. Cambie su nivel de edición a ``nombre de firewall FromWorld`` y use ``copie la regla 10 a la regla 20``, luego modifique la regla 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "Puede revertir los cambios de configuración mediante el comando de reversión. Esto aplicará la revisión seleccionada y activará un reinicio del sistema." @@ -400,19 +400,23 @@ msgstr "Puede revertir los cambios de configuración mediante el comando de reve msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "Puedes desplazarte hacia arriba con las teclas ``[Shift]+[PageUp]`` y desplazarte hacia abajo con ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." +msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "Puede especificar el número de revisiones almacenadas en el disco. N puede estar en el rango de 0 a 65535. Cuando el número de revisiones supera el valor configurado, se elimina la revisión más antigua. La configuración predeterminada para este valor es almacenar 100 revisiones localmente." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "Puede usar los comandos ``guardar`` y ``cargar`` si desea administrar manualmente archivos de configuración especÃficos." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "Es posible que VyOS no permita la conexión segura porque no puede verificar la legitimidad del servidor remoto. Puede usar la solución a continuación para agregar rápidamente la huella digital SSH del host remoto a su archivo ``~/.ssh/known_hosts``:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "Se le preguntará si desea continuar. Si acepta, deberá usar :cfgcmd:`commit` si desea activar los cambios." @@ -420,19 +424,19 @@ msgstr "Se le preguntará si desea continuar. Si acepta, deberá usar :cfgcmd:`c msgid "``b`` will scroll back one page" msgstr "``b`` retrocederá una página" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user> :<passwd> @<host> /<dir> ``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -448,11 +452,11 @@ msgstr "La tecla ``q`` se puede utilizar para cancelar la salida" msgid "``return`` will scroll down one line" msgstr "``return`` se desplazará una lÃnea hacia abajo" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user> :<passwd> @<host> :/<dir> ``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user> :<passwd> @<host> /<dir> ``" @@ -460,7 +464,7 @@ msgstr "``sftp://<user> :<passwd> @<host> /<dir> ``" msgid "``space`` will scroll down one page" msgstr "``espacio`` se desplazará hacia abajo una página" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host> /<dir> ``" diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot index 47e842e1..b7b3a78a 100644 --- a/docs/_locale/es/configuration.pot +++ b/docs/_locale/es/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Comprobación externa ya seleccionada**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Se aplica a:** Tráfico entrante." @@ -105,6 +105,7 @@ msgstr "**Se aplica a:** Tráfico saliente." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Se aplica a:** Tráfico saliente." @@ -437,6 +438,10 @@ msgstr "**Disciplina de colas** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Disciplina de colas:** Déficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Disciplina de colas:** Descenso anticipado aleatorio generalizado." @@ -580,6 +585,10 @@ msgstr "**Enrutador VyOS:**" msgid "**Weight check**" msgstr "**Comprobación de peso**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**dirección** se puede especificar varias veces, por ejemplo, 192.168.100.1 y/o 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Agregue el certificado de CA público para la CA denominada "nombre msgid "Adding a 2FA with an OTP-key" msgstr "Agregar un 2FA con una clave OTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Se establecen parámetros globales adicionales, incluido el lÃmite de número máximo de conexiones de 4000 y una versión mÃnima de TLS de 1.3." @@ -2180,6 +2189,10 @@ msgstr "Permita el acceso a los sitios de un dominio sin recuperarlos de la memo msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Permita que bgp negocie la capacidad de próximo salto extendido con su par. Si está interconectando una dirección local de enlace IPv6, esta capacidad se activa automáticamente. Si está interconectando una dirección global IPv6, al activar este comando permitirá que BGP instale rutas IPv4 con nexthops IPv6 si no tiene IPv4 configurado en las interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from `<origin>`." +msgstr "Allow cross-origin requests from `<origin>`." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Permita una dirección IPv6 explÃcita para la interfaz." @@ -2431,7 +2444,7 @@ msgstr "Aplicar un conjunto de reglas a una zona" msgid "Applying a Rule-Set to an Interface" msgstr "Aplicar un conjunto de reglas a una interfaz" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Aplicar una polÃtica de tráfico" @@ -2691,7 +2704,7 @@ msgstr "Autenticación" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Autenticación (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel es un protocolo de enrutamiento moderno diseñado para ser robusto msgid "Backend" msgstr "back-end" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Algoritmos de equilibrio:" msgid "Balancing Rules" msgstr "Reglas de equilibrio" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Equilibrio basado en el nombre de dominio" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Conformación de ancho de banda" @@ -2936,7 +2953,7 @@ msgstr "Debido a que un agregador no puede estar activo sin al menos un enlace d msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Debido a que las sesiones existentes no conmutan por error automáticamente a una nueva ruta, la tabla de sesión se puede vaciar en cada cambio de estado de conexión:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Antes de habilitar cualquier descarga de segmentación de hardware, se requiere una descarga de software correspondiente en GSO. De lo contrario, es posible que una trama se redirija entre dispositivos y termine sin poder transmitirse." @@ -3155,6 +3172,10 @@ msgstr "Mediante el uso de interfaces Pseudo-Ethernet, habrá menos sobrecarga d msgid "Bypassing the webproxy" msgstr "Omitir el webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (autoridad de certificación)" @@ -3797,10 +3818,14 @@ msgstr "Configure el protocolo utilizado para la comunicación con el host de sy msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure el puerto proxy si no escucha el puerto predeterminado 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configurar la dirección IPv4 o IPv6 del agente sFlow" @@ -3853,7 +3878,7 @@ msgstr "Configure el puerto discreto bajo el cual se puede acceder al servidor R msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure el puerto discreto bajo el cual se puede acceder al servidor TACACS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure el servicio de proxy inverso de equilibrio de carga para HTTP." @@ -4053,6 +4078,10 @@ msgstr "Crear `<user> ` para la autenticación local en este sistema. La contras msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Crear un puente básico" @@ -4636,6 +4665,10 @@ msgstr "Define el máximo `<number> ` de solicitudes de eco no respondidas. Al l msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Define el dispositivo especificado como una consola del sistema. Los dispositivos de consola disponibles pueden ser (consulte el asistente de finalización):" @@ -4856,6 +4889,10 @@ msgstr "Deshabilitado de forma predeterminada: no se ha cargado ningún módulo msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Deshabilita el almacenamiento en caché de la información de pares de los paquetes de respuesta de resolución NHRP reenviados. Esto se puede usar para reducir el consumo de memoria en grandes subredes NBMA." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Deshabilita la ruta estática IPv4 basada en la interfaz." @@ -4974,10 +5011,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "No asigne una dirección IPv6 de enlace local a esta interfaz." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "No configure IFB como primer paso. Primero cree todo lo demás de su polÃtica de tráfico y luego puede configurar IFB. De lo contrario, es posible que obtenga el error ``RTNETLINK respuesta: el archivo existe``, que se puede resolver con ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5271,10 @@ msgstr "Habilite BFD en un único vecino BGP" msgid "Enable DHCP failover configuration for this address pool." msgstr "Habilite la configuración de conmutación por error de DHCP para este conjunto de direcciones." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Habilitar reconocimiento de bloque retardado HT ``[DELAYED-BA]``" @@ -5440,6 +5485,10 @@ msgstr "Las conexiones PPPoE bajo demanda habilitadas abren el enlace solo cuand msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Habilita la autenticación estilo Cisco en paquetes NHRP. Esto incrusta la contraseña secreta de texto sin formato en los paquetes NHRP salientes. Los paquetes NHRP entrantes en esta interfaz se descartan a menos que esté presente la contraseña secreta. La longitud máxima del secreto es de 8 caracteres." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Permite adjuntar una etiqueta MPLS a una ruta exportada desde el VRF de unidifusión actual a VPN. Si el valor especificado es automático, el valor de la etiqueta se asigna automáticamente desde un grupo mantenido." @@ -5488,6 +5537,10 @@ msgstr "Habilitar esta función aumenta el riesgo de saturación del ancho de ba msgid "Enforce strict path checking" msgstr "Hacer cumplir la verificación de ruta estricta" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `<member>` interface to bond `<interface>`." msgstr "Esclavizar `<member> `interfaz para enlazar`<interface> `." @@ -5747,7 +5800,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Ejemplo: para agregar se establece en ``vyos.net`` y la URL recibida es ``www/foo.html``, el sistema usará la URL final generada de ``www.vyos.net/foo. html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Configuración de ejemplo" @@ -5789,7 +5842,8 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6078,6 +6132,10 @@ msgstr "Primero, en ambos enrutadores ejecute el comando operativo "generar msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki>` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "Primero, uno de los sistemas genera la clave usando :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki> `comando. Una vez generada, deberá instalar esta clave en el sistema local, luego copiar e instalar esta clave en el enrutador remoto." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6138,6 +6196,30 @@ msgstr "Exportación de flujo" msgid "Flow and packet-based balancing" msgstr "Equilibrio basado en flujo y paquetes" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Los flujos se pueden exportar a través de dos protocolos diferentes: NetFlow (versiones 5, 9 y 10/IPFIX) y sFlow. Además, puede guardar flujos en una tabla en memoria internamente en un enrutador." @@ -6341,7 +6423,7 @@ msgstr "Para la regla :ref:`destination-nat66`, la dirección de destino del paq msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "Para el usuario promedio, una consola en serie no tiene ninguna ventaja sobre una consola que ofrece un teclado y una pantalla conectados directamente. Las consolas en serie son mucho más lentas y tardan hasta un segundo en llenar una pantalla de 80 columnas por 24 lÃneas. Las consolas seriales generalmente solo admiten texto ASCII no proporcional, con soporte limitado para idiomas distintos del inglés." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "Para el tráfico de entrada de una interfaz, solo hay una polÃtica que puede aplicar directamente, una polÃtica **Limitadora**. No puede aplicar una polÃtica de configuración directamente al tráfico de entrada de ninguna interfaz porque la configuración solo funciona para el tráfico saliente." @@ -6379,6 +6461,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formalmente, un enlace virtual parece una red punto a punto que conecta dos ABR de un área, una de las cuales está conectada fÃsicamente a un área de red troncal. Se considera que esta pseudo-red pertenece a un área de red troncal." @@ -6553,7 +6639,7 @@ msgstr "Dado el siguiente ejemplo, tenemos un enrutador VyOS que actúa como ser msgid "Gloabal" msgstr "global" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6663,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Opciones globales" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Parámetros globales" @@ -6590,6 +6676,10 @@ msgstr "ajustes globales" msgid "Graceful Restart" msgstr "Reinicio elegante" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "ARP gratuito" @@ -6627,6 +6717,10 @@ msgstr "Nombre de usuario de autenticación básica HTTP" msgid "HTTP client" msgstr "cliente HTTP" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "Capacidades HT (alto rendimiento) (802.11n)" @@ -7859,6 +7953,10 @@ msgstr "Para separar el tráfico, Fair Queue utiliza un clasificador basado en l msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "Para usar TSO/LRO con adaptadores VMXNET3, también se debe habilitar la opción de descarga SG." @@ -8480,6 +8578,10 @@ msgstr "Los LNS se utilizan a menudo para conectarse a un LAC (concentrador de a msgid "Label Distribution Protocol" msgstr "Protocolo de distribución de etiquetas" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunneling Protocol Version 3 es un estándar IETF relacionado con L2TP que se puede utilizar como un protocolo alternativo a :ref:`mpls` para la encapsulación del tráfico de comunicaciones multiprotocolo de Capa 2 a través de redes IP. Al igual que L2TP, L2TPv3 proporciona un servicio de pseudocable, pero está escalado para adaptarse a los requisitos del operador." @@ -8520,7 +8622,7 @@ msgstr "Deje que el demonio SNMP escuche solo en la dirección IP 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Supongamos la siguiente topologÃa:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Equilibrio de nivel 4" @@ -8540,7 +8642,7 @@ msgstr "La vida útil se reduce según la cantidad de segundos desde el último msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limite los algoritmos de cifrado permitidos utilizados durante el protocolo de enlace SSL/TLS" @@ -8552,7 +8654,7 @@ msgstr "Limite los inicios de sesión a `<limit> ` por cada ``rate-time`` segund msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limite los inicios de sesión a ``rate-limit`` intentos por cada `<seconds> `. El tiempo de tasa debe estar entre 15 y 600 segundos." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limite el número máximo de conexiones" @@ -9339,6 +9441,10 @@ msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. Thi msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." #: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + +#: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Se pueden especificar varios alias por nombre de host." @@ -9859,7 +9965,7 @@ msgstr "Una vez que se ha encontrado un vecino, la entrada se considera válida msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Una vez que se impone una penalización a una ruta, la penalización se reduce a la mitad cada vez que transcurre una cantidad de tiempo predefinida (tiempo de vida media). Cuando las penalizaciones acumuladas caen por debajo de un umbral predefinido (valor de reutilización), la ruta se desactiva y se vuelve a agregar a la tabla de enrutamiento BGP." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Una vez que se crea una polÃtica de tráfico, puede aplicarla a una interfaz:" @@ -10039,7 +10145,7 @@ msgstr "Modos de funcionamiento" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10523,10 @@ msgstr "De forma predeterminada, se muestrean todos los paquetes (es decir, la t msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "De manera predeterminada, la sesión de usuario se reemplaza si una segunda solicitud de autenticación tiene éxito. Dichas solicitudes de sesión se pueden denegar o permitir por completo, lo que permitirÃa múltiples sesiones para un usuario en el último caso. Si se deniega, la segunda sesión se rechaza incluso si la autenticación tiene éxito, el usuario debe finalizar su primera sesión y luego puede volver a autenticarse." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Rendimiento" @@ -10523,7 +10633,7 @@ msgstr "Grupos de puertos" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Espejo de puerto (SPAN)" @@ -10809,7 +10919,7 @@ msgstr "Publique un puerto para el contenedor." msgid "Pull a new image for container" msgstr "Obtener una nueva imagen para el contenedor" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11133,7 @@ msgstr "Recomendado para instalaciones más grandes." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirigir HTTP a HTTPS" @@ -11055,7 +11165,7 @@ msgstr "Redundancia y carga compartida. Hay varios dispositivos NAT66 en el bord msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Registre el registro DNS ``example.vyos.io`` en el servidor DNS ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11512,11 @@ msgstr "Conjuntos de reglas" msgid "Rule-set overview" msgstr "Descripción general del conjunto de reglas" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "La regla 10 hace coincidir las solicitudes con el nombre de dominio ``node1.example.com`` reenvÃa al backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "La regla 10 hace coincidir las solicitudes con la ruta URL exacta ``/.well-known/xxx`` y redirige a la ubicación ``/certs/``." @@ -11414,11 +11524,11 @@ msgstr "La regla 10 hace coincidir las solicitudes con la ruta URL exacta ``/.we msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "La regla 20 coincide con las solicitudes con rutas URL que terminan en ``/mail`` o la ruta exacta ``/email/bar`` redirige a la ubicación ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "La regla 20 hace coincidir las solicitudes con el nombre de dominio ``node2.example.com`` reenvÃa al backend ``bk-api-02``" @@ -11537,7 +11647,7 @@ msgstr "SSH se diseñó como reemplazo de Telnet y de los protocolos de shell re msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID que se utilizará en tramas de administración IEEE 802.11" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11650,6 +11760,10 @@ msgstr "secuencias de comandos" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -11857,6 +11971,10 @@ msgstr "Establecer interfaz de túnel virtual" msgid "Set a container description" msgstr "Establecer una descripción de contenedor" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11995,7 @@ msgstr "Establezca un lÃmite en el número máximo de usuarios conectados simul msgid "Set a meaningful description." msgstr "Establezca una descripción significativa." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Establezca una clave API con nombre. Cada clave tiene los mismos permisos completos en el sistema." @@ -11904,7 +12022,7 @@ msgstr "Establezca la acción para la polÃtica del mapa de rutas." msgid "Set action to take on entries matching this rule." msgstr "Establezca la acción a realizar en las entradas que coincidan con esta regla." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Establecer una API-KEY es la configuración mÃnima para obtener un punto final de API que funcione." @@ -12309,6 +12427,14 @@ msgstr "Establecer la dirección del puerto backend" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Establezca la dirección del servidor backend al que se reenviará el tráfico entrante" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Establezca la versión de VRRP predeterminada que se utilizará. El valor predeterminado es 2, pero las instancias de IPv6 siempre usarán la versión 3." @@ -12345,6 +12471,10 @@ msgstr "Establezca la configuración global para paquetes no válidos." msgid "Set the global setting for related connections." msgstr "Establezca la configuración global para las conexiones relacionadas." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Configure el puerto de escucha de la API local, esto no tiene ningún efecto en el servidor web. El valor predeterminado es el puerto 8080" @@ -12361,6 +12491,10 @@ msgstr "Establezca la longitud máxima de relleno A-MPDU pre-EOF que la estació msgid "Set the maximum number of TCP half-open connections." msgstr "Establezca el número máximo de conexiones TCP semiabiertas." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Establezca el nombre de la entrada PKI SSL :abbr:`CA (Autoridad de certificación)` utilizada para la autenticación del lado remoto. Si se especifica un certificado de CA intermedio, todos los certificados de CA principales que existen en la PKI, como la CA raÃz o las CA intermedias adicionales, se utilizarán automáticamente durante la validación del certificado para garantizar que la cadena de confianza completa esté disponible." @@ -12429,6 +12563,10 @@ msgstr "Configure la tabla de enrutamiento para reenviar paquetes." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Establezca la identificación de la sesión, que es un valor entero de 32 bits. Identifica de forma única la sesión que se está creando. El valor utilizado debe coincidir con el valor peer_session_id que se utiliza en el par." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets†to record entries in the connection tracking table." msgstr "Establece el tamaño de la tabla hash. La tabla hash de seguimiento de conexiones hace que la búsqueda en la tabla de seguimiento de conexiones sea más rápida. La tabla hash utiliza "cubos" para registrar entradas en la tabla de seguimiento de conexiones." @@ -12459,6 +12597,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Establecer ventana de códigos válidos concurrentemente." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Establece el nombre de la imagen en el registro del concentrador" @@ -12683,7 +12833,7 @@ msgstr "Mostrar una lista de certificados instalados" msgid "Show all BFD peers" msgstr "Mostrar todos los compañeros de BFD" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given `<interface>`" msgstr "Mostrar las funciones de descarga disponibles en ` dado<interface> `" @@ -12701,7 +12851,7 @@ msgstr "Mostrar puente `<name> ` mdb muestra la tabla actual de miembros del gru #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12895,7 @@ msgstr "Mostrar información detallada sobre los enlaces fÃsicos subyacentes en #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12927,7 @@ msgstr "Mostrar información general sobre la interfaz especÃfica de WireGuard" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Mostrar información sobre el servicio Wireguard. También muestra el último apretón de manos." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical `<interface>`" msgstr "Mostrar información sobre el ` fÃsico<interface> `" @@ -12895,7 +13045,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "mostrar la ruta" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Mostrar información del transceptor de los módulos de complemento, por ejemplo, SFP+, QSFP" @@ -13475,7 +13625,7 @@ msgstr "Especifique el valor del identificador del agregador de nivel de sitio ( msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Especifique la dirección de la interfaz utilizada localmente en la interfaz a la que se ha delegado el prefijo. El ID debe ser un entero decimal." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Especifique la versión mÃnima requerida de TLS 1.2 o 1.3" @@ -13524,6 +13674,10 @@ msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety msgstr "Squid_ es un proxy web HTTP de almacenamiento en caché y reenvÃo. Tiene una amplia variedad de usos, incluida la aceleración de un servidor web al almacenar en caché solicitudes repetidas, almacenar en caché web, DNS y otras búsquedas de redes informáticas para un grupo de personas que comparten recursos de red y ayudar a la seguridad al filtrar el tráfico. Aunque se usa principalmente para HTTP y FTP, Squid incluye soporte limitado para varios otros protocolos, incluidos Internet Gopher, SSL, [6] TLS y HTTPS. Squid no es compatible con el protocolo SOCKS." #: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + +#: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13997,7 @@ msgstr "Deshabilite temporalmente este servidor RADIUS. No será consultado." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Deshabilite temporalmente este servidor TACACS. No será consultado." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminar SSL" @@ -13879,7 +14033,7 @@ msgstr "Pruebas y Validación" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Gracias a este descubrimiento, cualquier tráfico posterior entre PC4 y PC5 no utilizará la dirección de multidifusión entre las hojas, ya que ambas saben detrás de qué hoja están conectadas las PC. Esto ahorra tráfico, ya que se envÃan menos paquetes de multidifusión y se reduce la carga en la red, lo que mejora la escalabilidad cuando se agregan más hojas." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "Asà es como es posible hacer el llamado "formado de entrada"." @@ -13923,7 +14077,7 @@ msgstr "El DN y la contraseña para enlazar mientras se realizan búsquedas. Com msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "La polÃtica FQ-CoDel distribuye el tráfico en 1024 colas FIFO e intenta brindar un buen servicio entre todas ellas. También trata de mantener corta la longitud de todas las colas." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "El servicio HTTP escucha en el puerto TCP 80." @@ -14040,7 +14194,7 @@ msgstr "La ``dirección`` se puede configurar en la interfaz VRRP o no en la int msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "El parámetro ``dirección`` puede ser una dirección IPv4 o IPv6, pero no puede mezclar IPv4 e IPv6 en el mismo grupo, y deberá crear grupos con diferentes VRID especialmente para IPv4 e IPv6. Si desea utilizar la dirección IPv4 + IPv6, puede utilizar la opción ``dirección-excluida``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14202,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "El servicio ``http`` se reduce en el puerto 80 y fuerza los redireccionamientos de HTTP a HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14275,7 @@ msgstr "La dirección IP a la que se hace referencia a continuación `192.0.2.1` msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "La interfaz de vinculación proporciona un método para agregar múltiples interfaces de red en una única interfaz lógica "vinculada", o LAG, o ether-channel, o port-channel. El comportamiento de las interfaces vinculadas depende del modo; en términos generales, los modos proporcionan servicios de equilibrio de carga o de espera activa. Además, se puede realizar la supervisión de la integridad del enlace." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "El caso de la conformación de ingreso" @@ -14397,7 +14551,7 @@ msgstr "Los siguientes comandos se traducen a "--net host" cuando se c msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "Se requerirÃan los siguientes comandos para establecer opciones para un protocolo de enrutamiento dinámico dado dentro de un vrf dado:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "La siguiente configuración demuestra cómo usar VyOS para lograr un equilibrio de carga basado en el nombre de dominio." @@ -14413,11 +14567,11 @@ msgstr "La siguiente configuración en VyOS se aplica a todos los siguientes pro msgid "The following configuration reverse-proxy terminate SSL." msgstr "La siguiente configuración de proxy inverso termina SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14772,7 @@ msgstr "La aplicación más visible del protocolo es para el acceso a cuentas sh msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "El grupo de multidifusión utilizado por todas las hojas para esta extensión de vlan. Tiene que ser igual en todas las hojas que tenga esta interfaz." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "El nombre del servicio puede ser diferente, en este ejemplo es solo por conveniencia." @@ -16161,11 +16315,19 @@ msgstr "Este comando crea un puente que se usa para vincular el tráfico en eth1 msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "Este comando especifica la máquina de estados finitos (FSM) destinada a controlar el tiempo de ejecución de los cálculos SPF en respuesta a eventos IGP. El proceso descrito en :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "Esta configuración habilita el proxy inverso TCP para el servicio "my-tcp-api". Las conexiones TCP entrantes en el puerto 8888 se equilibrarán en la carga de los servidores backend (srv01 y srv02) mediante el algoritmo de equilibrio de carga por turnos." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "Esta configuración escucha en el puerto 80 y redirige las solicitudes entrantes a HTTPS:" @@ -16665,7 +16827,7 @@ msgstr "Esto le mostrará una estadÃstica de todos los conjuntos de reglas desd msgid "This will show you a summary of rule-sets and groups" msgstr "Esto le mostrará un resumen de conjuntos de reglas y grupos." -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "Esta solución le permite aplicar una polÃtica de modelado al tráfico de entrada al redirigirlo primero a una interfaz virtual intermedia ("Bloque funcional intermedio"_). AllÃ, en esa interfaz virtual, podrá aplicar cualquiera de las polÃticas que funcionan para el tráfico saliente, por ejemplo, una de configuración." @@ -16915,7 +17077,7 @@ msgstr "Para habilitar la autenticación basada en RADIUS, el modo de autenticac msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "Para habilitar la configuración del ancho de banda a través de RADIUS, la opción de lÃmite de velocidad debe estar habilitada." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "Para habilitar los mensajes de depuración. Disponible a través de :opcmd:`show log` o :opcmd:`monitor log`" @@ -17188,6 +17350,10 @@ msgstr "Los convertidores de USB a serie manejarán la mayor parte de su trabajo msgid "UUCP subsystem" msgstr "subsistema UUCP" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "unidifusión" @@ -18192,7 +18358,7 @@ msgstr "Frecuencia central del canal operativo VHT - frecuencia central 2 (para #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19430,7 @@ msgstr "Ahora puede "marcar" al interlocutor con el siguiente comando: msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "Ahora puede usar SSH en su sistema usando admin/admin como un usuario predeterminado suministrado desde el contenedor ``lfkeitel/tacacs_plus:latest``." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "Solo puede aplicar una polÃtica por interfaz y dirección, pero puede reutilizar una polÃtica en diferentes interfaces y direcciones:" @@ -19432,11 +19598,11 @@ msgstr ":abbr:`GENEVE (encapsulación de virtualización de red genérica)` admi msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (o IPIP/IPsec, SIT/IPsec, o cualquier otro protocolo de túnel sin estado sobre IPsec) es la forma habitual de proteger el tráfico dentro de un túnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Descarga de recepción genérica)` es el complemento de GSO. Idealmente, cualquier cuadro ensamblado por GRO debe segmentarse para crear una secuencia idéntica de cuadros usando GSO, y cualquier secuencia de cuadros segmentados por GSO debe poder volver a ensamblarse al original por GRO. La única excepción a esto es la ID de IPv4 en el caso de que el bit DF esté configurado para un encabezado IP determinado. Si el valor de la ID de IPv4 no se incrementa secuencialmente, se modificará para que sea asà cuando una trama ensamblada a través de GRO se segmente a través de GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (descarga de segmentación genérica)` es una descarga de software pura que está destinada a tratar los casos en los que los controladores de dispositivos no pueden realizar las descargas descritas anteriormente. Lo que ocurre en GSO es que un skbuff determinado tendrá sus datos desglosados en múltiples skbuffs que se han redimensionado para que coincidan con el MSS proporcionado a través de skb_shinfo()->gso_size." @@ -19464,6 +19630,10 @@ msgstr ":abbr:`LDP (protocolo de distribución de etiquetas)` es un protocolo de msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Protocolo de descubrimiento de capa de enlace)` es un protocolo de capa de enlace independiente del proveedor en el conjunto de protocolos de Internet que utilizan los dispositivos de red para anunciar su identidad, capacidades y vecinos en una red de área local IEEE 802, principalmente Ethernet cableada. El IEEE se refiere formalmente al protocolo como Descubrimiento de conectividad de control de acceso a estaciones y medios especificado en IEEE 802.1AB e IEEE 802.3-2012, sección 6, cláusula 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (protocolo de acuerdo de clave MACsec)` se utiliza para sincronizar claves entre pares individuales." @@ -19528,7 +19698,7 @@ msgstr ":abbr:`RPKI (Infraestructura de clave pública de recursos)` es un marco msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` es lógicamente una implementación de software de :abbr:`RSS (Receive Side Scaling)`. Al estar en el software, necesariamente se llama más adelante en la ruta de datos. Mientras que RSS selecciona la cola y, por lo tanto, la CPU que ejecutará el controlador de interrupciones de hardware, RPS selecciona la CPU para realizar el procesamiento del protocolo por encima del controlador de interrupciones. Esto se logra colocando el paquete en la cola de trabajos pendientes de la CPU deseada y activando la CPU para su procesamiento. RPS tiene algunas ventajas sobre RSS:" @@ -19724,6 +19894,10 @@ msgstr "`4. Añadir parámetros opcionales`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name> ` debe ser idéntico en ambos lados!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ cola -n +2 ca.clave | cabeza -n -1 | tr -d '\\n'``" @@ -20292,6 +20466,10 @@ msgstr "``intercambio de claves`` qué protocolo debe usarse para inicializar la msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``clave``: una clave privada, que se utilizará para autenticar el enrutador local en el par remoto:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: un perfil de servidor centrado en reducir la latencia de la red. Este perfil favorece el rendimiento sobre el ahorro de energÃa configurando ``intel_pstate`` y ``min_perf_pct=100``." @@ -20775,6 +20953,18 @@ msgstr "``static`` - Rutas configuradas estáticamente" msgid "``station`` - Connects to another access point" msgstr "``estación`` - Se conecta a otro punto de acceso" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +21014,10 @@ msgstr "``rendimiento``: un perfil de servidor centrado en mejorar el rendimient msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` tiempo de espera de actividad en segundos <2-86400> (predeterminado 120) solo IKEv1" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Equilibrio de carga de transmisión adaptable: vinculación de canales que no requiere ningún soporte de conmutador especial." @@ -20888,6 +21082,22 @@ msgstr "``vnc`` - Control de red virtual (VNC)" msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti``: utiliza una interfaz VTI para el cifrado del tráfico. Cualquier tráfico que se envÃe a la interfaz VTI se cifrará y se enviará a este par. El uso de VTI hace que la configuración de IPSec sea mucho más flexible y fácil en situaciones complejas, y permite agregar/eliminar dinámicamente redes remotas, accesibles a través de un par, ya que en este modo el enrutador no necesita crear SA/polÃtica adicional para cada red remota:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - opciones para el modo de autenticación x509:" @@ -21249,10 +21459,18 @@ msgstr "reenvÃo de ip" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "se puede usar con cualquier NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "no aumenta la tasa de interrupción del dispositivo de hardware (aunque sà introduce interrupciones entre procesadores (IPI))." @@ -21647,6 +21865,10 @@ msgstr "lento: solicite al socio que transmita LACPDU cada 30 segundos" msgid "smtp-server" msgstr "servidor SMTP" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "Los filtros de software se pueden agregar fácilmente al hash sobre nuevos protocolos," diff --git a/docs/_locale/es/contributing.pot b/docs/_locale/es/contributing.pot index cbea3424..606d81e2 100644 --- a/docs/_locale/es/contributing.pot +++ b/docs/_locale/es/contributing.pot @@ -72,6 +72,18 @@ msgstr "Un buen método para escribir mensajes de confirmación es echar un vist msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "Se pueden configurar varios indicadores para cambiar el comportamiento de VyOS en tiempo de ejecución. Estas banderas se pueden alternar usando variables de entorno o creando archivos." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "Un resumen único y breve de la confirmación (se recomiendan 50 caracteres o menos, sin exceder los 80 caracteres) que contenga un prefijo del componente cambiado y la referencia de Phabricator_ correspondiente, por ejemplo, ``snmp: T1111:`` o ``ethernet: T2222:` ` - se pueden concatenar múltiples componentes como en ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Los acrónimos también **deben** escribirse en mayúscula para distingu msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Agregue un archivo al Ãndice de Git usando ``git add myfile``, o para un directorio completo: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Agregar una o más direcciones IP" @@ -155,6 +167,14 @@ msgstr "Cualquier paquete "modificado" puede hacer referencia a una ve msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Cualquier paquete en el directorio de paquetes se agregará a la iso durante la compilación, reemplazando a los anteriores. Asegúrese de eliminarlos (tanto los directorios de origen como los paquetes deb creados) si desea crear una iso a partir de paquetes puramente ascendentes." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "Como Smoketests alterará la configuración del sistema y usted está conectado de forma remota, puede perder su conexión con el sistema." @@ -219,6 +239,10 @@ msgstr "Temporización de arranque" msgid "Bug Report/Issue" msgstr "Informe de error/problema" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Construir" @@ -303,7 +327,7 @@ msgstr "Las definiciones de comandos son puramente declarativas y no pueden cont msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Confirma los cambios llamando a ``git commit``. Utilice un tÃtulo de compromiso significativo (lea arriba) y no olvide hacer referencia al ID de Phabricator_." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Pruebas de carga de configuración" @@ -331,7 +355,7 @@ msgstr "Integración continua" msgid "Customize" msgstr "personalizar" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "Cliente DHCP y delegación de prefijos DHCPv6" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "¡Cada conjunto de cambios debe ser consistente (autocontenido)! No corrija varios errores en una sola confirmación. Si ya trabajó en varias correcciones en el mismo archivo, use `git add --patch` para agregar solo las partes relacionadas con el problema en su próxima confirmación." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "Ejemplo:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Solicitud de función" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "firmware" @@ -578,11 +610,15 @@ msgstr "Horrible: "Tiempo de espera de conexión TCP"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Horrible: "algoritmo de frobnicación"." -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "¿Cómo podemos reproducir este Bug?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "Opciones de IP e IPv6" @@ -606,14 +642,30 @@ msgstr "Si un verbo es esencial, mantenlo. Por ejemplo, en el texto de ayuda de msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "Si corresponde, se debe hacer una referencia a una confirmación anterior que vincule bien esas confirmaciones al navegar por el historial: ``Después de confirmar abcd12ef ("snmp: este es un titular"), falta una declaración de importación de Python, arrojando la siguiente excepción: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "Si no hay una referencia de Phabricator_ en las confirmaciones de su solicitud de extracción, debemos pedirle que modifique el mensaje de confirmación. De lo contrario tendremos que rechazarlo." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Si es lo suficientemente valiente como para crear una imagen ISO que contenga cualquier paquete modificado de nuestra organización GitHub, este es el lugar para estar." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Si actualiza su kernel o incluye nuevos controladores, es posible que necesite un nuevo firmware. Cree un nuevo paquete ``vyos-linux-firmware`` con los scripts auxiliares incluidos." @@ -626,7 +678,7 @@ msgstr "En un gran sistema, como VyOS, que se compone de múltiples componentes, msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "Además, esto también ayuda al navegar por el código base de GitHub en un dispositivo móvil si eres un cientÃfico loco." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "Para abrir un informe de error/solicitud de funciones, debe crear una cuenta en VyOS Phabricator_. En el lado izquierdo del proyecto especÃfico (VyOS 1.2 o VyOS 1.3) encontrará enlaces rápidos para abrir un informe de error/solicitud de funciones." @@ -690,10 +742,14 @@ msgstr "QAT de Intel" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Pruebas basadas en interfaz" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Problemas/solicitudes de funciones" @@ -706,6 +762,10 @@ msgstr "Se encuentran problemas o errores en cualquier proyecto de software. VyO msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "Es un programa Ada y requiere GNAT y gprbuild para compilar, las dependencias se especifican correctamente, asà que solo siga las sugerencias de debuild." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "También es posible configurar la depuración utilizando variables de entorno. En ese caso, el nombre será (en mayúsculas) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Núcleo de Linux" msgid "Live System" msgstr "Sistema en vivo" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "Tamaño de la PERSONA" @@ -770,11 +830,11 @@ msgstr "Tamaño de la PERSONA" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Realice sus cambios y guárdelos. Haga lo siguiente para todos los archivos de cambios para registrarlos en su confirmación de Git creada:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Ejecución manual de prueba de humo" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Prueba de carga de configuración manual" @@ -851,7 +911,7 @@ msgstr "Ahora está preparado con dos nuevos alias ``vybld`` y ``vybld_crux`` pa msgid "Old concept/syntax" msgstr "Viejo concepto/sintaxis" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "Por otro lado, como cada prueba está contenida en su propio archivo, siempre se puede ejecutar una sola prueba de humo a mano simplemente ejecutando los scripts de prueba de Python." @@ -863,7 +923,7 @@ msgstr "Una vez que haya instalado las dependencias requeridas, puede continuar msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Una vez que ejecutes ``show xyz`` y tu condición se active, deberÃas ingresar al depurador de python:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "Uno no está obligado a cargar todas las configuraciones una tras otra, sino que también puede cargar configuraciones de prueba individuales por su cuenta." @@ -903,7 +963,7 @@ msgstr "Nuestro código se divide en varios módulos. VyOS se compone de varios msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Nuestros scripts de modo operativo utilizan el módulo python-vici, que no está incluido en la compilación de Debian y no es muy fácil de integrar en esa compilación. Por esta razón, debianizamos ese módulo a mano ahora, usando este procedimiento:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Nuestras pruebas de humo no solo prueban demonios y servicios, sino que también verifican si lo que configuramos para una interfaz funciona. Por lo tanto, existe una base común clasificada denominada: ``base_interfaces_test.py`` que contiene todo el código común que admite una interfaz y se prueba." @@ -936,11 +996,11 @@ msgstr "Utilice la siguiente plantilla como un buen punto de partida cuando desa msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Descripción del puerto" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Deshabilitar puerto" @@ -964,7 +1024,11 @@ msgstr "requisitos previos" msgid "Priorities" msgstr "Prioridades" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Proporcione tanta información como pueda" @@ -996,7 +1060,7 @@ msgstr "Justificación: este parece ser el estándar no escrito en las CLI de di msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Las versiones recientes usan el framework ``vyos.frr``. La clase Python se encuentra dentro de nuestro ``vyos-1x:python/vyos/frr.py``. Viene con un depurador integrado de depuración/(estilo de impresión) como lo hace vyos.ifconfig." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Reportar un error" @@ -1041,7 +1105,7 @@ msgstr "Algunos paquetes de VyOS (a saber, vyos-1x) vienen con pruebas de tiempo msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Algunas abreviaturas se escriben tradicionalmente en mayúsculas y minúsculas. Generalmente, si contiene palabras "over" o "version", la letra **debe** estar en minúscula. Si hay una ortografÃa aceptada (especialmente si está definida por un RFC u otro estándar), **debe** seguirse." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Algunas de las configuraciones tienen condiciones previas que deben cumplirse. Lo más probable es que incluyan la generación de claves criptográficas antes de que se pueda aplicar la configuración; de lo contrario, obtendrá un error de confirmación. Si está interesado en cómo se cumplen esas condiciones previas, consulte el repositorio vyos-build_ y el archivo ``scripts/check-qemu-install``." @@ -1077,6 +1141,14 @@ msgstr "Suponga que desea realizar un cambio en la secuencia de comandos webprox msgid "System Startup" msgstr "Puesta en marcha del sistema" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "El procesador de plantillas **debe** usarse para generar archivos de configuración. El formato de cadena incorporado **puede** usarse para formatos simples orientados a lÃneas donde cada lÃnea es independiente, como las reglas de iptables. El procesador de plantillas **debe** usarse para formatos estructurados de varias lÃneas, como los que usa ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "La función ``verify()`` toma su representación interna de la configura msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "La finalización de bash (o mejor vbash) en VyOS se define en *templates*. Las plantillas son archivos de texto (llamados ``node.def``) almacenados en un árbol de directorios. Los nombres de los directorios definen los nombres de los comandos y los archivos de plantilla definen el comportamiento de los comandos. Antes de VyOS 1.2 (crux), estos archivos se creaban a mano. Después de un complejo proceso de rediseño, la nueva plantilla de estilo se genera automáticamente a partir de un archivo de entrada XML." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "El proceso de compilación debe crearse en un sistema de archivos local; la compilación en recursos compartidos SMB o NFS hará que el contenedor no se compile correctamente. VirtualBox Drive Share tampoco es una opción, ya que las operaciones de dispositivos de bloque no están implementadas y la unidad siempre se monta como "nodev"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "Todas las configuraciones se derivan de los sistemas de producción y no solo pueden actuar como un caso de prueba, sino también como referencia si se desea habilitar una caracterÃstica determinada. Las configuraciones se pueden encontrar aquÃ: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "El procesador de plantillas predeterminado para el código VyOS es Jinja msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "La forma más fácil de compilar su paquete es con el contenedor :ref:`build_docker` mencionado anteriormente, que incluye todas las dependencias requeridas para todos los paquetes relacionados con VyOS." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "Toda la prueba está controlada por la secuencia de comandos contenedora principal ``/usr/bin/vyos-configtest`` que se comporta de la misma manera que la secuencia de comandos principal de smoketest. Escanea la carpeta en busca de posibles archivos de configuración y emite un comando de ``cargar`` uno tras otro." @@ -1201,7 +1277,7 @@ msgstr "Las razones más obvias podrÃan ser:" msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "El repositorio original está en https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "La otra parte de nuestras pruebas se llama "pruebas de carga de configuración". Las pruebas de carga de configuración cargarán, uno tras otro, archivos de configuración arbitrarios para probar si los scripts de migración de configuración funcionan según lo diseñado y si un conjunto determinado de funcionalidad aún se puede cargar con una nueva imagen ISO de VyOS." @@ -1265,6 +1341,10 @@ msgstr "Hay extensiones para, por ejemplo, VIM (xmllint) que le ayudarán a obte msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "Hay dos banderas disponibles para ayudar en la depuración de scripts de configuración. Dado que los problemas de carga de la configuración se manifestarán durante el arranque, los indicadores se pasan como parámetros de arranque del kernel." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "Esta ISO se puede personalizar con la siguiente lista de opciones de configuración. La lista completa y actual se puede generar con ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "Este capÃtulo enumera esas excepciones y le brinda una breve descripcià msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "Esto se hace utilizando el paquete ``systemd-bootchart`` que ahora está instalado de forma predeterminada en la rama VyOS 1.3 (equuleus). La configuración también está versionada, por lo que obtenemos resultados comparables. ``systemd-bootchart`` se configura usando este archivo: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "Esto significa que el archivo en cuestión (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) se encuentra en el paquete ``vyatta-webproxy`` que se puede encontrar aquÃ: https://github. com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "Esto lo guiará a través del proceso de creación de una imagen ISO de VyOS con Docker_. Este proceso ha sido probado en instalaciones limpias de Debian Jessie, Stretch y Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "Esto limitará la prueba de interfaz `bond` para usar solo `eth1` y `eth2` como puertos miembro." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Esas pruebas comunes consisten en:" @@ -1353,6 +1437,10 @@ msgstr "Para habilitar la representación gráfica del tiempo de arranque, cambi msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "Para habilitar la depuración simplemente ejecute: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "Para garantizar una apariencia uniforme y mejorar la legibilidad, debemos seguir un conjunto de pautas de manera constante." @@ -1413,7 +1501,7 @@ msgstr "Los comandos útiles son:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (incl. VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLAN (QinQ y 802.1q regular)" @@ -1457,6 +1545,10 @@ msgstr "VyOS utiliza Jenkins_ como nuestro servicio de integración continua (CI msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "Nuevamente hacemos uso de un script de ayuda y algunos parches para que la compilación funcione. Simplemente ejecute el siguiente comando:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "Nos diferenciamos en dos pruebas independientes, ambas ejecutadas en paralelo por dos instancias QEmu separadas que se inician a través de ``make test`` y ``make testc`` desde el repositorio vyos-build_." @@ -1473,6 +1565,10 @@ msgstr "Ahora necesitamos montar algunos sistemas de archivos volátiles requeri msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "Solo aceptamos correcciones de errores en paquetes que no sean https://github.com/vyos/vyos-1x, ya que ninguna funcionalidad nueva debe usar las plantillas de estilo antiguo (``node.def`` y el código Perl/BASH. Use el nuevo estilo XML /Python en su lugar." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "Qué/por qué/cómo se ha cambiado algo hace que la vida de todos sea más fácil cuando se trabaja con `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "Cuando pueda verificar que en realidad se trata de un error, dedique alg msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "Cuando está trabajando en la configuración de la interfaz y tampoco quiere probar si las pruebas de humo pasan, normalmente perderÃa la conexión SSH remota a su :abbr:`DUT (Dispositivo bajo prueba)`. Para manejar este problema, algunas de las pruebas basadas en interfaz se pueden llamar con una variable de entorno de antemano para limitar la cantidad de interfaces utilizadas en la prueba. De forma predeterminada, se utilizan todas las interfaces, por ejemplo, todas las interfaces Ethernet." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "Cuando crea que ha encontrado un error, siempre es una buena idea verifi msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "Cuando desea que un desarrollador corrija un error que encontró, ayudarlos a reproducir el problema es beneficioso para todos. Asegúrese de incluir información sobre el hardware que está utilizando, los comandos que estaba ejecutando y cualquier otra actividad que haya estado realizando en ese momento. Esta información adicional puede ser muy útil." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "¿Qué versión de VyOS estás usando? ``ejecutar versión show``" @@ -1574,6 +1670,10 @@ msgstr "Puede escribir ``ayuda`` para obtener una descripción general de los co msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "¿Tiene una idea de cómo mejorar VyOS o necesita una función especÃfica de la que se beneficiarÃan todos los usuarios de VyOS? Para enviar una solicitud de función, busque Phabricator_ si ya hay una solicitud pendiente. Puede mejorarlo o, si no encuentra uno, crear uno nuevo usando el enlace rápido en el lado izquierdo debajo del proyecto especÃfico." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "Tiene sus propios paquetes `*.deb` de kernel personalizados en la carpeta `packages` pero olvidó crear todos los módulos fuera del árbol necesarios como Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "Ahora deberÃa ver un seguimiento de Python que nos ayudará a manejar el problema, adjúntelo a la tarea Phabricator_." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "Luego puede continuar con la clonación de su bifurcación o agregar un msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Su secuencia de comandos de configuración o secuencia de comandos de modo de operación, que también está escrita en Python3, debe tener un salto de lÃnea de 80 caracteres. Esto parece un poco extraño hoy en dÃa, pero como algunas personas también trabajan de forma remota o programan usando vi(m), este es un buen estándar en el que espero podamos confiar." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/es/documentation.pot b/docs/_locale/es/documentation.pot index 5f3845c2..e4c20974 100644 --- a/docs/_locale/es/documentation.pot +++ b/docs/_locale/es/documentation.pot @@ -177,6 +177,10 @@ msgid "If there some troubleshooting guides related to the commands. Explain it msgstr "Si hay algunas guÃas de solución de problemas relacionadas con los comandos. ExplÃcalo en la siguiente parte opcional." #: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + +#: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "Si también desea actualizar su bifurcación en GitHub, use lo siguiente: ``$ git push origin master``" diff --git a/docs/_locale/ja/LC_MESSAGES/cli.mo b/docs/_locale/ja/LC_MESSAGES/cli.mo Binary files differindex 13bdb5b1..2f10af5f 100644 --- a/docs/_locale/ja/LC_MESSAGES/cli.mo +++ b/docs/_locale/ja/LC_MESSAGES/cli.mo diff --git a/docs/_locale/ja/LC_MESSAGES/configuration.mo b/docs/_locale/ja/LC_MESSAGES/configuration.mo Binary files differindex cc731ee9..04847737 100644 --- a/docs/_locale/ja/LC_MESSAGES/configuration.mo +++ b/docs/_locale/ja/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/ja/LC_MESSAGES/contributing.mo b/docs/_locale/ja/LC_MESSAGES/contributing.mo Binary files differindex eda663e7..341fabc9 100644 --- a/docs/_locale/ja/LC_MESSAGES/contributing.mo +++ b/docs/_locale/ja/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/ja/LC_MESSAGES/documentation.mo b/docs/_locale/ja/LC_MESSAGES/documentation.mo Binary files differindex 0379e81a..e4e815cd 100644 --- a/docs/_locale/ja/LC_MESSAGES/documentation.mo +++ b/docs/_locale/ja/LC_MESSAGES/documentation.mo diff --git a/docs/_locale/ja/cli.pot b/docs/_locale/ja/cli.pot index 5c4bfdac..66a82fac 100644 --- a/docs/_locale/ja/cli.pot +++ b/docs/_locale/ja/cli.pot @@ -28,23 +28,23 @@ msgstr "**Working configuration** is the one that is currently being modified in msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." @@ -52,7 +52,7 @@ msgstr "All changes in the working config will thus be lost." msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." @@ -72,11 +72,11 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Compare configurations" @@ -92,11 +92,11 @@ msgstr "Configuration Overview" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +104,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "Example:" @@ -124,11 +124,11 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ` msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Local Archive" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." @@ -164,31 +164,31 @@ msgstr "Operational mode allows for commands to perform operational system tasks msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Saving and loading manually" @@ -200,11 +200,11 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" @@ -228,15 +228,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -252,11 +252,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd: msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." @@ -268,7 +268,7 @@ msgstr "These commands are also relative to the level you are inside and only re msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." @@ -280,7 +280,7 @@ msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this a msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." @@ -288,11 +288,11 @@ msgstr "To remove an existing comment from your current configuration, specify a msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." @@ -300,15 +300,15 @@ msgstr "Use this command to preserve configuration changes upon reboot. By defau msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." @@ -324,7 +324,7 @@ msgstr "View the current active configuration in JSON format." msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." @@ -348,7 +348,7 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "When entering the configuration mode you are navigating inside a tree st msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +368,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -384,15 +384,15 @@ msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,19 +400,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." +msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -420,19 +424,19 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user>:<passwd>@<host>/<dir>``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -448,11 +452,11 @@ msgstr "``q`` key can be used to cancel output" msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" @@ -460,7 +464,7 @@ msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host>/<dir>``" diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot index 9341a397..3518562b 100644 --- a/docs/_locale/ja/configuration.pot +++ b/docs/_locale/ja/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Already-selected external check**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." @@ -105,6 +105,7 @@ msgstr "**Applies to:** Outbound Traffic." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -437,6 +438,10 @@ msgstr "**Queueing discipline** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." @@ -580,6 +585,10 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -2180,6 +2189,10 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from `<origin>`." +msgstr "Allow cross-origin requests from `<origin>`." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -2431,7 +2444,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2691,7 +2704,7 @@ msgstr "Authentication" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel is a modern routing protocol designed to be robust and efficient b msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2936,7 +2953,7 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." @@ -3155,6 +3172,10 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" @@ -3797,10 +3818,14 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configure sFlow agent IPv4 or IPv6 address" @@ -3853,7 +3878,7 @@ msgstr "Configure the discrete port under which the RADIUS server can be reached msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." @@ -4053,6 +4078,10 @@ msgstr "Create `<user>` for local authentication on this system. The users passw msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -4636,6 +4665,10 @@ msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reachin msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" @@ -4856,6 +4889,10 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Disables interface-based IPv4 static route." @@ -4974,10 +5011,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5271,10 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5485,10 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." @@ -5488,6 +5537,10 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `<member>` interface to bond `<interface>`." msgstr "Enslave `<member>` interface to bond `<interface>`." @@ -5747,7 +5800,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Example Configuration" @@ -5789,7 +5842,8 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6078,6 +6132,10 @@ msgstr "First, on both routers run the operational command \"generate pki key-pa msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki>` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki>` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6138,6 +6196,30 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." @@ -6341,7 +6423,7 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." @@ -6379,6 +6461,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." @@ -6553,7 +6639,7 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6663,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Global parameters" @@ -6590,6 +6676,10 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6627,6 +6717,10 @@ msgstr "HTTP basic authentication username" msgid "HTTP client" msgstr "HTTP client" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -7859,6 +7953,10 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." @@ -8480,6 +8578,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." @@ -8520,7 +8622,7 @@ msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8540,7 +8642,7 @@ msgstr "Lifetime is decremented by the number of seconds since the last RA - use msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8552,7 +8654,7 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" @@ -9339,6 +9441,10 @@ msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. Thi msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." #: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + +#: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Multiple aliases can pe specified per host-name." @@ -9859,7 +9965,7 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" @@ -10039,7 +10145,7 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10523,10 @@ msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Performance" @@ -10523,7 +10633,7 @@ msgstr "Port Groups" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" @@ -10809,7 +10919,7 @@ msgstr "Publish a port for the container." msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11133,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11055,7 +11165,7 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11512,11 @@ msgstr "Rule-Sets" msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." @@ -11414,11 +11524,11 @@ msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` an msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" @@ -11537,7 +11647,7 @@ msgstr "SSH was designed as a replacement for Telnet and for unsecured remote sh msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11650,6 +11760,10 @@ msgstr "Scripting" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -11857,6 +11971,10 @@ msgstr "Set Virtual Tunnel Interface" msgid "Set a container description" msgstr "Set a container description" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11995,7 @@ msgstr "Set a limit on the maximum number of concurrent logged-in users on the s msgid "Set a meaningful description." msgstr "Set a meaningful description." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." @@ -11904,7 +12022,7 @@ msgstr "Set action for the route-map policy." msgid "Set action to take on entries matching this rule." msgstr "Set action to take on entries matching this rule." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." @@ -12309,6 +12427,14 @@ msgstr "Set the address of the backend port" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12345,6 +12471,10 @@ msgstr "Set the global setting for invalid packets." msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" @@ -12361,6 +12491,10 @@ msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can re msgid "Set the maximum number of TCP half-open connections." msgstr "Set the maximum number of TCP half-open connections." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." @@ -12429,6 +12563,10 @@ msgstr "Set the routing table to forward packet with." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets†to record entries in the connection tracking table." msgstr "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets†to record entries in the connection tracking table." @@ -12459,6 +12597,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Sets the image name in the hub registry" @@ -12683,7 +12833,7 @@ msgstr "Show a list of installed certificates" msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given `<interface>`" msgstr "Show available offloading functions on given `<interface>`" @@ -12701,7 +12851,7 @@ msgstr "Show bridge `<name>` mdb displays the current multicast group membership #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12895,7 @@ msgstr "Show detailed information about the underlaying physical links on given #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12927,7 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" @@ -12895,7 +13045,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13475,7 +13625,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13524,6 +13674,10 @@ msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." #: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + +#: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13997,7 @@ msgstr "Temporary disable this RADIUS server. It won't be queried." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -13879,7 +14033,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -13923,7 +14077,7 @@ msgstr "The DN and password to bind as while performing searches. As the passwor msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14040,7 +14194,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14202,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14275,7 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" @@ -14397,7 +14551,7 @@ msgstr "The following commands translate to \"--net host\" when the container is msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14413,11 +14567,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14772,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -16161,11 +16315,19 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16665,7 +16827,7 @@ msgstr "This will show you a statistic of all rule-sets since the last boot." msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16915,7 +17077,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17188,6 +17350,10 @@ msgstr "USB to serial converters will handle most of their work in software so y msgid "UUCP subsystem" msgstr "UUCP subsystem" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Unicast" @@ -18192,7 +18358,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19430,7 @@ msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log- msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" @@ -19432,11 +19598,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19464,6 +19630,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19528,7 +19698,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19724,6 +19894,10 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" @@ -20292,6 +20466,10 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." @@ -20775,6 +20953,18 @@ msgstr "``static`` - Statically configured routes" msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +21014,10 @@ msgstr "``throughput``: A server profile focused on improving network throughput msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." @@ -20888,6 +21082,22 @@ msgstr "``vnc`` - Virtual Network Control (VNC)" msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - options for x509 authentication mode:" @@ -21249,10 +21459,18 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "it can be used with any NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." @@ -21647,6 +21865,10 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," diff --git a/docs/_locale/ja/contributing.pot b/docs/_locale/ja/contributing.pot index f7fb379e..19630864 100644 --- a/docs/_locale/ja/contributing.pot +++ b/docs/_locale/ja/contributing.pot @@ -72,6 +72,18 @@ msgstr "A good approach for writing commit messages is actually to have a look a msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Acronyms also **must** be capitalized to visually distinguish them from msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Add one or more IP addresses" @@ -155,6 +167,14 @@ msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." @@ -219,6 +239,10 @@ msgstr "Boot Timing" msgid "Bug Report/Issue" msgstr "Bug Report/Issue" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Build" @@ -303,7 +327,7 @@ msgstr "Command definitions are purely declarative, and cannot contain any logic msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Config Load Tests" @@ -331,7 +355,7 @@ msgstr "Continuous Integration" msgid "Customize" msgstr "Customize" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "DHCP client and DHCPv6 prefix delegation" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "Every change set must be consistent (self containing)! Do not fix multiple bugs in a single commit. If you already worked on multiple fixes in the same file use `git add --patch` to only add the parts related to the one issue into your upcoming commit." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "Example:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Feature Request" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "Firmware" @@ -578,11 +610,15 @@ msgstr "Horrible: \"Tcp connection timeout\"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Horrible: \"frobnication algorithm.\"" -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "How can we reproduce this Bug?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "IP and IPv6 options" @@ -606,14 +642,30 @@ msgstr "If a verb is essential, keep it. For example, in the help text of ``set msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." @@ -626,7 +678,7 @@ msgstr "In a big system, such as VyOS, that is comprised of multiple components, msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." @@ -690,10 +742,14 @@ msgstr "Intel QAT" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Interface based tests" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Issues/Feature requests" @@ -706,6 +762,10 @@ msgstr "Issues or bugs are found in any software project. VyOS is not an excepti msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Linux Kernel" msgid "Live System" msgstr "Live System" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "MTU size" @@ -770,11 +830,11 @@ msgstr "MTU size" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Manual Smoketest Run" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Manual config load test" @@ -851,7 +911,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t msgid "Old concept/syntax" msgstr "Old concept/syntax" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." @@ -863,7 +923,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own." @@ -903,7 +963,7 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." @@ -936,11 +996,11 @@ msgstr "Please use the following template as good starting point when developing msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Port description" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Port disable" @@ -964,7 +1024,11 @@ msgstr "Prerequisites" msgid "Priorities" msgstr "Priorities" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Provide as much information as you can" @@ -996,7 +1060,7 @@ msgstr "Rationale: this seems to be the unwritten standard in network device CLI msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Report a Bug" @@ -1041,7 +1105,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." @@ -1077,6 +1141,14 @@ msgstr "Suppose you want to make a change in the webproxy script but yet you do msgid "System Startup" msgstr "System Startup" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "The ``verify()`` function takes your internal representation of the conf msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "The default template processor for VyOS code is Jinja2_." msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." @@ -1201,7 +1277,7 @@ msgstr "The most obvious reasons could be:" msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "The original repo is at https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." @@ -1265,6 +1341,10 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "This chapter lists those exceptions and gives you a brief overview what msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" @@ -1353,6 +1437,10 @@ msgstr "To enable boot time graphing change the Kernel commandline and add the f msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." @@ -1413,7 +1501,7 @@ msgstr "Useful commands are:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (incl. VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" @@ -1457,6 +1545,10 @@ msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. O msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." @@ -1473,6 +1565,10 @@ msgstr "We now need to mount some required, volatile filesystems" msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "When you are able to verify that it is actually a bug, spend some time t msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "When you believe you have found a bug, it is always a good idea to verif msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "Which version of VyOS are you using? ``run show version``" @@ -1574,6 +1670,10 @@ msgstr "You can type ``help`` to get an overview of the available commands, and msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/ja/documentation.pot b/docs/_locale/ja/documentation.pot index 073e9254..1074c5fd 100644 --- a/docs/_locale/ja/documentation.pot +++ b/docs/_locale/ja/documentation.pot @@ -177,6 +177,10 @@ msgid "If there some troubleshooting guides related to the commands. Explain it msgstr "If there some troubleshooting guides related to the commands. Explain it in the next optional part." #: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + +#: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" diff --git a/docs/_locale/pt/LC_MESSAGES/cli.mo b/docs/_locale/pt/LC_MESSAGES/cli.mo Binary files differindex 2c519fba..206ed847 100644 --- a/docs/_locale/pt/LC_MESSAGES/cli.mo +++ b/docs/_locale/pt/LC_MESSAGES/cli.mo diff --git a/docs/_locale/pt/LC_MESSAGES/configuration.mo b/docs/_locale/pt/LC_MESSAGES/configuration.mo Binary files differindex 4ddc5742..34c7846c 100644 --- a/docs/_locale/pt/LC_MESSAGES/configuration.mo +++ b/docs/_locale/pt/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/pt/LC_MESSAGES/contributing.mo b/docs/_locale/pt/LC_MESSAGES/contributing.mo Binary files differindex 22ccd3a9..3eabef9b 100644 --- a/docs/_locale/pt/LC_MESSAGES/contributing.mo +++ b/docs/_locale/pt/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/pt/LC_MESSAGES/documentation.mo b/docs/_locale/pt/LC_MESSAGES/documentation.mo Binary files differindex 33a908be..a5bbfec6 100644 --- a/docs/_locale/pt/LC_MESSAGES/documentation.mo +++ b/docs/_locale/pt/LC_MESSAGES/documentation.mo diff --git a/docs/_locale/pt/cli.pot b/docs/_locale/pt/cli.pot index 12dda7c8..697d0fbb 100644 --- a/docs/_locale/pt/cli.pot +++ b/docs/_locale/pt/cli.pot @@ -28,23 +28,23 @@ msgstr "**Working configuration** is the one that is currently being modified in msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." @@ -52,7 +52,7 @@ msgstr "All changes in the working config will thus be lost." msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." @@ -72,11 +72,11 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Compare configurations" @@ -92,11 +92,11 @@ msgstr "Configuration Overview" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +104,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "Example:" @@ -124,11 +124,11 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ` msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Local Archive" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." @@ -164,31 +164,31 @@ msgstr "Operational mode allows for commands to perform operational system tasks msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Saving and loading manually" @@ -200,11 +200,11 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" @@ -228,15 +228,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -252,11 +252,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd: msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." @@ -268,7 +268,7 @@ msgstr "These commands are also relative to the level you are inside and only re msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." @@ -280,7 +280,7 @@ msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this a msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." @@ -288,11 +288,11 @@ msgstr "To remove an existing comment from your current configuration, specify a msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." @@ -300,15 +300,15 @@ msgstr "Use this command to preserve configuration changes upon reboot. By defau msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." @@ -324,7 +324,7 @@ msgstr "View the current active configuration in JSON format." msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." @@ -348,7 +348,7 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "When entering the configuration mode you are navigating inside a tree st msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +368,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -384,15 +384,15 @@ msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,19 +400,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." +msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -420,19 +424,19 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user>:<passwd>@<host>/<dir>``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -448,11 +452,11 @@ msgstr "``q`` key can be used to cancel output" msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" @@ -460,7 +464,7 @@ msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host>/<dir>``" diff --git a/docs/_locale/pt/configuration.pot b/docs/_locale/pt/configuration.pot index 5e3bd81e..098a9f01 100644 --- a/docs/_locale/pt/configuration.pot +++ b/docs/_locale/pt/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Already-selected external check**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." @@ -105,6 +105,7 @@ msgstr "**Applies to:** Outbound Traffic." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -437,6 +438,10 @@ msgstr "**Queueing discipline** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." @@ -580,6 +585,10 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -2180,6 +2189,10 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from `<origin>`." +msgstr "Allow cross-origin requests from `<origin>`." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -2431,7 +2444,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2691,7 +2704,7 @@ msgstr "Authentication" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel is a modern routing protocol designed to be robust and efficient b msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2936,7 +2953,7 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." @@ -3155,6 +3172,10 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" @@ -3797,10 +3818,14 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configure sFlow agent IPv4 or IPv6 address" @@ -3853,7 +3878,7 @@ msgstr "Configure the discrete port under which the RADIUS server can be reached msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." @@ -4053,6 +4078,10 @@ msgstr "Create `<user>` for local authentication on this system. The users passw msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -4636,6 +4665,10 @@ msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reachin msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" @@ -4856,6 +4889,10 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Disables interface-based IPv4 static route." @@ -4974,10 +5011,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5271,10 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5485,10 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." @@ -5488,6 +5537,10 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `<member>` interface to bond `<interface>`." msgstr "Enslave `<member>` interface to bond `<interface>`." @@ -5747,7 +5800,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Example Configuration" @@ -5789,7 +5842,8 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6078,6 +6132,10 @@ msgstr "First, on both routers run the operational command \"generate pki key-pa msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki>` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki>` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6138,6 +6196,30 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." @@ -6341,7 +6423,7 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." @@ -6379,6 +6461,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." @@ -6553,7 +6639,7 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6663,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Global parameters" @@ -6590,6 +6676,10 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6627,6 +6717,10 @@ msgstr "HTTP basic authentication username" msgid "HTTP client" msgstr "HTTP client" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -7859,6 +7953,10 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." @@ -8480,6 +8578,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." @@ -8520,7 +8622,7 @@ msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8540,7 +8642,7 @@ msgstr "Lifetime is decremented by the number of seconds since the last RA - use msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8552,7 +8654,7 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" @@ -9339,6 +9441,10 @@ msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. Thi msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." #: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + +#: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Multiple aliases can pe specified per host-name." @@ -9859,7 +9965,7 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" @@ -10039,7 +10145,7 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10523,10 @@ msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Performance" @@ -10523,7 +10633,7 @@ msgstr "Port Groups" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" @@ -10809,7 +10919,7 @@ msgstr "Publish a port for the container." msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11133,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11055,7 +11165,7 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11512,11 @@ msgstr "Rule-Sets" msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." @@ -11414,11 +11524,11 @@ msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` an msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" @@ -11537,7 +11647,7 @@ msgstr "SSH was designed as a replacement for Telnet and for unsecured remote sh msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11650,6 +11760,10 @@ msgstr "Scripting" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -11857,6 +11971,10 @@ msgstr "Set Virtual Tunnel Interface" msgid "Set a container description" msgstr "Set a container description" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11995,7 @@ msgstr "Set a limit on the maximum number of concurrent logged-in users on the s msgid "Set a meaningful description." msgstr "Set a meaningful description." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." @@ -11904,7 +12022,7 @@ msgstr "Set action for the route-map policy." msgid "Set action to take on entries matching this rule." msgstr "Set action to take on entries matching this rule." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." @@ -12309,6 +12427,14 @@ msgstr "Set the address of the backend port" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12345,6 +12471,10 @@ msgstr "Set the global setting for invalid packets." msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" @@ -12361,6 +12491,10 @@ msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can re msgid "Set the maximum number of TCP half-open connections." msgstr "Set the maximum number of TCP half-open connections." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." @@ -12429,6 +12563,10 @@ msgstr "Set the routing table to forward packet with." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets†to record entries in the connection tracking table." msgstr "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets†to record entries in the connection tracking table." @@ -12459,6 +12597,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Sets the image name in the hub registry" @@ -12683,7 +12833,7 @@ msgstr "Show a list of installed certificates" msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given `<interface>`" msgstr "Show available offloading functions on given `<interface>`" @@ -12701,7 +12851,7 @@ msgstr "Show bridge `<name>` mdb displays the current multicast group membership #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12895,7 @@ msgstr "Show detailed information about the underlaying physical links on given #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12927,7 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" @@ -12895,7 +13045,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13475,7 +13625,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13524,6 +13674,10 @@ msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." #: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + +#: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13997,7 @@ msgstr "Temporary disable this RADIUS server. It won't be queried." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -13879,7 +14033,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -13923,7 +14077,7 @@ msgstr "The DN and password to bind as while performing searches. As the passwor msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14040,7 +14194,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14202,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14275,7 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" @@ -14397,7 +14551,7 @@ msgstr "The following commands translate to \"--net host\" when the container is msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14413,11 +14567,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14772,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -16161,11 +16315,19 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16665,7 +16827,7 @@ msgstr "This will show you a statistic of all rule-sets since the last boot." msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16915,7 +17077,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17188,6 +17350,10 @@ msgstr "USB to serial converters will handle most of their work in software so y msgid "UUCP subsystem" msgstr "UUCP subsystem" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Unicast" @@ -18192,7 +18358,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19430,7 @@ msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log- msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" @@ -19432,11 +19598,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19464,6 +19630,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19528,7 +19698,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19724,6 +19894,10 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" @@ -20292,6 +20466,10 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." @@ -20775,6 +20953,18 @@ msgstr "``static`` - Statically configured routes" msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +21014,10 @@ msgstr "``throughput``: A server profile focused on improving network throughput msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." @@ -20888,6 +21082,22 @@ msgstr "``vnc`` - Virtual Network Control (VNC)" msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - options for x509 authentication mode:" @@ -21249,10 +21459,18 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "it can be used with any NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." @@ -21647,6 +21865,10 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," diff --git a/docs/_locale/pt/contributing.pot b/docs/_locale/pt/contributing.pot index 6587eb08..d7f2ae4c 100644 --- a/docs/_locale/pt/contributing.pot +++ b/docs/_locale/pt/contributing.pot @@ -72,6 +72,18 @@ msgstr "A good approach for writing commit messages is actually to have a look a msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Acronyms also **must** be capitalized to visually distinguish them from msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Add one or more IP addresses" @@ -155,6 +167,14 @@ msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." @@ -219,6 +239,10 @@ msgstr "Boot Timing" msgid "Bug Report/Issue" msgstr "Bug Report/Issue" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Build" @@ -303,7 +327,7 @@ msgstr "Command definitions are purely declarative, and cannot contain any logic msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Config Load Tests" @@ -331,7 +355,7 @@ msgstr "Continuous Integration" msgid "Customize" msgstr "Customize" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "DHCP client and DHCPv6 prefix delegation" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "Every change set must be consistent (self containing)! Do not fix multiple bugs in a single commit. If you already worked on multiple fixes in the same file use `git add --patch` to only add the parts related to the one issue into your upcoming commit." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "Example:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Feature Request" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "Firmware" @@ -578,11 +610,15 @@ msgstr "Horrible: \"Tcp connection timeout\"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Horrible: \"frobnication algorithm.\"" -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "How can we reproduce this Bug?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "IP and IPv6 options" @@ -606,14 +642,30 @@ msgstr "If a verb is essential, keep it. For example, in the help text of ``set msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." @@ -626,7 +678,7 @@ msgstr "In a big system, such as VyOS, that is comprised of multiple components, msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." @@ -690,10 +742,14 @@ msgstr "Intel QAT" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Interface based tests" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Issues/Feature requests" @@ -706,6 +762,10 @@ msgstr "Issues or bugs are found in any software project. VyOS is not an excepti msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Linux Kernel" msgid "Live System" msgstr "Live System" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "MTU size" @@ -770,11 +830,11 @@ msgstr "MTU size" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Manual Smoketest Run" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Manual config load test" @@ -851,7 +911,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t msgid "Old concept/syntax" msgstr "Old concept/syntax" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." @@ -863,7 +923,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own." @@ -903,7 +963,7 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." @@ -936,11 +996,11 @@ msgstr "Please use the following template as good starting point when developing msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Port description" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Port disable" @@ -964,7 +1024,11 @@ msgstr "Prerequisites" msgid "Priorities" msgstr "Priorities" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Provide as much information as you can" @@ -996,7 +1060,7 @@ msgstr "Rationale: this seems to be the unwritten standard in network device CLI msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Report a Bug" @@ -1041,7 +1105,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." @@ -1077,6 +1141,14 @@ msgstr "Suppose you want to make a change in the webproxy script but yet you do msgid "System Startup" msgstr "System Startup" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "The ``verify()`` function takes your internal representation of the conf msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "The default template processor for VyOS code is Jinja2_." msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." @@ -1201,7 +1277,7 @@ msgstr "The most obvious reasons could be:" msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "The original repo is at https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." @@ -1265,6 +1341,10 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "This chapter lists those exceptions and gives you a brief overview what msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" @@ -1353,6 +1437,10 @@ msgstr "To enable boot time graphing change the Kernel commandline and add the f msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." @@ -1413,7 +1501,7 @@ msgstr "Useful commands are:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (incl. VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" @@ -1457,6 +1545,10 @@ msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. O msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." @@ -1473,6 +1565,10 @@ msgstr "We now need to mount some required, volatile filesystems" msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "When you are able to verify that it is actually a bug, spend some time t msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "When you believe you have found a bug, it is always a good idea to verif msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "Which version of VyOS are you using? ``run show version``" @@ -1574,6 +1670,10 @@ msgstr "You can type ``help`` to get an overview of the available commands, and msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/pt/documentation.pot b/docs/_locale/pt/documentation.pot index d8343839..2a96e024 100644 --- a/docs/_locale/pt/documentation.pot +++ b/docs/_locale/pt/documentation.pot @@ -177,6 +177,10 @@ msgid "If there some troubleshooting guides related to the commands. Explain it msgstr "If there some troubleshooting guides related to the commands. Explain it in the next optional part." #: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + +#: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" diff --git a/docs/_locale/uk/LC_MESSAGES/cli.mo b/docs/_locale/uk/LC_MESSAGES/cli.mo Binary files differindex 69e3c1c2..ea88e77e 100644 --- a/docs/_locale/uk/LC_MESSAGES/cli.mo +++ b/docs/_locale/uk/LC_MESSAGES/cli.mo diff --git a/docs/_locale/uk/LC_MESSAGES/configuration.mo b/docs/_locale/uk/LC_MESSAGES/configuration.mo Binary files differindex 90d9d678..81074aef 100644 --- a/docs/_locale/uk/LC_MESSAGES/configuration.mo +++ b/docs/_locale/uk/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/uk/LC_MESSAGES/contributing.mo b/docs/_locale/uk/LC_MESSAGES/contributing.mo Binary files differindex 3ab75ede..274a2f5d 100644 --- a/docs/_locale/uk/LC_MESSAGES/contributing.mo +++ b/docs/_locale/uk/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/uk/LC_MESSAGES/documentation.mo b/docs/_locale/uk/LC_MESSAGES/documentation.mo Binary files differindex 59a0bbb2..eaf825f8 100644 --- a/docs/_locale/uk/LC_MESSAGES/documentation.mo +++ b/docs/_locale/uk/LC_MESSAGES/documentation.mo diff --git a/docs/_locale/uk/cli.pot b/docs/_locale/uk/cli.pot index f264adae..d2d2418b 100644 --- a/docs/_locale/uk/cli.pot +++ b/docs/_locale/uk/cli.pot @@ -28,23 +28,23 @@ msgstr "**Робоча конфігураціÑ** – це ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ msgid "A VyOS system has three major types of configurations:" msgstr "СиÑтема VyOS має три оÑновні типи конфігурацій:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "ÐŸÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‡ÐµÑ€ÐµÐ· те, що ви не ввели ``confirm``, не обов’Ñзково переведе Ð²Ð°Ñ Ð´Ð¾ *збереженої конфігурації*, а до точки перед невдалим комітом." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "ДоÑтуп до opmode з режиму конфігурації" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "ДоÑтуп до цих команд можливий за допомогою команди ``run [command]``. За допомогою цієї команди ви матимете доÑтуп до вÑього, доÑтупного з робочого режиму." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Додайте коментар Ñк анотацію до вузла конфігурації." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "Таким чином, уÑÑ– зміни в робочій конфігурації буде втрачено." @@ -52,7 +52,7 @@ msgstr "Таким чином, уÑÑ– зміни в робочій ÐºÐ¾Ð½Ñ„Ñ–Ð³Ñ msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "УÑÑ– команди, що виконуютьÑÑ Ñ‚ÑƒÑ‚, відноÑÑÑ‚ÑŒÑÑ Ð´Ð¾ Ñ€Ñ–Ð²Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—, Ñкий ви ввели. Ви можете робити вÑе з верхнього рівнÑ, але команди будуть доÑить довгими, Ñкщо Ñ—Ñ… вводити вручну." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "Важливо зауважити, що оÑкільки коментар додаєтьÑÑ Ð²Ð³Ð¾Ñ€Ñ– розділу, він не відображатиметьÑÑ, Ñкщо ``показати<section> `` викориÑтовуєтьÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð°. У наведеному вище прикладі команда `show firewall` повертатиметьÑÑ Ð¿Ñ–ÑÐ»Ñ Ñ€Ñдка ``firewall {``, приховуючи коментар." @@ -72,11 +72,11 @@ msgstr "За замовчуваннÑм ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð msgid "Command Line Interface" msgstr "Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð³Ð¾ Ñ€Ñдка" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Ð”Ð¾Ð¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ Ñ– ÑинтакÑична довідка з ``?`` Ñ– ``[tab]`` також працюватимуть." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "ПорівнÑйте конфігурації" @@ -92,11 +92,11 @@ msgstr "ОглÑд конфігурації" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Команди конфігурації зведені з дерева в команди «одного Ñ€Ñдка», показані в :opcmd:`показати команди конфігурації` з режиму роботи. Команди відноÑÑÑ‚ÑŒÑÑ Ð´Ð¾ рівнÑ, на Ñкому вони виконуютьÑÑ, Ñ– вÑÑ Ð·Ð°Ð¹Ð²Ð° Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð· поточного Ñ€Ñ–Ð²Ð½Ñ Ð²Ð¸Ð´Ð°Ð»ÑєтьÑÑ Ð· введеної команди." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Ðеможливо вийти з режиму конфігурації, поки Ñ–Ñнують незафікÑовані зміни. Щоб вийти з режиму Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÐµÐ· заÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¼Ñ–Ð½, необхідно викориÑтати команду :cfgcmd:`exit discard`." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Скопіюйте елемент конфігурації." @@ -104,7 +104,7 @@ msgstr "Скопіюйте елемент конфігурації." msgid "Editing the configuration" msgstr "Ð ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "приклад:" @@ -124,11 +124,11 @@ msgstr "Ðаприклад, Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ ``sh`` Ñ– клавіша ``TAB`` п msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Отримайте збірку вÑÑ–Ñ… необхідних команд, Ñкі призвели до запущеної конфігурації." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "Якщо ви підключені віддалено, ви втратите з’єднаннÑ. Ви можете Ñпочатку Ñкопіювати конфігурацію, відредагувати Ñ—Ñ—, щоб забезпечити з’єднаннÑ, Ñ– завантажити відредаговану конфігурацію." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "Якщо ви хочете повніÑÑ‚ÑŽ видалити конфігурацію та відновити Ñтандартну, ви можете ввеÑти таку команду в режимі конфігурації:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "Також можна відобразити вÑÑ– команди `set` в режимі конфігурації за допомогою :cfgcmd:`show | команди`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "МіÑцевий архів" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "ÐšÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñми" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Зауважте, що команда ``show`` поважає ваш рівень редагуваннÑ, Ñ– на цьому рівні ви можете переглÑдати змінений набір правил брандмауера лише за допомогою ``show`` без параметрів." @@ -164,31 +164,31 @@ msgstr "Оперативний режим дозволÑÑ” командам ви msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Підказка змінюєтьÑÑ Ð· ``$`` на ``#``. Щоб вийти з режиму налаштуваннÑ, введіть ``вихід``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Віддалений архів" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Перейменувати елемент конфігурації." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Відновити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Ревізії зберігаютьÑÑ Ð½Ð° диÑку. Ви можете переглÑдати, порівнювати та повертати Ñ—Ñ… до будь-Ñких попередніх верÑій, Ñкщо щоÑÑŒ піде не так." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Відкат змін" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Відкат до верÑÑ–Ñ— N (наразі вимагає перезавантаженнÑ)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Ð—Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñ‚Ð° Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð²Ñ€ÑƒÑ‡Ð½Ñƒ" @@ -200,11 +200,11 @@ msgstr "ДивітьÑÑ Ñ€Ð¾Ð·Ð´Ñ–Ð» конфігурації цього док msgid "Seeing and navigating the configuration" msgstr "ПереглÑд конфігурації та навігаціÑ" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Показати різницю в редакції фікÑації." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Укажіть віддалене Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ñ€Ñ…Ñ–Ð²Ñƒ комітів Ñк будь-Ñке з наведених нижче :abbr:`URI (уніфікований ідентифікатор реÑурÑу)`" @@ -228,15 +228,15 @@ msgstr "Команда :cfgcmd:`show` у режимі конфігурації Ð msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "Команда ``comment`` дозволÑÑ” вÑтавити коментар над ``<config node> `` розділ конфігурації. Коли відображаютьÑÑ, коментарі обмежуютьÑÑ ``/*`` Ñ– ``*/`` Ñк розділювачі відкриттÑ/закриттÑ. Коментарі потрібно зафікÑувати, Ñк Ñ– інші зміни конфігурації." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "Команда :cfgcmd:`compare` дозволÑÑ” порівнювати різні типи конфігурацій. Це також дозволÑÑ” порівнювати різні верÑÑ–Ñ— за допомогою команди :cfgcmd:`compare NM`, де N Ñ– M Ñ” номерами верÑій. Вихідні дані опиÑуватимуть конфігурацію N у порівнÑнні з M, вказуючи знаком Ð¿Ð»ÑŽÑ (``+``) додаткові чаÑтини, Ñкі N має порівнÑно з M, Ñ– вказуючи знаком Ð¼Ñ–Ð½ÑƒÑ (``-``) недоліки чаÑтини N відÑутні в порівнÑнні з M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "Ðаведена вище команда також дозволÑÑ” побачити різницю між двома комітами. За умовчаннÑм показано різницю з поточною конфігурацією." @@ -252,11 +252,11 @@ msgstr "Конфігурацію можна редагувати за допом msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "Поточний рівень ієрархії можна змінити командою :cfgcmd:`edit`." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "КількіÑÑ‚ÑŒ редагувань не впливає на архів комітів." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Тоді ви можете :cfgcmd:`зберегти`, щоб також видалити збережену конфігурацію." @@ -268,7 +268,7 @@ msgstr "Ці команди також пов’Ñзані з рівнем, на msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "Ці дві наведені вище команди по Ñуті однакові, проÑто виконуютьÑÑ Ð· різних рівнів ієрархії." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "Це означає, що чотири коміти тому ми зробили ``Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÑиÑтемного ipv6 disable-forwarding``." @@ -280,7 +280,7 @@ msgstr "Щоб видалити Ð·Ð°Ð¿Ð¸Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—, ÑÐºÐ¾Ñ€Ð¸Ñ msgid "To enter configuration mode use the ``configure`` command:" msgstr "Щоб увійти в режим налаштуваннÑ, викориÑтовуйте команду ``configure``:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "Щоб видалити наÑвний коментар із вашої поточної конфігурації, укажіть порожній Ñ€Ñдок у подвійних лапках (``""``) Ñк текÑÑ‚ коментарÑ." @@ -288,11 +288,11 @@ msgstr "Щоб видалити наÑвний коментар із вашої msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "ВикориÑтовуйте ``показати команди конфігурації | strip-private``, коли ви хочете приховати оÑобиÑÑ‚Ñ– дані. Ви можете зробити це, Ñкщо хочете поділитиÑÑ Ñвоєю конфігурацією на `форумі`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "ВикориÑтовуйте цю команду, щоб завантажити конфігурацію, Ñка замінить поточну конфігурацію. Визначте Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ñƒ конфігурації, Ñкий потрібно завантажити. Ви можете викориÑтовувати шлÑÑ… до локального файлу, адреÑу SCP, адреÑу SFTP, адреÑу FTP, адреÑу HTTP, адреÑу HTTPS або адреÑу TFTP." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "ВикориÑтовуйте цю команду, щоб зберегти зміни конфігурації піÑÐ»Ñ Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ. За замовчуваннÑм він зберігаєтьÑÑ Ð² */config/config.boot*. Якщо ви хочете зберегти файл конфігурації в іншому міÑці, ви можете додати локальний шлÑÑ…, адреÑу SCP, адреÑу FTP або адреÑу TFTP." @@ -300,15 +300,15 @@ msgstr "ВикориÑтовуйте цю команду, щоб зберегтРmsgid "Use this command to set the value of a parameter or to create a new element." msgstr "ВикориÑтовуйте цю команду, щоб вÑтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° або Ñтворити новий елемент." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "ВикориÑтовуйте цю команду, щоб визначити відмінноÑÑ‚Ñ– між різними конфігураціÑми." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "ВикориÑтовуйте цю команду, щоб тимчаÑово зафікÑувати зміни та вÑтановити кількіÑÑ‚ÑŒ хвилин, доÑтупних Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸. ``confirm`` необхідно ввеÑти протÑгом цих хвилин, інакше ÑиÑтема перезавантажитьÑÑ Ð´Ð¾ попередньої конфігурації. Стандартне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñтановить 10 хвилин." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "ПереглÑнути вÑÑ– Ñ–Ñнуючі верÑÑ–Ñ— в локальній ÑиÑтемі." @@ -324,7 +324,7 @@ msgstr "ПереглÑньте поточну активну ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ msgid "View the current active configuration in readable JSON format." msgstr "ПереглÑньте поточну активну конфігурацію в читабельному форматі JSON." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS може завантажити конфігурацію у віддалене міÑце піÑÐ»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ виклику :cfgcmd:`commit`. Вам потрібно буде вÑтановити Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ñ€Ñ…Ñ–Ð²Ñƒ комітів. ПідтримуютьÑÑ Ñервери TFTP, FTP, SCP Ñ– SFTP. Кожного разу, коли :cfgcmd:`commit` Ñ” уÑпішним, файл ``config.boot`` буде Ñкопійовано до визначеного міÑÑ†Ñ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ. Ð†Ð¼â€™Ñ Ñ„Ð°Ð¹Ð»Ñƒ, що викориÑтовуєтьÑÑ Ð½Ð° віддаленому хоÑÑ‚Ñ–, буде ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS поÑтавлÑєтьÑÑ Ð· інтегрованою ÑиÑтемою ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²ÐµÑ€ÑÑ–Ñми Ð´Ð»Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— ÑиÑтеми. Він автоматично підтримує резервну копію кожної попередньої конфігурації, Ñка була зафікÑована в ÑиÑтемі. Конфігурації керуютьÑÑ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ð¼Ð¸ верÑÑ–Ñми Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÐ¾Ñ‚Ñƒ, але Ñ—Ñ… також можна зберігати на віддаленому хоÑÑ‚Ñ– Ð´Ð»Ñ Ð°Ñ€Ñ…Ñ–Ð²ÑƒÐ²Ð°Ð½Ð½Ñ/резервного копіюваннÑ." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS дозволÑÑ” порівнювати різні конфігурації." @@ -348,7 +348,7 @@ msgstr "VyOS викориÑтовує уніфікований файл конф msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "Ð Ñкщо ви робите щоÑÑŒ небезпечне? ПрипуÑтімо, що ви хочете налаштувати брандмауер Ñ– не впевнені, що немає помилок, Ñкі заблокують Ð²Ð°Ñ Ñƒ вашій ÑиÑтемі. Ви можете викориÑтовувати підтверджену фікÑацію. Якщо ви введете команду ``commit-confirm``, ваші зміни буде зафікÑовано, Ñ– Ñкщо ви не введете команду ``confirm`` протÑгом 10 хвилин, ваша ÑиÑтема перезавантажитьÑÑ Ð´Ð¾ попередньої верÑÑ–Ñ— конфігурації." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "Під Ñ‡Ð°Ñ Ð²Ñ…Ð¾Ð´Ñƒ в режим конфігурації ви пРmsgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "Під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÑ…Ð¾Ð´Ñƒ в режим Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ°Ð·ÐºÐ° змінюєтьÑÑ Ð· ``$`` на ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "У режимі конфігурації ви не можете безпоÑередньо виконувати робочі команди." @@ -368,7 +368,7 @@ msgstr "У режимі конфігурації ви не можете безп msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "Якщо вихід команди призводить до більшої кількоÑÑ‚Ñ– Ñ€Ñдків, ніж може бути відображено на екрані терміналу, результат розбиваєтьÑÑ Ð½Ð° Ñторінки, Ñк вказує підказка ``:``." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "ВикориÑтовуючи команду save_, ви можете додати конкретне міÑце Ð´Ð»Ñ Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñ„Ð°Ð¹Ð»Ñƒ конфігурації. І за потреби ви зможете завантажити його за допомогою команди ``load``:" @@ -384,15 +384,15 @@ msgstr "Тепер ви перебуваєте на підрівні Ð²Ñ–Ð´Ð½Ð¾Ñ msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "Ви також можете перейменувати піддерева конфігурації:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "Ви можете копіювати та видалÑти піддерева конфігурації. ПрипуÑтімо, ви вÑтановили набір правил брандмауера ``FromWorld`` з одним правилом, Ñке дозволÑÑ” трафік із певної підмережі. Тепер ви хочете налаштувати подібне правило, але Ð´Ð»Ñ Ñ–Ð½ÑˆÐ¾Ñ— підмережі. Змініть рівень Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° ``назва брандмауера FromWorld`` Ñ– викориÑтовуйте ``копіювати правило 10 до правила 20``, а потім змініть правило 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "Ви можете ÑкаÑувати зміни конфігурації за допомогою команди rollback. Це заÑтоÑує вибрану верÑÑ–ÑŽ та ініціює Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÑиÑтеми." @@ -400,19 +400,23 @@ msgstr "Ви можете ÑкаÑувати зміни конфігурації msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "Ви можете прокручувати вгору за допомогою клавіш ``[Shift]+[PageUp]`` Ñ– прокручувати вниз за допомогою ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." +msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "Ви можете вказати кількіÑÑ‚ÑŒ верÑій, що зберігаютьÑÑ Ð½Ð° диÑку. N може бути в діапазоні від 0 до 65535. Коли кількіÑÑ‚ÑŒ верÑій перевищує вÑтановлене значеннÑ, найÑтаріша верÑÑ–Ñ Ð²Ð¸Ð´Ð°Ð»ÑєтьÑÑ. За замовчуваннÑм це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ñ” 100 редакцій локально." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "Ви можете викориÑтовувати команди ``save`` Ñ– ``load``, Ñкщо ви хочете вручну керувати певними конфігураційними файлами." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "Ви можете виÑвити, що VyOS не дозволÑÑ” безпечне з’єднаннÑ, оÑкільки не може перевірити легітимніÑÑ‚ÑŒ віддаленого Ñервера. Щоб швидко додати відбиток SSH віддаленого хоÑта до вашого файлу ``~/.ssh/known_hosts``, ви можете ÑкориÑтатиÑÑ Ð½Ð°Ð²ÐµÐ´ÐµÐ½Ð¸Ð¼ нижче обхідним шлÑхом:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "Ð’Ð°Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ð°ÑŽÑ‚ÑŒ, чи хочете ви продовжити. Якщо ви приймаєте, вам доведетьÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовувати :cfgcmd:`commit`, Ñкщо ви хочете зробити зміни активними." @@ -420,19 +424,19 @@ msgstr "Ð’Ð°Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ð°ÑŽÑ‚ÑŒ, чи хочете ви продовжити. msgid "``b`` will scroll back one page" msgstr "``b`` прокрутить на одну Ñторінку назад" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user> :<passwd> @<host> /<dir> ``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -448,11 +452,11 @@ msgstr "Ð”Ð»Ñ ÑкаÑÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð¸Ð²Ð¾Ð´Ñƒ можна викориÑтов msgid "``return`` will scroll down one line" msgstr "``return`` прокрутить на один Ñ€Ñдок вниз" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user> :<passwd> @<host> :/<dir> ``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user> :<passwd> @<host> /<dir> ``" @@ -460,7 +464,7 @@ msgstr "``sftp://<user> :<passwd> @<host> /<dir> ``" msgid "``space`` will scroll down one page" msgstr "``пробіл`` прокрутить на одну Ñторінку вниз" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host> /<dir> ``" diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot index 766adc4c..3f9e7bd2 100644 --- a/docs/_locale/uk/configuration.pot +++ b/docs/_locale/uk/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Вже вибраний зовнішній чек**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**ЗаÑтоÑовуєтьÑÑ Ð´Ð¾:** Вхідного трафіку." @@ -105,6 +105,7 @@ msgstr "**ЗаÑтоÑовуєтьÑÑ Ð´Ð¾:** вихідного трафіку #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**ЗаÑтоÑовуєтьÑÑ Ð´Ð¾:** вихідного трафіку." @@ -437,6 +438,10 @@ msgstr "**ДиÑципліна черги** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**ДиÑципліна ÑтоÑÐ½Ð½Ñ Ð² черзі:** Дефіцитна кругова ÑиÑтема." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**ДиÑципліна черги: ** Узагальнене випадкове раннє ÑкиданнÑ." @@ -580,6 +585,10 @@ msgstr "**Маршрутизатор VyOS:**" msgid "**Weight check**" msgstr "**Перевірка ваги**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**адреÑу** можна вказати кілька разів, наприклад 192.168.100.1 та/або 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Додайте загальнодоÑтупний Ñертифікат Ð msgid "Adding a 2FA with an OTP-key" msgstr "Ð”Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ 2FA з OTP-ключем" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Ð’ÑтановлюютьÑÑ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ñ– глобальні параметри, включаючи Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð½Ð° макÑимальну кількіÑÑ‚ÑŒ з’єднань у 4000 Ñ– мінімальну верÑÑ–ÑŽ TLS 1.3." @@ -2180,6 +2189,10 @@ msgstr "Дозволити доÑтуп до Ñайтів у домені без msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Дозволити bgp узгоджувати можливоÑÑ‚Ñ– extended-nexthop зі Ñвоїм партнером. Якщо ви переглÑдаєте локальну адреÑу IPv6 Link-Local, Ñ†Ñ Ð¼Ð¾Ð¶Ð»Ð¸Ð²Ñ–ÑÑ‚ÑŒ вмикаєтьÑÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾. Якщо ви переглÑдаєте через глобальну адреÑу IPv6, ÑƒÐ²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— команди дозволить BGP інÑталювати маршрути IPv4 із IPv6 nexthops, Ñкщо IPv4 не налаштовано на інтерфейÑах." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from `<origin>`." +msgstr "Allow cross-origin requests from `<origin>`." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Дозволити Ñвну адреÑу IPv6 Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу." @@ -2431,7 +2444,7 @@ msgstr "ЗаÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð±Ð¾Ñ€Ñƒ правил до зони" msgid "Applying a Rule-Set to an Interface" msgstr "ЗаÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð±Ð¾Ñ€Ñƒ правил до інтерфейÑу" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "ЗаÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ дорожнього руху" @@ -2691,7 +2704,7 @@ msgstr "ÐутентифікаціÑ" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "ÐÐ²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel — це ÑучаÑний протокол Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Ðлгоритми баланÑу:" msgid "Balancing Rules" msgstr "Правила баланÑуваннÑ" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° оÑнові доменного імені" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Ð¤Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ–" @@ -2936,7 +2953,7 @@ msgstr "ОÑкільки агрегатор не може бути активнРmsgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "ОÑкільки наÑвні ÑеанÑи не переходÑÑ‚ÑŒ автоматично на новий шлÑÑ…, таблицю ÑеанÑів можна Ñкидати під Ñ‡Ð°Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— зміни Ñтану з’єднаннÑ:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Перш ніж увімкнути будь-Ñке Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñегментації апаратного забезпеченнÑ, у GSO потрібне відповідне Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð½Ð¾Ð³Ð¾ забезпеченнÑ. Інакше Ñтає можливим Ð¿ÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ ÐºÐ°Ð´Ñ€Ñƒ між приÑтроÑми та його передача буде неможливою." @@ -3155,6 +3172,10 @@ msgstr "ВикориÑтовуючи інтерфейÑи Pseudo-Ethernet, ÑÐ¸Ñ msgid "Bypassing the webproxy" msgstr "Обхід webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Центр Ñертифікації)" @@ -3797,10 +3818,14 @@ msgstr "Ðалаштувати протокол, Ñкий викориÑтову msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Ðалаштуйте прокÑÑ–-порт, Ñкщо він не Ñлухає порт за замовчуваннÑм 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Ðалаштуйте адреÑу агента sFlow IPv4 або IPv6" @@ -3853,7 +3878,7 @@ msgstr "Ðалаштуйте диÑкретний порт, через Ñкий msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Ðалаштуйте диÑкретний порт, через Ñкий можна отримати доÑтуп до Ñервера TACACS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Ðалаштуйте Ñлужбу зворотного прокÑÑ–-Ñервера баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ HTTP." @@ -4053,6 +4078,10 @@ msgstr "Створити `<user> ` Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ñ— автентифіРmsgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Створіть базовий міÑÑ‚" @@ -4636,6 +4665,10 @@ msgstr "Визначає макÑимум `<number> ` ехо-запитів бе msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Визначає вказаний приÑтрій Ñк ÑиÑтемну конÑоль. ДоÑтупні конÑольні приÑтрої (див. помічник завершеннÑ):" @@ -4856,6 +4889,10 @@ msgstr "Вимкнено за замовчуваннÑм – модуль Ñдр msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Вимикає ÐºÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ð¾Ñ€Ð°Ð½Ð³Ð¾Ð²Ð¾Ñ— інформації з переÑланих пакетів відповіді NHRP Resolution Reply. Це можна викориÑтовувати Ð´Ð»Ñ Ð·Ð¼ÐµÐ½ÑˆÐµÐ½Ð½Ñ ÑÐ¿Ð¾Ð¶Ð¸Ð²Ð°Ð½Ð½Ñ Ð¿Ð°Ð¼â€™ÑÑ‚Ñ– у великих підмережах NBMA." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Вимикає Ñтатичний маршрут IPv4 на оÑнові інтерфейÑу." @@ -4974,10 +5011,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Ðе призначайте локальну IPv6-адреÑу Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ інтерфейÑу." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Ðе налаштовуйте IFB Ñк перший крок. Спочатку Ñтворіть уÑе інше у Ñвоїй політиці трафіку, а потім можете налаштувати IFB. Інакше ви можете отримати помилку ``RTNETLINK answer: File exists``, Ñку можна вирішити за допомогою ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5271,10 @@ msgstr "Увімкніть BFD на одному ÑуÑідньому BGP" msgid "Enable DHCP failover configuration for this address pool." msgstr "Увімкніть конфігурацію відмов DHCP Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ пулу адреÑ." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Увімкнути HT-Delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5485,10 @@ msgstr "Увімкнені Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ PPPoE на вимогу виклРmsgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Вмикає автентифікацію в Ñтилі Cisco Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² NHRP. Це вбудовує Ñекретний відкритий пароль у вихідні пакети NHRP. Вхідні пакети NHRP на цьому інтерфейÑÑ– відхилÑÑŽÑ‚ÑŒÑÑ, Ñкщо немає Ñекретного паролÑ. МакÑимальна довжина Ñекрету – 8 Ñимволів." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "ДозволÑÑ” додавати мітку MPLS до маршруту, екÑпортованого з поточного одноадреÑного VRF до VPN. Якщо вказано Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ auto, Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ñ–Ñ‚ÐºÐ¸ автоматично призначаєтьÑÑ Ð· пулу, Ñкий підтримуєтьÑÑ." @@ -5488,6 +5537,10 @@ msgstr "Ð£Ð²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— функції збільшує ризик msgid "Enforce strict path checking" msgstr "Забезпечити Ñувору перевірку шлÑху" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `<member>` interface to bond `<interface>`." msgstr "Поневолити`<member> `Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð»Ñ Ð¾Ð±Ð»Ñ–Ð³Ð°Ñ†Ñ–Ñ—`<interface> `." @@ -5747,7 +5800,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Приклад: Ð´Ð»Ñ Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ð²Ñтановлено Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ``vyos.net``, а отримана URL-адреÑа ``www/foo.html``, ÑиÑтема викориÑтовуватиме згенеровану кінцеву URL-адреÑу ``www.vyos.net/foo``. html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Приклад конфігурації" @@ -5789,7 +5842,8 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6078,6 +6132,10 @@ msgstr "Спочатку на обох маршрутизаторах викон msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki>` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "Спочатку одна із ÑиÑтем генерує ключ за допомогою :ref:`generate pki openvpn shared-secret<configuration/pki/index:pki> ` команда. ПіÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð²Ð°Ð¼ потрібно буде вÑтановити цей ключ у локальній ÑиÑтемі, а потім Ñкопіювати та вÑтановити цей ключ на віддалений маршрутизатор." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6138,6 +6196,30 @@ msgstr "ЕкÑпорт потоку" msgid "Flow and packet-based balancing" msgstr "БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ð¾ÐºÑ–Ð² Ñ– пакетів" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Потоки можна екÑпортувати за допомогою двох різних протоколів: NetFlow (верÑÑ–Ñ— 5, 9 Ñ– 10/IPFIX) Ñ– sFlow. Крім того, ви можете зберігати потоки у внутрішній таблиці в пам’ÑÑ‚Ñ– маршрутизатора." @@ -6341,7 +6423,7 @@ msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° :ref:`destination-nat66` адреÑа призна msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "Ð”Ð»Ñ Ð·Ð²Ð¸Ñ‡Ð°Ð¹Ð½Ð¾Ð³Ð¾ кориÑтувача поÑлідовна конÑоль не має переваг перед конÑоллю, що пропонуєтьÑÑ Ð±ÐµÐ·Ð¿Ð¾Ñередньо підключеною клавіатурою та екраном. ПоÑлідовні конÑолі набагато повільніші, їм потрібна до Ñекунди, щоб заповнити екран із 80 Ñтовпців на 24 Ñ€Ñдки. ПоÑлідовні конÑолі зазвичай підтримують лише непропорційний текÑÑ‚ ASCII з обмеженою підтримкою інших мов, крім англійÑької." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "Ð”Ð»Ñ Ð²Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ трафіку інтерфейÑу Ñ–Ñнує лише одна політика, Ñку можна заÑтоÑувати безпоÑередньо, політика **Limiter**. Ви не можете заÑтоÑувати політику Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÐµÐ·Ð¿Ð¾Ñередньо до вхідного трафіку будь-Ñкого інтерфейÑу, оÑкільки Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð°Ñ†ÑŽÑ” лише Ð´Ð»Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ трафіку." @@ -6379,6 +6461,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Формально віртуальне Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð²Ð¸Ð³Ð»Ñдає Ñк мережа «точка-точка», що з’єднує два ABR з однієї облаÑÑ‚Ñ–, одна з Ñких фізично з’єднана з магіÑтральною облаÑÑ‚ÑŽ. ВважаєтьÑÑ, що Ñ†Ñ Ð¿Ñевдомережа належить до магіÑтральної облаÑÑ‚Ñ–." @@ -6553,7 +6639,7 @@ msgstr "У наведеному нижче прикладі ми маємо од msgid "Gloabal" msgstr "Глобальний" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6663,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Глобальні опції" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Глобальні параметри" @@ -6590,6 +6676,10 @@ msgstr "Глобальні налаштуваннÑ" msgid "Graceful Restart" msgstr "Витончений перезапуÑк" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Безоплатний ARP" @@ -6627,6 +6717,10 @@ msgstr "Ім'Ñ ÐºÐ¾Ñ€Ð¸Ñтувача базової автентифіка msgid "HTTP client" msgstr "HTTP клієнт" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "МожливоÑÑ‚Ñ– HT (High Throughput) (802.11n)" @@ -7859,6 +7953,10 @@ msgstr "Щоб розділити трафік, Fair Queue викориÑÑ‚Ð¾Ð²Ñ msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "Щоб викориÑтовувати TSO/LRO з адатерами VMXNET3, потрібно також увімкнути опцію Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ SG." @@ -8480,6 +8578,10 @@ msgstr "LNS чаÑто викориÑтовуютьÑÑ Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ msgid "Label Distribution Protocol" msgstr "Протокол розподілу етикеток" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunneling Protocol Version 3 — це Ñтандарт IETF, пов’Ñзаний із L2TP, Ñкий можна викориÑтовувати Ñк альтернативний протокол до :ref:`mpls` Ð´Ð»Ñ Ñ–Ð½ÐºÐ°Ð¿ÑулÑції багатопротокольного трафіку зв’Ñзку Ñ€Ñ–Ð²Ð½Ñ 2 через IP-мережі. Як Ñ– L2TP, L2TPv3 надає поÑлугу пÑевдодротового зв’Ñзку, але маÑштабуєтьÑÑ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ до вимог оператора." @@ -8520,7 +8622,7 @@ msgstr "Дозвольте демону SNMP Ñлухати лише IP-адре msgid "Lets assume the following topology:" msgstr "ПрипуÑтимо таку топологію:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "4 рівень баланÑуваннÑ" @@ -8540,7 +8642,7 @@ msgstr "ТриваліÑÑ‚ÑŒ Ð¶Ð¸Ñ‚Ñ‚Ñ Ð·Ð¼ÐµÐ½ÑˆÑƒÑ”Ñ‚ÑŒÑÑ Ð½Ð° кількі msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð´Ð¾Ð·Ð²Ð¾Ð»ÐµÐ½Ð¸Ñ… алгоритмів шифруваннÑ, Ñкі викориÑтовуютьÑÑ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ñ€ÑƒÐºÐ¾ÑтиÑÐºÐ°Ð½Ð½Ñ SSL/TLS" @@ -8552,7 +8654,7 @@ msgstr "Обмежити вхід до `<limit> ` за кожну Ñекунду msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Обмежити вхід до ``рейт-ліміт`` Ñпроб за кожну `<seconds> `. Ð§Ð°Ñ Ñтавки має Ñтановити від 15 до 600 Ñекунд." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Обмежити макÑимальну кількіÑÑ‚ÑŒ підключень" @@ -9339,6 +9441,10 @@ msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. Thi msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." #: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + +#: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Ð”Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ імені хоÑта можна вказати кілька пÑевдонімів." @@ -9859,7 +9965,7 @@ msgstr "ПіÑÐ»Ñ Ñ‚Ð¾Ð³Ð¾, Ñк ÑуÑід знайдено, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð²Ð° msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Щойно маршрут отримує штраф, штраф зменшуєтьÑÑ Ð²Ð´Ð²Ñ–Ñ‡Ñ– кожного разу, коли Ñпливає заздалегідь визначений проміжок чаÑу (період напіврозпаду). Коли накопичені штрафні Ñанкції падають нижче попередньо визначеного порогу (Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ викориÑтаннÑ), маршрут не пригнічуєтьÑÑ Ñ‚Ð° додаєтьÑÑ Ð½Ð°Ð·Ð°Ð´ у таблицю маршрутизації BGP." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "ПіÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ трафіку ви можете заÑтоÑувати Ñ—Ñ— до інтерфейÑу:" @@ -10039,7 +10145,7 @@ msgstr "Режими роботи" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10523,10 @@ msgstr "За замовчуваннÑм відбираєтьÑÑ ÐºÐ¾Ð¶ÐµÐ½ па msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "За замовчуваннÑм ÑÐµÐ°Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача замінюєтьÑÑ, Ñкщо другий запит на автентифікацію вдаєтьÑÑ. Такі запити на ÑÐµÐ°Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° відхилити або повніÑÑ‚ÑŽ дозволити, що в оÑтанньому випадку дозволить кориÑтувачу кілька ÑеанÑів. Якщо його відхилено, другий ÑÐµÐ°Ð½Ñ Ð²Ñ–Ð´Ñ…Ð¸Ð»ÑєтьÑÑ, навіть Ñкщо Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾Ð¹ÑˆÐ»Ð° уÑпішно, кориÑтувач має припинити Ñвій перший ÑÐµÐ°Ð½Ñ Ñ– може знову пройти автентифікацію." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "ПродуктивніÑÑ‚ÑŒ" @@ -10523,7 +10633,7 @@ msgstr "Групи портів" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Дзеркало порту (SPAN)" @@ -10809,7 +10919,7 @@ msgstr "Опублікуйте порт Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°." msgid "Pull a new image for container" msgstr "ВитÑгніть нове Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11133,7 @@ msgstr "РекомендуєтьÑÑ Ð´Ð»Ñ Ð²ÐµÐ»Ð¸ÐºÐ¸Ñ… уÑтановок." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "ÐŸÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ HTTP на HTTPS" @@ -11055,7 +11165,7 @@ msgstr "Ð ÐµÐ·ÐµÑ€Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° розподіл навантаженнÑ. msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "ЗареєÑтрувати DNS-Ð·Ð°Ð¿Ð¸Ñ ``example.vyos.io`` на DNS-Ñервері ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11512,11 @@ msgstr "Ðабори правил" msgid "Rule-set overview" msgstr "ОглÑд набору правил" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Правило 10 зіÑтавлÑÑ” запити з доменним іменем `` node1.example.com ``, Ñкі переÑилають до Ñерверної чаÑтини `` bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Правило 10 зіÑтавлÑÑ” запити з точним URL-шлÑхом ``/.well-known/xxx`` Ñ– переÑпрÑмовує до Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ ``/certs/``." @@ -11414,11 +11524,11 @@ msgstr "Правило 10 зіÑтавлÑÑ” запити з точним URL-ш msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Правило 20 зіÑтавлÑÑ” запити з URL-шлÑхами, що закінчуютьÑÑ Ð½Ð° ``/mail`` або точним шлÑхом ``/email/bar``, перенаправлÑÑŽÑ‚ÑŒ до Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Правило 20 зіÑтавлÑÑ” запити з доменним іменем ``node2.example.com``, Ñкі переÑилають на Ñерверну чаÑтину ``bk-api-02``" @@ -11537,7 +11647,7 @@ msgstr "SSH був розроблений Ñк заміна Telnet Ñ– незах msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð² кадрах ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ IEEE 802.11" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11650,6 +11760,10 @@ msgstr "Сценарії" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -11857,6 +11971,10 @@ msgstr "Ðалаштувати Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ туРmsgid "Set a container description" msgstr "Ð’Ñтановіть Ð¾Ð¿Ð¸Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11995,7 @@ msgstr "Ð’Ñтановіть Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð½Ð° макÑимальну кі msgid "Set a meaningful description." msgstr "Складіть зміÑтовний опиÑ." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "УÑтановіть іменований ключ API. Кожен ключ має однакові повні дозволи в ÑиÑтемі." @@ -11904,7 +12022,7 @@ msgstr "Ð’Ñтановіть дію Ð´Ð»Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ маршрутної msgid "Set action to take on entries matching this rule." msgstr "Ð’Ñтановіть дію Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñів, Ñкі відповідають цьому правилу." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Ð’ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ API-KEY Ñ” мінімальною конфігурацією Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñ€Ð¾Ð±Ð¾Ñ‡Ð¾Ñ— кінцевої точки API." @@ -12309,6 +12427,14 @@ msgstr "Ð’Ñтановіть адреÑу внутрішнього порту" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Ð’Ñтановіть адреÑу внутрішнього Ñервера, на Ñкий буде перенаправлÑтиÑÑ Ð²Ñ…Ñ–Ð´Ð½Ð¸Ð¹ трафік" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Ð’Ñтановіть Ñтандартну верÑÑ–ÑŽ VRRP Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтаннÑ. За умовчаннÑм це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 2, але екземплÑри IPv6 завжди викориÑтовуватимуть верÑÑ–ÑŽ 3." @@ -12345,6 +12471,10 @@ msgstr "УÑтановіть глобальне Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ msgid "Set the global setting for related connections." msgstr "УÑтановіть глобальне Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¿Ð¾Ð²â€™Ñзаних з’єднань." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Ð’Ñтановіть порт проÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ API, це не впливає на веб-Ñервер. Типовим Ñ” порт 8080" @@ -12361,6 +12491,10 @@ msgstr "Ð’Ñтановіть макÑимальну довжину заповнРmsgid "Set the maximum number of TCP half-open connections." msgstr "Ð’Ñтановіть макÑимальну кількіÑÑ‚ÑŒ напіввідкритих підключень TCP." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Ð’Ñтановіть Ñ–Ð¼â€™Ñ Ð·Ð°Ð¿Ð¸Ñу SSL :abbr:`CA (Certificate Authority)` PKI, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— віддаленої Ñторони. Якщо вказано проміжний Ñертифікат ЦС, уÑÑ– батьківÑькі Ñертифікати ЦС, Ñкі Ñ–Ñнують у PKI, наприклад кореневий ЦС або додаткові проміжні ЦС, автоматично викориÑтовуватимутьÑÑ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ Ñертифіката, щоб забезпечити доÑтупніÑÑ‚ÑŒ повного ланцюжка довіри." @@ -12429,6 +12563,10 @@ msgstr "Ðалаштуйте таблицю маршрутизації Ð´Ð»Ñ Ð¿ msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "УÑтановіть ідентифікатор ÑеанÑу, Ñкий Ñ” 32-розрÑдним цілим значеннÑм. Унікально ідентифікує Ñтворюваний ÑеанÑ. ВикориÑтане Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°Ñ” відповідати значенню peer_session_id, Ñке викориÑтовуєтьÑÑ Ð½Ð° одноранговому приÑтрої." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets†to record entries in the connection tracking table." msgstr "Ð’Ñтановити розмір хеш-таблиці. Хеш-Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ Ð²Ñ–Ð´ÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ пришвидшує пошук у таблиці відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ. Хеш-Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовує «відра» Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñу запиÑів у таблицю відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ." @@ -12459,6 +12597,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Ð’Ñтановити вікно одночаÑно дійÑних кодів." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Ð’Ñтановлює назву Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð² реєÑтрі концентратора" @@ -12683,7 +12833,7 @@ msgstr "Показати ÑпиÑок вÑтановлених ÑертифікРmsgid "Show all BFD peers" msgstr "Показати вÑÑ– аналоги BFD" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given `<interface>`" msgstr "Показати доÑтупні функції Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð´Ð°Ð½Ð¾Ð³Ð¾ `<interface> `" @@ -12701,7 +12851,7 @@ msgstr "Показати міÑÑ‚ `<name> ` mdb відображає поточР#: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12895,7 @@ msgstr "Показати детальну інформацію про базов #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12927,7 @@ msgstr "Показати загальну інформацію про конкр msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Показати інформацію про Ñлужбу Wireguard. Він також показує оÑтаннє рукоÑтиÑканнÑ." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical `<interface>`" msgstr "Показати інформацію про фізичний `<interface> `" @@ -12895,7 +13045,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Показати маршрут" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Показати інформацію про транÑивер із модулів плагінів, наприклад SFP+, QSFP" @@ -13475,7 +13625,7 @@ msgstr "Укажіть Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° агрегРmsgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Укажіть адреÑу інтерфейÑу, Ñка викориÑтовуєтьÑÑ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾ на інтерфейÑÑ–, Ñкому було делеговано префікÑ. ID має бути деÑÑтковим цілим чиÑлом." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Укажіть мінімально необхідну верÑÑ–ÑŽ TLS 1.2 або 1.3" @@ -13524,6 +13674,10 @@ msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety msgstr "Squid_ — веб-прокÑÑ– HTTP, що кешує та переÑилає. Він має широкий Ñпектр заÑтоÑувань, включаючи приÑÐºÐ¾Ñ€ÐµÐ½Ð½Ñ Ð²ÐµÐ±-Ñервера шлÑхом ÐºÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€ÑŽÐ²Ð°Ð½Ð¸Ñ… запитів, ÐºÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾ÑˆÑƒÐºÑƒ в Інтернеті, DNS та інших комп’ютерних мережах Ð´Ð»Ñ Ð³Ñ€ÑƒÐ¿Ð¸ людей, Ñкі Ñпільно викориÑтовують мережеві реÑурÑи, а також ÑприÑÐ½Ð½Ñ Ð±ÐµÐ·Ð¿ÐµÑ†Ñ– шлÑхом фільтрації трафіку. Хоча в оÑновному викориÑтовуєтьÑÑ Ð´Ð»Ñ HTTP Ñ– FTP, Squid включає обмежену підтримку кількох інших протоколів, включаючи Internet Gopher, SSL, [6] TLS Ñ– HTTPS. Squid не підтримує протокол SOCKS." #: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + +#: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13997,7 @@ msgstr "ТимчаÑово вимкніть цей Ñервер RADIUS. Його msgid "Temporary disable this TACACS server. It won't be queried." msgstr "ТимчаÑово вимкніть цей Ñервер TACACS. Його не запитуватимуть." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Завершити SSL" @@ -13879,7 +14033,7 @@ msgstr "ТеÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° валідаціÑ" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "ЗавдÑки цьому відкриттю будь-Ñкий подальший трафік між PC4 Ñ– PC5 не викориÑтовуватиме багатоадреÑну адреÑу між лиÑтами, оÑкільки вони обидва знають, за Ñким лиÑтом підключені ПК. Це економить трафік, оÑкільки менше надіÑланих багатоадреÑних пакетів зменшує Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° мережу, що покращує маÑштабованіÑÑ‚ÑŒ, коли додаєтьÑÑ Ð±Ñ–Ð»ÑŒÑˆÐµ лиÑтів." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "Таким чином можна зробити так зване «вхідне формуваннÑ»." @@ -13923,7 +14077,7 @@ msgstr "DN Ñ– пароль Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²â€™Ñзки під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð° msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "Політика FQ-CoDel розподілÑÑ” трафік у 1024 черги FIFO та намагаєтьÑÑ Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡Ð¸Ñ‚Ð¸ ÑкіÑне обÑÐ»ÑƒÐ³Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ уÑіма ними. Він також намагаєтьÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ коротку довжину вÑÑ–Ñ… черг." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "Служба HTTP Ñлухає TCP-порт 80." @@ -14040,7 +14194,7 @@ msgstr "``ÐдреÑу`` можна налаштувати Ñк на Ñ–Ð½Ñ‚ÐµÑ€Ñ msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "Параметр ``address`` може бути Ñк адреÑою IPv4, так Ñ– IPv6, але ви не можете змішувати IPv4 Ñ– IPv6 в одній групі, Ñ– вам потрібно буде Ñтворити групи з різними VRID Ñпеціально Ð´Ð»Ñ IPv4 Ñ– IPv6. Якщо ви хочете викориÑтовувати адреÑу IPv4 + IPv6, ви можете ÑкориÑтатиÑÑ Ð¾Ð¿Ñ†Ñ–Ñ”ÑŽ ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14202,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "Служба ``http`` зменшуєтьÑÑ Ð½Ð° порту 80 Ñ– примуÑово перенаправлÑÑ” з HTTP на HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14275,7 @@ msgstr "Ðаведена нижче IP-адреÑа `192.0.2.1` викориÑÑ‚ msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð·Ð²â€™ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð´Ð°Ñ” метод Ð´Ð»Ñ Ð¾Ð±â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ ÐºÑ–Ð»ÑŒÐºÐ¾Ñ… мережевих інтерфейÑів в один логічний «зв’Ñзаний» інтерфейÑ, або LAG, або ether-channel, або port-channel. Поведінка з’єднаних інтерфейÑів залежить від режиму; загалом, режими забезпечують або гарÑче очікуваннÑ, або поÑлуги баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ. Крім того, може здійÑнюватиÑÑ Ð¼Ð¾Ð½Ñ–Ñ‚Ð¾Ñ€Ð¸Ð½Ð³ ціліÑноÑÑ‚Ñ– поÑиланнÑ." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "Випадок вхідного формуваннÑ" @@ -14397,7 +14551,7 @@ msgstr "ÐаÑтупні команди перетворюютьÑÑ Ð½Ð° " msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "Ð”Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ñ–Ð² Ð´Ð»Ñ Ð´Ð°Ð½Ð¾Ð³Ð¾ протоколу динамічної маршрутизації в даному vrf знадоблÑÑ‚ÑŒÑÑ Ð½Ð°Ñтупні команди:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð´ÐµÐ¼Ð¾Ð½Ñтрує, Ñк викориÑтовувати VyOS Ð´Ð»Ñ Ð´Ð¾ÑÑÐ³Ð½ÐµÐ½Ð½Ñ Ð±Ð°Ð»Ð°Ð½ÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° оÑнові доменного імені." @@ -14413,11 +14567,11 @@ msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð½Ð° VyOS заÑтоÑовує msgid "The following configuration reverse-proxy terminate SSL." msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð·Ð²Ð¾Ñ€Ð¾Ñ‚Ð½Ð¾Ð³Ð¾ прокÑÑ– завершує SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14772,7 @@ msgstr "Ðайпомітнішим заÑтоÑуваннÑм протоколу msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "БагатоадреÑна група, Ñка викориÑтовуєтьÑÑ Ð²Ñіма, залишає це Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ vlan. Має бути однаковим на вÑÑ–Ñ… лиÑтах, Ñкі мають цей інтерфейÑ." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "Ðазва поÑлуги може бути різною, в даному прикладі лише Ð´Ð»Ñ Ð·Ñ€ÑƒÑ‡Ð½Ð¾ÑÑ‚Ñ–." @@ -16161,11 +16315,19 @@ msgstr "Ці команди Ñтворюють міÑÑ‚, Ñкий Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñ msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "Ці команди вказують кінцевий автомат (FSM), призначений Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‡Ð°Ñом Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð¾Ð±Ñ‡Ð¸Ñлень SPF у відповідь на події IGP. ПроцеÑ, опиÑаний у :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "Ð¦Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ð¼Ð¸ÐºÐ°Ñ” зворотний прокÑÑ– TCP Ð´Ð»Ñ Ñлужби "my-tcp-api". Вхідні TCP-Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð½Ð° порт 8888 розподілÑтимуть Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¼Ñ–Ð¶ внутрішніми Ñерверами (srv01 Ñ– srv02) за допомогою циклічного алгоритму баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "Ð¦Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾Ñлуховує порт 80 Ñ– перенаправлÑÑ” вхідні запити на HTTPS:" @@ -16665,7 +16827,7 @@ msgstr "Це покаже вам ÑтатиÑтику вÑÑ–Ñ… наборів п msgid "This will show you a summary of rule-sets and groups" msgstr "Це покаже вам підÑумок наборів правил Ñ– груп" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "Це обхідне Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð´Ð°Ñ” змогу заÑтоÑувати політику Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð¾ вхідного трафіку, Ñпершу перенаправлÑючи його на проміжний віртуальний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ (`Проміжний функціональний блок`_). Там, у цьому віртуальному інтерфейÑÑ–, ви зможете заÑтоÑувати будь-Ñку політику, Ñка працює Ð´Ð»Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ трафіку, наприклад, політику формуваннÑ." @@ -16915,7 +17077,7 @@ msgstr "Щоб увімкнути автентифікацію на оÑнові msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "Щоб увімкнути Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– через RADIUS, потрібно ввімкнути опцію Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ–." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "Щоб увімкнути Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ налагодженнÑ. ДоÑтупно через :opcmd:`show log` або :opcmd:`monitor log`" @@ -17188,6 +17350,10 @@ msgstr "Перетворювачі USB на поÑлідовний порт ви msgid "UUCP subsystem" msgstr "ПідÑиÑтема UUCP" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "ОдноадреÑний" @@ -18192,7 +18358,7 @@ msgstr "Центральна чаÑтота робочого каналу VHT - #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19430,7 @@ msgstr "Тепер ви можете «набрати» вузла за допо msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "Тепер ви можете підключатиÑÑ Ð´Ð¾ вашої ÑиÑтеми через SSH, викориÑтовуючи admin/admin Ñк кориÑтувача за замовчуваннÑм, Ñкий надаєтьÑÑ Ð· контейнера ``lfkeitel/tacacs_plus:latest``." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "Ви можете заÑтоÑувати лише одну політику Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу та напрÑмку, але ви можете повторно викориÑтовувати політику Ð´Ð»Ñ Ñ€Ñ–Ð·Ð½Ð¸Ñ… інтерфейÑів та напрÑмків:" @@ -19432,11 +19598,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` підтр msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (або IPIP/IPsec, SIT/IPsec або будь-Ñкий інший тунельний протокол без Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñтану через IPsec) — це звичайний ÑпоÑіб захиÑту трафіку вÑередині тунелю." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` Ñ” доповненнÑм до GSO. Ð’ ідеалі будь-Ñкий кадр, зібраний за допомогою GRO, повинен бути Ñегментований Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ‡Ð½Ð¾Ñ— поÑлідовноÑÑ‚Ñ– кадрів за допомогою GSO, а будь-Ñка поÑлідовніÑÑ‚ÑŒ кадрів, Ñегментована за допомогою GSO, повинна мати можливіÑÑ‚ÑŒ повторно зібратиÑÑ Ð´Ð¾ оригіналу за допомогою GRO. Єдиним винÑтком із цього Ñ” ідентифікатор IPv4 у випадку, Ñкщо біт DF вÑтановлено Ð´Ð»Ñ Ð¿ÐµÐ²Ð½Ð¾Ð³Ð¾ IP-заголовка. Якщо Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° IPv4 не збільшуєтьÑÑ Ð¿Ð¾Ñлідовно, воно буде змінено таким чином, коли кадр, зібраний через GRO, ÑегментуєтьÑÑ Ñ‡ÐµÑ€ÐµÐ· GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` — це чиÑте програмне розвантаженнÑ, призначене Ð´Ð»Ñ Ð²Ð¸Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð²Ð¸Ð¿Ð°Ð´ÐºÑ–Ð², коли драйвери приÑтроїв не можуть виконувати опиÑані вище розвантаженнÑ. Що відбуваєтьÑÑ Ð² GSO, так це те, що даний skbuff матиме Ñвої дані, розбиті на кілька skbuff, розмір Ñких було змінено відповідно до MSS, наданого через skb_shinfo()->gso_size." @@ -19464,6 +19630,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` — це протокол Ñи msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` — це протокол Ñ€Ñ–Ð²Ð½Ñ Ð·Ð²â€™Ñзку, Ñкий не залежить від поÑтачальника, у пакеті Інтернет-протоколів, Ñкий викориÑтовуєтьÑÑ Ð¼ÐµÑ€ÐµÐ¶ÐµÐ²Ð¸Ð¼Ð¸ приÑтроÑми Ð´Ð»Ñ Ñ€ÐµÐºÐ»Ð°Ð¼Ð¸ Ñвоєї ідентичноÑÑ‚Ñ–, можливоÑтей Ñ– ÑуÑідів у локальній мережі IEEE 802, головним чином дротовому Ethernet. Протокол офіційно називаєтьÑÑ IEEE Ñк Station and Media Access Control Connectivity Discovery, визначений у IEEE 802.1AB та IEEE 802.3-2012, розділ 6, пункт 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (протокол ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ñ–Ð² MACsec)` викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñинхронізації ключів між окремими вузлами." @@ -19528,7 +19698,7 @@ msgstr ":abbr:`RPKI (інфраÑтруктура відкритих ключіРmsgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` Ñ” логічно програмною реалізацією :abbr:`RSS (Receive Side Scaling)`. Перебуваючи в програмному забезпеченні, він обов'Ñзково викликаєтьÑÑ Ð¿Ñ–Ð·Ð½Ñ–ÑˆÐµ в шлÑху даних. У той Ñ‡Ð°Ñ Ñк RSS вибирає чергу Ñ–, отже, ЦП, Ñкий запуÑкатиме обробник апаратних переривань, RPS вибирає ЦП Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ протоколу над обробником переривань. Це доÑÑгаєтьÑÑ ÑˆÐ»Ñхом Ñ€Ð¾Ð·Ð¼Ñ–Ñ‰ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ð° в черзі Ñ€ÐµÐ·ÐµÑ€Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¾Ð³Ð¾ ЦП Ñ– Ð¿Ñ€Ð¾Ð±ÑƒÐ´Ð¶ÐµÐ½Ð½Ñ Ð¦ÐŸ Ð´Ð»Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸. RPS має деÑкі переваги перед RSS:" @@ -19724,6 +19894,10 @@ msgstr "`4. Додайте додаткові параметри`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name> ` повинні бути однаковими з обох Ñторін!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | голова -n -1 | tr -d '\\n'``" @@ -20292,6 +20466,10 @@ msgstr "``обмін ключами``, Ñкий протокол Ñлід вик msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - приватний ключ, Ñкий буде викориÑтовуватиÑÑ Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— локального маршрутизатора на віддаленому пірі:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: профіль Ñервера, ÑпрÑмований на Ð·Ð½Ð¸Ð¶ÐµÐ½Ð½Ñ Ð·Ð°Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ мережі. Цей профіль надає перевагу продуктивноÑÑ‚Ñ–, а не енергозбереженню, вÑтановлюючи ``intel_pstate`` Ñ– ``min_perf_pct=100``." @@ -20775,6 +20953,18 @@ msgstr "``static`` - Статично налаштовані маршрути" msgid "``station`` - Connects to another access point" msgstr "``ÑтанціÑ`` - ПідключаєтьÑÑ Ð´Ð¾ іншої точки доÑтупу" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +21014,10 @@ msgstr "``пропуÑкна здатніÑÑ‚ÑŒ``: профіль Ñервера msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` тайм-аут підтримки активноÑÑ‚Ñ– в Ñекундах <2-86400> (за замовчуваннÑм 120) Лише IKEv1" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` – адаптивне Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ: зв’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ°Ð½Ð°Ð»Ñ–Ð², Ñке не потребує Ñпеціальної підтримки комутатора." @@ -20888,6 +21082,22 @@ msgstr "``vnc`` - ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾ÑŽ мережею (VNC) msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - викориÑтовувати Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ VTI Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ. Будь-Ñкий трафік, Ñкий надÑилатиметьÑÑ Ð´Ð¾ інтерфейÑу VTI, буде зашифровано та надÑилатиметьÑÑ Ñ†ÑŒÐ¾Ð¼Ñƒ вузлу. ВикориÑÑ‚Ð°Ð½Ð½Ñ VTI робить конфігурацію IPSec набагато гнучкою та проÑтішою в Ñкладних ÑитуаціÑÑ…, а також дозволÑÑ” динамічно додавати/видалÑти віддалені мережі, доÑтупні через одноранговий приÑтрій, оÑкільки в цьому режимі маршрутизатору не потрібно Ñтворювати додаткові SA/політики Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— віддаленої мережі:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - параметри режиму аутентифікації x509:" @@ -21249,10 +21459,18 @@ msgstr "ip-переадреÑаціÑ" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "його можна викориÑтовувати з будь-Ñкою мережевою карткою," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "це не збільшує чаÑтоту переривань апаратного приÑтрою (хоча вводить міжпроцеÑорні Ð¿ÐµÑ€ÐµÑ€Ð¸Ð²Ð°Ð½Ð½Ñ (IPI))." @@ -21647,6 +21865,10 @@ msgstr "повільно: попроÑÑ–Ñ‚ÑŒ партнера передават msgid "smtp-server" msgstr "smtp-Ñервер" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "програмні фільтри можна легко додати до Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð¾Ð²Ð¸Ñ… протоколів," diff --git a/docs/_locale/uk/contributing.pot b/docs/_locale/uk/contributing.pot index b510f5a3..efd84cce 100644 --- a/docs/_locale/uk/contributing.pot +++ b/docs/_locale/uk/contributing.pot @@ -72,6 +72,18 @@ msgstr "Хорошим підходом Ð´Ð»Ñ Ð½Ð°Ð¿Ð¸ÑÐ°Ð½Ð½Ñ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼ msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "Ð”Ð»Ñ Ð·Ð¼Ñ–Ð½Ð¸ поведінки VyOS під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° вÑтановити Ñ€Ñд прапорців. Ці прапорці можна перемикати за допомогою змінних Ñередовища або ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ„Ð°Ð¹Ð»Ñ–Ð²." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "Єдиний короткий підÑумок коміту (рекомендовано 50 Ñимволів або менше, не більше 80 Ñимволів), що міÑтить Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ Ð·Ð¼Ñ–Ð½ÐµÐ½Ð¾Ð³Ð¾ компонента та відповідне поÑÐ¸Ð»Ð°Ð½Ð½Ñ Phabricator_, наприклад ``snmp: T1111:`` або ``ethernet: T2222:` ` - кілька компонентів можуть бути об'єднані, Ñк у ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Ðкроніми також **повинні** пиÑати з велиРmsgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Додайте файл до індекÑу Git за допомогою ``git add myfile`` або Ð´Ð»Ñ Ñ†Ñ–Ð»Ð¾Ð³Ð¾ каталогу: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Додайте одну або кілька IP-адреÑ" @@ -155,6 +167,14 @@ msgstr "Будь-Ñкий «модифікований» пакет може ÑÑ msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Будь-Ñкі пакунки в каталозі пакетів буде додано до iso під Ñ‡Ð°Ñ Ð·Ð±Ñ–Ñ€ÐºÐ¸, замінивши вихідні. ПереконайтеÑÑ, що ви видалили Ñ—Ñ… (Ñк вихідні каталоги, так Ñ– зібрані пакунки deb), Ñкщо ви хочете зібрати iso з чиÑтих пакетів." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "ОÑкільки Smoketests змінить конфігурацію ÑиÑтеми, а ви ввійшли в ÑиÑтему віддалено, ви можете втратити Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ ÑиÑтеми." @@ -219,6 +239,10 @@ msgstr "Ð§Ð°Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ" msgid "Bug Report/Issue" msgstr "ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ помилку/проблема" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Будувати" @@ -303,7 +327,7 @@ msgstr "Ð’Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ Ñ” Ñуто декларативним msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "ЗафікÑуйте зміни, викликавши ``git commit``. Будь лаÑка, викориÑтовуйте зміÑтовний заголовок коміту (прочитайте вище) Ñ– не забудьте вказати поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½Ð° Phabricator_ ID." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "ТеÑти Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—" @@ -331,7 +355,7 @@ msgstr "Безперервна інтеграціÑ" msgid "Customize" msgstr "Ðалаштувати" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "Клієнт DHCP Ñ– Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑа DHCPv6" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "Кожен набір змін має бути узгодженим (ÑамовміÑним)! Ðе виправлÑйте кілька помилок в одному коміті. Якщо ви вже працювали над кількома виправленнÑми в одному файлі, ÑкориÑтайтеÑÑ `git add --patch`, щоб додати лише чаÑтини, пов’Ñзані з однією проблемою, у ваш майбутній комміт." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "приклад:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Запит на функцію" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "Прошивка" @@ -578,11 +610,15 @@ msgstr "Жахливо: "Тайм-аут Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ TCP"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Жахливо: "алгоритм фробнікації"." -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "Як ми можемо відтворити цю помилку?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "Варіанти IP та IPv6" @@ -606,14 +642,30 @@ msgstr "Якщо дієÑлово важливе, збережіть його. Ð msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "Якщо заÑтоÑовно, має бути зроблено поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½Ð° попередній комміт, Ñкий гарно зв’Ñзує ці коміти під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ³Ð»Ñду Ñ–Ñторії: ``ПіÑÐ»Ñ Ñ„Ñ–ÐºÑації abcd12ef ("snmp: це заголовок") відÑутній оператор імпорту Python, викликаючи такий винÑток: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "Якщо у комітах вашого запиту на Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ñутнє поÑÐ¸Ð»Ð°Ð½Ð½Ñ Phabricator_, ми маємо попроÑити Ð²Ð°Ñ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ñ–Ñ‚Ñƒ. Інакше нам доведетьÑÑ Ð¹Ð¾Ð³Ð¾ відхилити." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Якщо у Ð²Ð°Ñ Ð´Ð¾Ñтатньо ÑміливоÑÑ‚Ñ–, щоб ÑамоÑтійно Ñтворити образ ISO, Ñкий міÑтить будь-Ñкий модифікований пакет від нашої організації GitHub – це те міÑце, щоб бути." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Якщо ви оновлюєте Ñдро або додаєте нові драйвери, вам може знадобитиÑÑ Ð½Ð¾Ð²Ðµ мікропрограмне забезпеченнÑ. Створіть новий пакет ``vyos-linux-firmware`` із доданими допоміжними ÑценаріÑми." @@ -626,7 +678,7 @@ msgstr "У великій ÑиÑтемі, такій Ñк VyOS, Ñка ÑклаРmsgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "Крім того, це також допоможе під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ³Ð»Ñду кодової бази GitHub на мобільному приÑтрої, Ñкщо ви випадково божевільний учений." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "Щоб відкрити звіт про помилку/запит на функцію, вам потрібно Ñтворити обліковий Ð·Ð°Ð¿Ð¸Ñ Ð½Ð° VyOS Phabricator_. У лівій чаÑтині конкретного проекту (VyOS 1.2 або VyOS 1.3) ви знайдете швидкі поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ð·Ð²Ñ–Ñ‚Ñƒ про помилку/запиту функції." @@ -690,10 +742,14 @@ msgstr "Intel QAT" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "ТеÑти на оÑнові інтерфейÑу" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Проблеми/запити на функції" @@ -706,6 +762,10 @@ msgstr "Проблеми чи помилки можна знайти в будь msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "Це програма на Ada, Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñкої потрібні GNAT Ñ– gprbuild, залежноÑÑ‚Ñ– вказані належним чином, тому проÑто дотримуйтеÑÑ Ð¿Ð¾Ñ€Ð°Ð´ debuild." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "Також можна налаштувати Ð½Ð°Ð»Ð°Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð·Ð° допомогою змінних Ñередовища. У такому випадку Ñ–Ð¼â€™Ñ Ð±ÑƒÐ´Ðµ (у верхньому регіÑтрі) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Ядро Linux" msgid "Live System" msgstr "Жива ÑиÑтема" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "Розмір PERSON" @@ -770,11 +830,11 @@ msgstr "Розмір PERSON" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "ВнеÑÑ–Ñ‚ÑŒ зміни та збережіть Ñ—Ñ…. Зробіть наÑтупне Ð´Ð»Ñ Ð²ÑÑ–Ñ… файлів змін, щоб запиÑати Ñ—Ñ… у Ñтворений комміт Git:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Ручний запуÑк Smoketest" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Ðавантажувальний теÑÑ‚ конфігурації вручну" @@ -851,7 +911,7 @@ msgstr "Тепер у Ð²Ð°Ñ Ñ” два нові пÑевдоніми ``vybld`` Ñ msgid "Old concept/syntax" msgstr "Стара концепціÑ/ÑинтакÑиÑ" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "З іншого боку, оÑкільки кожен теÑÑ‚ міÑтитьÑÑ Ð² окремому файлі, можна завжди виконати один Smoketest вручну, проÑто запуÑтивши теÑтові Ñценарії Python." @@ -863,7 +923,7 @@ msgstr "ПіÑÐ»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½ÐµÐ¾Ð±Ñ…Ñ–Ð´Ð½Ð¸Ñ… Ð·Ð°Ð»ÐµÐ¶Ð½Ð¾Ñ msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Щойно ви запуÑтите ``show xyz`` Ñ– ваша умова Ñпрацює, ви повинні перейти до налагоджувача python:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "Людина не зобов’Ñзана завантажувати вÑÑ– конфігурації одну за одною, але також може завантажувати окремі теÑтові конфігурації ÑамоÑтійно." @@ -903,7 +963,7 @@ msgstr "Ðаш код розбитий на кілька модулів. VyOS Ñ msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Ðаші Ñценарії операційного режиму викориÑтовують модуль python-vici, Ñкий не входить до збірки Debian, Ñ– його нелегко інтегрувати в цю збірку. З цієї причини ми зараз дебіанізуємо цей модуль вручну, викориÑтовуючи цю процедуру:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Ðаші smoketests не лише перевірÑÑŽÑ‚ÑŒ демони та Ñервери, а й перевірÑÑŽÑ‚ÑŒ, чи працює те, що ми налаштували Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу. Таким чином, Ñ–Ñнує загальний базовий ÐºÐ»Ð°Ñ Ð¿Ñ–Ð´ назвою: ``base_interfaces_test.py``, Ñкий міÑтить увеÑÑŒ загальний код, Ñкий підтримує Ñ– теÑтуєтьÑÑ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñом." @@ -936,11 +996,11 @@ msgstr "Будь лаÑка, викориÑтовуйте наÑтупний шРmsgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "ÐžÐ¿Ð¸Ñ Ð¿Ð¾Ñ€Ñ‚Ñƒ" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Вимкнути порт" @@ -964,7 +1024,11 @@ msgstr "передумови" msgid "Priorities" msgstr "Пріоритети" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Ðадайте Ñкомога більше інформації" @@ -996,7 +1060,7 @@ msgstr "ОбґрунтуваннÑ: це здаєтьÑÑ Ð½ÐµÐ¿Ð¸Ñаним ÑÑ msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Ð’ оÑтанніх верÑÑ–ÑÑ… викориÑтовуєтьÑÑ Ñтруктура ``vyos.frr``. ÐšÐ»Ð°Ñ Python знаходитьÑÑ Ð²Ñередині нашого ``vyos-1x:python/vyos/frr.py``. Він поÑтачаєтьÑÑ Ñ–Ð· вбудованим налагоджувачем налагодженнÑ/(Ñтиль друку), Ñк це робить vyos.ifconfig." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Повідомити про помилку" @@ -1041,7 +1105,7 @@ msgstr "ДеÑкі пакунки VyOS (а Ñаме vyos-1x) поÑÑ‚Ð°Ñ‡Ð°ÑŽÑ‚Ñ msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "ДеÑкі абревіатури традиційно пишутьÑÑ Ñƒ змішаному регіÑтрі. Як правило, Ñкщо він міÑтить Ñлова «над» або «верÑÑ–Ñ», літера **повинна** бути малою. Якщо Ñ–Ñнує прийнÑтний варіант напиÑÐ°Ð½Ð½Ñ (оÑобливо Ñкщо він визначений RFC або іншим Ñтандартом), його **необхідно** дотримуватиÑÑ." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "ДеÑкі з конфігурацій мають попередні умови, Ñкі необхідно виконати. Вони, швидше за вÑе, включають генерацію крипографічних ключів перед заÑтоÑуваннÑм конфігурації - інакше ви отримаєте помилку фікÑації. Якщо Ð²Ð°Ñ Ñ†Ñ–ÐºÐ°Ð²Ð¸Ñ‚ÑŒ, Ñк виконуютьÑÑ Ñ†Ñ– попередні умови, перевірте репозиторій vyos-build_ Ñ– файл ``scripts/check-qemu-install``." @@ -1077,6 +1141,14 @@ msgstr "ПрипуÑтімо, ви хочете внеÑти зміни в ÑцРmsgid "System Startup" msgstr "ЗапуÑк ÑиÑтеми" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "ПроцеÑор шаблону **потрібно** викориÑтовувати Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ð¹Ð½Ð¸Ñ… файлів. Вбудоване Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ€Ñдків **може** викориÑтовуватиÑÑ Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñтих Ñ€Ñдково-орієнтованих форматів, де кожен Ñ€Ñдок ÑамодоÑтатній, наприклад, правила iptables. ПроцеÑор шаблонів **має** викориÑтовуватиÑÑ Ð´Ð»Ñ Ñтруктурованих багаторÑдкових форматів, таких Ñк Ñ‚Ñ–, що викориÑтовуютьÑÑ ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "Ð¤ÑƒÐ½ÐºÑ†Ñ–Ñ ``verify()`` бере ваше внутрішнє преРmsgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "Ð—Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ bash (або краще vbash) у VyOS визначено в *шаблонах*. Шаблони — це текÑтові файли (так звані ``node.def``), що зберігаютьÑÑ Ð² дереві каталогів. Імена каталогів визначають імена команд, а файли шаблонів визначають поведінку команд. До VyOS 1.2 (crux) ці файли ÑтворювалиÑÑ Ð²Ñ€ÑƒÑ‡Ð½Ñƒ. ПіÑÐ»Ñ Ñкладного процеÑу редизайну_ новий шаблон Ñтилю автоматично генеруєтьÑÑ Ð· вхідного файлу XML." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "ÐŸÑ€Ð¾Ñ†ÐµÑ Ð·Ð±Ñ–Ñ€ÐºÐ¸ має бути побудований на локальній файловій ÑиÑтемі, збірка на Ñпільних реÑурÑах SMB або NFS призведе до того, що контейнер не збиратиметьÑÑ Ð½Ð°Ð»ÐµÐ¶Ð½Ð¸Ð¼ чином! VirtualBox Drive Share також не доÑтупний, оÑкільки операції з блоковими приÑтроÑми не реалізовані, а диÑк завжди монтуєтьÑÑ Ñк "nodev"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "УÑÑ– конфігурації походÑÑ‚ÑŒ від виробничих ÑиÑтем Ñ– можуть виÑтупати не лише Ñк теÑтовий приклад, але й Ñк поÑиланнÑ, Ñкщо потрібно ввімкнути певну функцію. Конфігурації можна знайти тут: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "Типовим процеÑором шаблонів Ð´Ð»Ñ ÐºÐ¾Ð´Ñƒ VyO msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "ÐайпроÑтіший ÑпоÑіб Ñкомпілювати ваш пакунок — за допомогою згаданого вище контейнера :ref:`build_docker`, він міÑтить уÑÑ– необхідні залежноÑÑ‚Ñ– Ð´Ð»Ñ Ð²ÑÑ–Ñ… пакетів, пов’Ñзаних з VyOS." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "ВеÑÑŒ теÑÑ‚ контролюєтьÑÑ Ð¾Ñновним Ñценарієм оболонки ``/usr/bin/vyos-configtest``, Ñкий поводитьÑÑ Ñ‚Ð°Ðº Ñамо, Ñк Ñ– оÑновний Ñценарій smoketest. Він Ñканує папку на наÑвніÑÑ‚ÑŒ потенційних файлів конфігурації та видає команду ``load`` одну за одною." @@ -1201,7 +1277,7 @@ msgstr "Ðайбільш очевидними причинами можуть б msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "Оригінальне репо Ñ” на https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "Інша чаÑтина наших теÑтів називаєтьÑÑ Â«Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÑƒÐ²Ð°Ð»ÑŒÐ½Ñ– теÑти конфігурації». ТеÑти Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— завантажуватимуть — один за одним — довільні файли конфігурації, щоб перевірити, чи Ñценарії міграції конфігурації працюють належним чином Ñ– чи можна завантажити певний набір функціональних можливоÑтей за допомогою Ñвіжого ISO-образу VyOS." @@ -1265,6 +1341,10 @@ msgstr "ІÑнують розширеннÑ, наприклад, Ð´Ð»Ñ VIM (xml msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "Є два прапорці, Ñкі допомагають у налагодженні Ñценаріїв конфігурації. ОÑкільки проблеми із завантаженнÑм конфігурації виÑвлÑтимутьÑÑ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ, прапорці передаютьÑÑ Ñк параметри Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñдра." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "Цей ISO можна налаштувати за допомогою наÑтупного ÑпиÑку параметрів конфігурації. Повний Ñ– поточний ÑпиÑок можна Ñтворити за допомогою ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "У цьому розділі перераховано ці винÑткРmsgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "Це робитьÑÑ Ð·Ð° допомогою пакета ``systemd-bootchart``, Ñкий тепер вÑтановлено за замовчуваннÑм у гілці VyOS 1.3 (equuleus). ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñ‚Ð°ÐºÐ¾Ð¶ має верÑÑ–Ñ—, тому ми отримуємо порівнÑльні результати. ``systemd-bootchart`` налаштовуєтьÑÑ Ð·Ð° допомогою цього файлу: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "Це означає, що відповідний файл (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) знаходитьÑÑ Ð² пакеті ``vyatta-webproxy``, Ñкий можна знайти тут: https://github. com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "Це проведе Ð²Ð°Ñ Ñ‡ÐµÑ€ÐµÐ· Ð¿Ñ€Ð¾Ñ†ÐµÑ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ VyOS ISO за допомогою Docker_. Цей Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐµÐ½Ð¾ на чиÑтих інÑталÑціÑÑ… Debian Jessie, Stretch Ñ– Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "Це обмежить теÑÑ‚ інтерфейÑу `bond` лише викориÑтаннÑм `eth1` Ñ– `eth2` Ñк членÑьких портів." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Ці загальні теÑти ÑкладаютьÑÑ Ð·:" @@ -1353,6 +1437,10 @@ msgstr "Щоб увімкнути графік чаÑу Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "Щоб увімкнути налагодженнÑ, проÑто запуÑÑ‚Ñ–Ñ‚ÑŒ: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "Щоб забезпечити єдиний виглÑд Ñ– відчуттÑ, а також покращити читабельніÑÑ‚ÑŒ, ми повинні поÑлідовно дотримуватиÑÑ Ð½Ð°Ð±Ð¾Ñ€Ñƒ вказівок." @@ -1413,7 +1501,7 @@ msgstr "КориÑні команди:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (включаючи VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLAN (QinQ Ñ– звичайний 802.1q)" @@ -1457,6 +1545,10 @@ msgstr "VyOS викориÑтовує Jenkins_ Ñк Ñлужбу поÑтійнРmsgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "Ми знову викориÑтовуємо допоміжний Ñценарій Ñ– деÑкі патчі, щоб збірка працювала. ПроÑто запуÑÑ‚Ñ–Ñ‚ÑŒ таку команду:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "Ми розрізнÑємо два незалежні теÑти, Ñкі виконуютьÑÑ Ð¿Ð°Ñ€Ð°Ð»ÐµÐ»ÑŒÐ½Ð¾ двома окремими екземплÑрами QEmu, Ñкі запуÑкаютьÑÑ Ñ‡ÐµÑ€ÐµÐ· ``make test`` Ñ– ``make testc`` зі Ñховища vyos-build_." @@ -1473,6 +1565,10 @@ msgstr "Тепер нам потрібно змонтувати деÑкі неРmsgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "Ми приймаємо лише Ð²Ð¸Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ð¼Ð¸Ð»Ð¾Ðº у пакетах, відмінних від https://github.com/vyos/vyos-1x, оÑкільки жодна нова функціональніÑÑ‚ÑŒ не повинна викориÑтовувати Ñтарі шаблони Ñтилю (``node.def`` Ñ– код Perl/BASH. ВикориÑтовуйте новий Ñтиль XML ÐатоміÑÑ‚ÑŒ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ /Python." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "Що/чому/Ñк щоÑÑŒ було змінено, полегшує Ð¶Ð¸Ñ‚Ñ‚Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ під Ñ‡Ð°Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸ з `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "Коли ви зможете переконатиÑÑ, що це ÑпрРmsgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "Коли ви працюєте над конфігурацією інтерфейÑу Ñ– не бажаєте перевірÑти, чи пройшли теÑти Smoketests, ви зазвичай втрачаєте віддалене SSH-Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· вашим :abbr:`DUT (Device Under Test)`. Щоб вирішити цю проблему, деÑкі з теÑтів на оÑнові інтерфейÑу можна заздалегідь викликати зі змінною Ñередовища, щоб обмежити кількіÑÑ‚ÑŒ інтерфейÑів, Ñкі викориÑтовуютьÑÑ Ð² теÑÑ‚Ñ–. За замовчуваннÑм викориÑтовуютьÑÑ Ð²ÑÑ– інтерфейÑи, наприклад, уÑÑ– інтерфейÑи Ethernet." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "Якщо ви вважаєте, що знайшли помилку, за msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "Якщо ви хочете, щоб розробник виправив помилку, Ñку ви знайшли, допомога йому відтворити проблему буде кориÑною Ð´Ð»Ñ Ð²ÑÑ–Ñ…. Обов’Ñзково вкажіть інформацію про апаратне забезпеченнÑ, Ñке ви викориÑтовуєте, команди, Ñкі ви запуÑкали, будь-Ñкі інші дії, Ñкі ви, можливо, виконували в той чаÑ. Ð¦Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð° Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð¼Ð¾Ð¶Ðµ бути дуже кориÑною." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "Яку верÑÑ–ÑŽ VyOS ви викориÑтовуєте? ``виконати показову верÑÑ–ÑŽ``" @@ -1574,6 +1670,10 @@ msgstr "Ви можете ввеÑти ``help``, щоб отримати Ð¾Ð³Ð»Ñ msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "У Ð²Ð°Ñ Ñ” уÑÐ²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ те, Ñк покращити VyOS, або вам потрібна конкретна функціÑ, Ñка буде кориÑною Ð´Ð»Ñ Ð²ÑÑ–Ñ… кориÑтувачів VyOS? Щоб надіÑлати запит на функцію, виконайте пошук Phabricator_, Ñкщо запит уже очікує на розглÑд. Ви можете покращити його або, Ñкщо не знайдете, Ñтворити новий, ÑкориÑтавшиÑÑŒ швидким поÑиланнÑм ліворуч під конкретним проектом." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "У Ð²Ð°Ñ Ñ” влаÑні пакети Ñдра `*.deb` у папці `packages`, але ви забули про ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð²ÑÑ–Ñ… необхідних позадеревних модулів, таких Ñк Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "Тепер ви повинні побачити зворотне траÑÑƒÐ²Ð°Ð½Ð½Ñ Python, Ñке допоможе нам вирішити цю проблему. Додайте його до Ð·Ð°Ð²Ð´Ð°Ð½Ð½Ñ Phabricator_." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "Потім ви можете продовжити ÐºÐ»Ð¾Ð½ÑƒÐ²Ð°Ð½Ð½Ñ Ñ msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Ваш Ñценарій конфігурації або Ñценарій режиму роботи, Ñкий також напиÑаний на Python3, повинен мати розрив Ñ€Ñдка на 80 Ñимволів. Сьогодні це здаєтьÑÑ Ñ‚Ñ€Ð¾Ñ…Ð¸ дивним, але оÑкільки деÑкі люди також працюють віддалено або програмують за допомогою vi(m), це доÑить хороший Ñтандарт, на Ñкий, Ñ ÑподіваюÑÑ, ми можемо поклаÑтиÑÑ." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/uk/documentation.pot b/docs/_locale/uk/documentation.pot index 5dc3912a..6593a4b4 100644 --- a/docs/_locale/uk/documentation.pot +++ b/docs/_locale/uk/documentation.pot @@ -177,6 +177,10 @@ msgid "If there some troubleshooting guides related to the commands. Explain it msgstr "Якщо Ñ” деÑкі поÑібники з уÑÑƒÐ½ÐµÐ½Ð½Ñ Ð½ÐµÑправноÑтей, пов’Ñзані з командами. ПоÑÑніть це в наÑтупній додатковій чаÑтині." #: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + +#: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "Якщо ви також хочете оновити Ñвій форк на GitHub, викориÑтовуйте наÑтупне: ``$ git push origin master``" diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index becdd4b3..dc1b4620 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,24 @@ _ext/releasenotes.py +2024-04-25 +========== + +* :vytask:`T6249` ``(default): ISO builder fails because of changed buster-backport repository`` + + +2024-04-23 +========== + +* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` + + +2024-04-17 +========== + +* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` + + 2024-04-12 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index ed68ae8a..0ad129e1 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,76 @@ _ext/releasenotes.py +2024-04-25 +========== + +* :vytask:`T6263` ``(bug): Multicast: Could not commit multicast config with multicast join group using source-address`` +* :vytask:`T5833` ``(bug): Not all AFIs compatible with VRF`` + + +2024-04-24 +========== + +* :vytask:`T6255` ``(bug): Static table description should not contain white-space`` +* :vytask:`T6226` ``(feature): add HAPROXY `tcp-request content accept` related block to load-balancing reverse proxy config`` +* :vytask:`T6109` ``(bug): remote syslog do not get all the logs`` +* :vytask:`T6217` ``(feature): VRRP contrack-sync script change name of the logger`` +* :vytask:`T6244` ``(feature): Spacing of "Show System Uptime" hard to parse`` + + +2024-04-23 +========== + +* :vytask:`T6260` ``(bug): image-tools: remove failed image directory if 'No space left on device' error`` +* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` +* :vytask:`T6237` ``(feature): IPSec remote access VPN: ability to set EAP ID of clients`` + + +2024-04-22 +========== + +* :vytask:`T5996` ``(bug): unescape backslashes for config save, compare commands`` +* :vytask:`T6103` ``(bug): DHCP-server bootfile-name double slash syntax weird behaviour`` +* :vytask:`T6080` ``(default): Default NTP server settings`` +* :vytask:`T5986` ``(bug): Container: Error on commit when environment variable value contains \n line break`` + + +2024-04-21 +========== + +* :vytask:`T6191` ``(bug): Policy Route TCP-MSS Behavior Different from 1.3.x`` +* :vytask:`T5535` ``(feature): disable-directed-broadcast should be moved to firewall global-options`` + + +2024-04-20 +========== + +* :vytask:`T6252` ``(bug): gre tunnel - doesn't allow configure jumbo frame more than 8024`` + + +2024-04-19 +========== + +* :vytask:`T6221` ``(bug): Enabling VRF breaks connectivity`` +* :vytask:`T6035` ``(bug): QoS policy shaper queue-type random-detect requires limit avpkt`` +* :vytask:`T6246` ``(feature): Enable basic haproxy http-check configuration options`` +* :vytask:`T6242` ``(feature): Loadbalancer reverse-proxy: SSL backend skip CA certificate verification`` + + +2024-04-17 +========== + +* :vytask:`T6168` ``(bug): add system image does not set default boot to current console type in compatibility mode`` +* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` +* :vytask:`T6154` ``(enhancment): Installer should ask for password twice`` +* :vytask:`T5966` ``(default): Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments`` +* :vytask:`T5723` ``(default): mdns repeater: Always reload systemd daemon before applying changes`` +* :vytask:`T5722` ``(bug): Failing to add route in failover if gateway not in the same interface network`` +* :vytask:`T5612` ``(default): Miscellaneous improvements and fixes for dynamic DNS configuration`` +* :vytask:`T5574` ``(default): Support per-service cache management for dynamic dns providers`` +* :vytask:`T5360` ``(bug): ddclient generating abuse`` + + 2024-04-15 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index aaa88c90..94d7b9ab 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,79 @@ _ext/releasenotes.py +2024-04-26 +========== + +* :vytask:`T6259` ``(feature): PKI: Support RFC822 (email) names in SAN`` + + +2024-04-25 +========== + +* :vytask:`T6263` ``(bug): Multicast: Could not commit multicast config with multicast join group using source-address`` +* :vytask:`T5833` ``(bug): Not all AFIs compatible with VRF`` + + +2024-04-24 +========== + +* :vytask:`T6255` ``(bug): Static table description should not contain white-space`` +* :vytask:`T6226` ``(feature): add HAPROXY `tcp-request content accept` related block to load-balancing reverse proxy config`` +* :vytask:`T6109` ``(bug): remote syslog do not get all the logs`` +* :vytask:`T6262` ``(default): Update the boot splash for VyOS 1.5 ISO`` +* :vytask:`T6217` ``(feature): VRRP contrack-sync script change name of the logger`` +* :vytask:`T6244` ``(feature): Spacing of "Show System Uptime" hard to parse`` + + +2024-04-23 +========== + +* :vytask:`T6260` ``(bug): image-tools: remove failed image directory if 'No space left on device' error`` +* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` +* :vytask:`T6237` ``(feature): IPSec remote access VPN: ability to set EAP ID of clients`` + + +2024-04-22 +========== + +* :vytask:`T5996` ``(bug): unescape backslashes for config save, compare commands`` + + +2024-04-21 +========== + +* :vytask:`T6191` ``(bug): Policy Route TCP-MSS Behavior Different from 1.3.x`` +* :vytask:`T5535` ``(feature): disable-directed-broadcast should be moved to firewall global-options`` + + +2024-04-20 +========== + +* :vytask:`T6252` ``(bug): gre tunnel - doesn't allow configure jumbo frame more than 8024`` + + +2024-04-19 +========== + +* :vytask:`T6221` ``(bug): Enabling VRF breaks connectivity`` +* :vytask:`T6035` ``(bug): QoS policy shaper queue-type random-detect requires limit avpkt`` +* :vytask:`T6246` ``(feature): Enable basic haproxy http-check configuration options`` +* :vytask:`T6242` ``(feature): Loadbalancer reverse-proxy: SSL backend skip CA certificate verification`` + + +2024-04-17 +========== + +* :vytask:`T6168` ``(bug): add system image does not set default boot to current console type in compatibility mode`` +* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` +* :vytask:`T6154` ``(enhancment): Installer should ask for password twice`` +* :vytask:`T5966` ``(default): Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments`` +* :vytask:`T5723` ``(default): mdns repeater: Always reload systemd daemon before applying changes`` +* :vytask:`T5722` ``(bug): Failing to add route in failover if gateway not in the same interface network`` +* :vytask:`T5612` ``(default): Miscellaneous improvements and fixes for dynamic DNS configuration`` +* :vytask:`T5574` ``(default): Support per-service cache management for dynamic dns providers`` + + 2024-04-16 ========== @@ -63,7 +136,6 @@ * :vytask:`T6106` ``(bug): Valid commit error for route-reflector-client option defined in peer-group`` * :vytask:`T5750` ``(bug): Upgrade from 1.3.4 to 1.4 Rolling fails QoS`` * :vytask:`T5740` ``(bug): Generate wiregurad keys via HTTP-API fails`` -* :vytask:`T6206` ``(bug): L2tp smoketest fails if vyos-configd is running`` * :vytask:`T5858` ``(bug): Show conntrack statistics formatting is all over the place`` diff --git a/docs/cli.rst b/docs/cli.rst index 41b4b9e0..c1a9d14c 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -501,6 +501,9 @@ different levels in the hierarchy. Warning: configuration changes have not been saved. vyos@vyos:~$ +.. hint:: You can specify a commit message with + :cfgcmd:`commit comment <message>`. + .. _save: .. cfgcmd:: save @@ -854,7 +857,7 @@ to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will -be ``config.boot-hostname.YYYYMMDD_HHMMSS``. +be ``config.boot-hostname.YYYYMMDD_HHMMSS``. .. cfgcmd:: set system config-management commit-archive location <URI> @@ -869,8 +872,14 @@ be ``config.boot-hostname.YYYYMMDD_HHMMSS``. * ``tftp://<host>/<dir>`` * ``git+https://<user>:<passwd>@<host>/<path>`` + Since username and password are part of the URI, they need to be + properly url encoded if containing special characters. + .. note:: The number of revisions don't affect the commit-archive. + .. note:: When using Git as destination for the commit archive the + ``source-address`` CLI option has no effect. + .. note:: You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst index e42d3567..6666399d 100644 --- a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst +++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst @@ -7,9 +7,9 @@ OpenVPN with LDAP | Testdate: 2023-05-11 | Version: 1.4-rolling-202305100734 -This LAB show how to uwe OpenVPN with a Active Directory authentication backend. +This LAB shows how to use OpenVPN with a Active Directory authentication method. -The Topology are consists of: +Topology consists of: * Windows Server 2019 with a running Active Directory * VyOS as a OpenVPN Server * VyOS as Client @@ -20,7 +20,7 @@ The Topology are consists of: Active Directory on Windows server ================================== -The Lab asume a full running Active Directory on the Windows Server. +The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory. .. code-block:: powershell @@ -36,7 +36,7 @@ Here are some PowerShell commands to quickly add a Test Active Directory. New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true -Configuration VyOS as OpenVPN Server +Configure VyOS as OpenVPN Server ==================================== In this example OpenVPN will be setup with a client certificate and username / password authentication. @@ -53,7 +53,7 @@ Please look :ref:`here <configuration/pki/index:pki>` for more information. Now generate all required certificates on the ovpn-server: -first the PCA +First the CA .. code-block:: none @@ -249,11 +249,27 @@ save the output to a file and import it in nearly all openvpn clients. </key> +Configure VyOS as client +------------------------ + +.. code-block:: none + + set interfaces openvpn vtun10 authentication username 'user01' + set interfaces openvpn vtun10 authentication password '$ecret' + set interfaces openvpn vtun10 encryption cipher 'aes256' + set interfaces openvpn vtun10 hash 'sha512' + set interfaces openvpn vtun10 mode 'client' + set interfaces openvpn vtun10 persistent-tunnel + set interfaces openvpn vtun10 protocol 'udp' + set interfaces openvpn vtun10 remote-host '198.51.100.254' + set interfaces openvpn vtun10 remote-port '1194' + set interfaces openvpn vtun10 tls ca-certificate 'OVPN-CA' + set interfaces openvpn vtun10 tls certificate 'CLIENT' Monitoring ========== -If the client is connect successfully you can check the output with +If the client is connected successfully you can check the status .. code-block:: none diff --git a/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf b/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf index 03889ffd..ab70ccc5 100644 --- a/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf +++ b/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf @@ -1,8 +1,8 @@ -set interfaces tunnel tun0 address '2001:470:6c:779::2/64' #Tunnelbroker Client IPv6 Address +set interfaces tunnel tun0 address '2001:470:6c:779::2/64' #Tunnelbroker Client IPv6 address set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel' set interfaces tunnel tun0 encapsulation 'sit' -set interfaces tunnel tun0 remote '216.66.86.114' #Tunnelbroker Server IPv4 Address -set interfaces tunnel tun0 source-address '172.29.129.60' # Tunnelbroker Client IPv4 Address or if there is NAT the current WAN interface address +set interfaces tunnel tun0 remote '216.66.86.114' #Tunnelbroker Server IPv4 address +set interfaces tunnel tun0 source-address '172.29.129.60' # Tunnelbroker Client IPv4 address. See note below set protocols static route6 ::/0 interface tun0 @@ -10,4 +10,4 @@ set interface ethernet eth2 address '2001:470:6d:778::1/64' # Tunnelbroker Route set service router-advert interface eth2 name-server '2001:470:20::2' set service router-advert interface eth2 prefix 2001:470:6d:778::/64 # Tunnelbroker Routed /64 prefix -set system name-server 2001:470:20::2 #Tunnelbroker DNS Server
\ No newline at end of file +set system name-server 2001:470:20::2 #Tunnelbroker DNS Server diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst index 94acbe9a..0f7c9daf 100644 --- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst +++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst @@ -48,7 +48,15 @@ Now we are able to setup the tunnel interface. :language: none :lines: 1-5 -Setup the ipv6 default route to the tunnel interface +.. note:: The `source-address` is the Tunnelbroker client IPv4 + address or if there is NAT the current WAN interface address. + + If `source-address` is dynamic, the tunnel will cease working once + the address changes. To avoid having to manually update + `source-address` each time the dynamic IP changes, an address of + '0.0.0.0' can be specified. + +Setup the IPv6 default route to the tunnel interface .. literalinclude:: _include/vyos-wan_tun0.conf :language: none @@ -204,4 +212,5 @@ instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`. Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 -firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`.
\ No newline at end of file +firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall +ipv6-name`. diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst index 2337c1ac..8dc07de6 100644 --- a/docs/configexamples/policy-based-ipsec-and-firewall.rst +++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst @@ -13,7 +13,7 @@ configuration is done only on one router. Network Topology and requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This configuration example and the requirments consists of: +This configuration example and the requirements consists of: - Two VyOS routers with public IP address. @@ -37,7 +37,7 @@ This configuration example and the requirments consists of: - Allow all new connections from local subnets. - - Allow connections from LANs to LANs throught the tunnel. + - Allow connections from LANs to LANs through the tunnel. .. image:: /_static/images/policy-based-ipsec-and-firewall.png diff --git a/docs/configexamples/wan-load-balancing.rst b/docs/configexamples/wan-load-balancing.rst index ace9a981..0952cfe5 100644 --- a/docs/configexamples/wan-load-balancing.rst +++ b/docs/configexamples/wan-load-balancing.rst @@ -69,7 +69,7 @@ Example 2: Failover based on interface weights This example uses the failover mode. -.. _wan:example2_overwiew: +.. _wan:example2_overview: Overview ^^^^^^^^ @@ -98,7 +98,7 @@ The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order. -.. _wan:example3_overwiew: +.. _wan:example3_overview: Overview ^^^^^^^^ @@ -129,7 +129,7 @@ traffic. It is assumed for this example that eth1 is connected to a slower connection than eth0 and should prioritize VoIP traffic. -.. _wan:example4_overwiew: +.. _wan:example4_overview: Overview ^^^^^^^^ diff --git a/docs/configexamples/zone-policy.rst b/docs/configexamples/zone-policy.rst index 08db13b9..95648e7a 100644 --- a/docs/configexamples/zone-policy.rst +++ b/docs/configexamples/zone-policy.rst @@ -6,7 +6,7 @@ Zone-Policy example ------------------- .. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall - structure can be found on all vyos instalations, and zone based firewall is + structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ @@ -145,7 +145,7 @@ To add logging to the default rule, do: .. code-block:: none - set firewall name <ruleSet> enable-default-log + set firewall name <ruleSet> default-log By default, iptables does not allow traffic for established sessions to @@ -251,7 +251,7 @@ Since we have 4 zones, we need to setup the following rulesets. Dmz-local Even if the two zones will never communicate, it is a good idea to -create the zone-pair-direction rulesets and set enable-default-log. This +create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts. @@ -261,7 +261,7 @@ This is an example of the three base rules. name wan-lan { default-action drop - enable-default-log + default-log rule 1 { action accept state { @@ -285,7 +285,7 @@ Here is an example of an IPv6 DMZ-WAN ruleset. ipv6-name dmz-wan-6 { default-action drop - enable-default-log + default-log rule 1 { action accept state { diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index 988b425b..4dacc6f4 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -21,19 +21,43 @@ Configuration If a registry is not specified, Docker.io will be used as the container registry unless an alternative registry is specified using - **set container registry <name>** or the registry is included in the image name + **set container registry <name>** or the registry is included + in the image name .. code-block:: none set container name mysql-server image quay.io/mysql:8.0 +.. cfgcmd:: set container name <name> entrypoint <entrypoint> + + Override the default entrypoint from the image for a container. + +.. cfgcmd:: set container name <name> command <command> + + Override the default command from the image for a container. + +.. cfgcmd:: set container name <name> arguments <arguments> + + Set the command arguments for a container. + +.. cfgcmd:: set container name <name> host-name <hostname> + + Set the host name for a container. + +.. cfgcmd:: set container name <name> allow-host-pid + + The container and the host share the same process namespace. + This means that processes running on the host are visible inside the + container, and processes inside the container are visible on the host. + + The command translates to "--pid host" when the container is created. + .. cfgcmd:: set container name <name> allow-host-networks Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP. - The following commands translate to "--net host" when the container - is created + The command translates to "--net host" when the container is created. .. note:: **allow-host-networks** cannot be used with **network** @@ -47,7 +71,8 @@ Configuration Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix. - .. note:: The first IP in the container network is reserved by the engine and cannot be used + .. note:: The first IP in the container network is reserved by the + engine and cannot be used .. cfgcmd:: set container name <name> description <text> @@ -103,8 +128,10 @@ Configuration Set the restart behavior of the container. - **no**: Do not restart containers on exit - - **on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default) - - **always**: Restart containers when they exit, regardless of status, retrying indefinitely + - **on-failure**: Restart containers when they exit with a non-zero + exit code, retrying indefinitely (default) + - **always**: Restart containers when they exit, regardless of status, + retrying indefinitely .. cfgcmd:: set container name <name> memory <MB> @@ -122,12 +149,18 @@ Configuration Set container capabilities or permissions. - **net-admin**: Network operations (interface, firewall, routing tables) - - **net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024) + - **net-bind-service**: Bind a socket to privileged ports + (port numbers less than 1024) - **net-raw**: Permission to create raw network sockets - **setpcap**: Capability sets (from bounded or inherited set) - - **sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame) + - **sys-admin**: Administration operations (quotactl, mount, sethostname, + setdomainame) - **sys-time**: Permission to set system clock +.. cfgcmd:: set container name <name> label <label> value <value> + + Add metadata label for this container. + .. cfgcmd:: set container name <name> disable Disable a container. @@ -145,8 +178,8 @@ Container Networks .. cfgcmd:: set container network <name> prefix <ipv4|ipv6> - Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and - one IPv6 prefix can be used per network name. + Define IPv4 and/or IPv6 prefix for a given network name. + Both IPv4 and IPv6 can be used in parallel. .. cfgcmd:: set container network <name> vrf <nme> @@ -216,7 +249,8 @@ Example Configuration ********************* For the sake of demonstration, `example #1 in the official documentation - <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ + <https://www.zabbix.com/documentation/current/manual/ + installation/containers>`_ to the declarative VyOS CLI syntax. .. code-block:: none diff --git a/docs/configuration/firewall/bridge.rst b/docs/configuration/firewall/bridge.rst index 9fb019c5..f84fd456 100644 --- a/docs/configuration/firewall/bridge.rst +++ b/docs/configuration/firewall/bridge.rst @@ -13,7 +13,7 @@ Overview ******** In this section there's useful information of all firewall configuration that -can be done regarding bridge, and appropiate op-mode commands. +can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section: .. cfgcmd:: set firewall bridge ... @@ -37,13 +37,13 @@ for this layer is shown next: .. figure:: /_static/images/firewall-bridge-packet-flow.png -For traffic that needs to be forwared internally by the bridge, base chain is +For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge -forward filter ...``, which happens in stage 4, highlightened with red color. +forward filter ...``, which happens in stage 4, highlighted with red color. Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, -and the appropiate target should be defined in a base chain. +and the appropriate target should be defined in a base chain. .. note:: **Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic @@ -137,7 +137,7 @@ not match any rule in it's chain. For base chains, possible options for .. cfgcmd:: set firewall bridge name <name> default-jump-target <text> - To be used only when ``defult-action`` is set to ``jump``. Use this + To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule. .. note:: **Important note about default-actions:** @@ -157,8 +157,8 @@ log options can be defined. Enable logging for the matched packet. If this configuration command is not present, then log is not enabled. -.. cfgcmd:: set firewall bridge forward filter enable-default-log -.. cfgcmd:: set firewall bridge name <name> enable-default-log +.. cfgcmd:: set firewall bridge forward filter default-log +.. cfgcmd:: set firewall bridge name <name> default-log Use this command to enable the logging of the default action on the specified chain. @@ -236,9 +236,9 @@ There are a lot of matching criteria against which the packet can be tested. .. cfgcmd:: set firewall bridge name <name> rule <1-999999> inbound-interface name <iface> - Match based on inbound interface. Wilcard ``*`` can be used. + Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall bridge forward filter rule <1-999999> inbound-interface group <iface_group> @@ -246,16 +246,16 @@ There are a lot of matching criteria against which the packet can be tested. inbound-interface group <iface_group> Match based on inbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall bridge forward filter rule <1-999999> outbound-interface name <iface> .. cfgcmd:: set firewall bridge name <name> rule <1-999999> outbound-interface name <iface> - Match based on outbound interface. Wilcard ``*`` can be used. + Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall bridge forward filter rule <1-999999> outbound-interface group <iface_group> @@ -263,7 +263,7 @@ There are a lot of matching criteria against which the packet can be tested. outbound-interface group <iface_group> Match based on outbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall bridge forward filter rule <1-999999> vlan id <0-4096> @@ -288,7 +288,7 @@ Rule-set overview In this section you can find all useful firewall op-mode commands. -General commands for firewall configuration, counter and statiscits: +General commands for firewall configuration, counter and statistics: .. opcmd:: show firewall .. opcmd:: show firewall summary @@ -325,7 +325,7 @@ Configuration example: .. code-block:: none set firewall bridge forward filter default-action 'drop' - set firewall bridge forward filter enable-default-log + set firewall bridge forward filter default-log set firewall bridge forward filter rule 10 action 'continue' set firewall bridge forward filter rule 10 inbound-interface name 'eth2' set firewall bridge forward filter rule 10 vlan id '22' @@ -341,7 +341,7 @@ Configuration example: set firewall bridge forward filter rule 40 destination mac-address '66:55:44:33:22:11' set firewall bridge forward filter rule 40 source mac-address '11:22:33:44:55:66' set firewall bridge name TEST default-action 'accept' - set firewall bridge name TEST enable-default-log + set firewall bridge name TEST default-log set firewall bridge name TEST rule 10 action 'continue' set firewall bridge name TEST rule 10 log set firewall bridge name TEST rule 10 vlan priority '0' diff --git a/docs/configuration/firewall/flowtables.rst b/docs/configuration/firewall/flowtables.rst index bc7b9212..e8a5f2e8 100644 --- a/docs/configuration/firewall/flowtables.rst +++ b/docs/configuration/firewall/flowtables.rst @@ -17,7 +17,8 @@ can be done regarding flowtables. .. cfgcmd:: set firewall flowtables ... -From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` +From main structure defined in +:doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure: @@ -99,20 +100,20 @@ Creating rules for using flow tables: Configuration Example ********************* -Things to be considred in this setup: +Things to be considered in this setup: * Two interfaces are going to be used in the flowtables: eth0 and eth1 - * Minumum firewall ruleset is provided, which includes some filtering rules, - and appropiate rules for using flowtable offload capabilities. + * Minimum firewall ruleset is provided, which includes some filtering rules, + and appropriate rules for using flowtable offload capabilities. As described, first packet will be evaluated by all the firewall path, so -desired connection should be explicitely accepted. Same thing should be taken +desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch. -We will only accept traffic comming from interface eth0, protocol tcp and -destination port 1122. All other traffic traspassing the router should be +We will only accept traffic coming from interface eth0, protocol tcp and +destination port 1122. All other traffic trespassing the router should be blocked. Commands @@ -152,7 +153,7 @@ Analysis on what happens for desired connection: 4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is - accepted in rule 10. + accepted in rule 20. 5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry diff --git a/docs/configuration/firewall/groups.rst b/docs/configuration/firewall/groups.rst index aee68793..6111650a 100644 --- a/docs/configuration/firewall/groups.rst +++ b/docs/configuration/firewall/groups.rst @@ -21,9 +21,9 @@ Address Groups In an **address group** a single IP address or IP address ranges are defined. -.. cfgcmd:: set firewall group address-group <name> address [address | +.. cfgcmd:: set firewall group address-group <name> address [address | address range] -.. cfgcmd:: set firewall group ipv6-address-group <name> address <address> +.. cfgcmd:: set firewall group ipv6-address-group <name> address <address> Define a IPv4 or a IPv6 address group @@ -33,8 +33,8 @@ defined. set firewall group address-group ADR-INSIDE-v4 address 10.0.0.1-10.0.0.8 set firewall group ipv6-address-group ADR-INSIDE-v6 address 2001:db8::1 -.. cfgcmd:: set firewall group address-group <name> description <text> -.. cfgcmd:: set firewall group ipv6-address-group <name> description <text> +.. cfgcmd:: set firewall group address-group <name> description <text> +.. cfgcmd:: set firewall group ipv6-address-group <name> description <text> Provide a IPv4 or IPv6 address group description @@ -46,8 +46,8 @@ IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended. -.. cfgcmd:: set firewall group network-group <name> network <CIDR> -.. cfgcmd:: set firewall group ipv6-network-group <name> network <CIDR> +.. cfgcmd:: set firewall group network-group <name> network <CIDR> +.. cfgcmd:: set firewall group ipv6-network-group <name> network <CIDR> Define a IPv4 or IPv6 Network group. @@ -57,8 +57,8 @@ recommended. set firewall group network-group NET-INSIDE-v4 network 192.168.1.0/24 set firewall group ipv6-network-group NET-INSIDE-v6 network 2001:db8::/64 -.. cfgcmd:: set firewall group network-group <name> description <text> -.. cfgcmd:: set firewall group ipv6-network-group <name> description <text> +.. cfgcmd:: set firewall group network-group <name> description <text> +.. cfgcmd:: set firewall group ipv6-network-group <name> description <text> Provide an IPv4 or IPv6 network group description. @@ -67,7 +67,7 @@ Interface Groups An **interface group** represents a collection of interfaces. -.. cfgcmd:: set firewall group interface-group <name> interface <text> +.. cfgcmd:: set firewall group interface-group <name> interface <text> Define an interface group. Wildcard are accepted too. @@ -76,7 +76,7 @@ An **interface group** represents a collection of interfaces. set firewall group interface-group LAN interface bond1001 set firewall group interface-group LAN interface eth3* -.. cfgcmd:: set firewall group interface-group <name> description <text> +.. cfgcmd:: set firewall group interface-group <name> description <text> Provide an interface group description @@ -110,7 +110,7 @@ MAC Groups A **mac group** represents a collection of mac addresses. -.. cfgcmd:: set firewall group mac-group <name> mac-address <mac-address> +.. cfgcmd:: set firewall group mac-group <name> mac-address <mac-address> Define a mac group. @@ -128,7 +128,7 @@ Domain Groups A **domain group** represents a collection of domains. -.. cfgcmd:: set firewall group domain-group <name> address <domain> +.. cfgcmd:: set firewall group domain-group <name> address <domain> Define a domain group. @@ -140,10 +140,108 @@ A **domain group** represents a collection of domains. Provide a domain group description. +Dynamic Groups +============== + +Firewall dynamic groups are different from all the groups defined previously +because, not only they can be used as source/destination in firewall rules, +but members of these groups are not defined statically using vyos +configuration. + +Instead, members of these groups are added dynamically using firewall +rules. + +Defining Dynamic Address Groups +------------------------------- + +Dynamic address group is supported by both IPv4 and IPv6 families. +Commands used to define dynamic IPv4|IPv6 address groups are: + +.. cfgcmd:: set firewall group dynamic-group address-group <name> +.. cfgcmd:: set firewall group dynamic-group ipv6-address-group <name> + +Add description to firewall groups: + +.. cfgcmd:: set firewall group dynamic-group address-group <name> + description <text> +.. cfgcmd:: set firewall group dynamic-group ipv6-address-group <name> + description <text> + +Adding elements to Dynamic Firewall Groups +------------------------------------------ + +Once dynamic firewall groups are defined, they should be used in firewall +rules in order to dynamically add elements to it. + +Commands used for this task are: + +* Add destination IP address of the connection to a dynamic address group: + +.. cfgcmd:: set firewall ipv4 [forward | input | output] filter rule + <1-999999> add-address-to-group destination-address address-group <name> +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> add-address-to-group + destination-address address-group <name> +.. cfgcmd:: set firewall ipv6 [forward | input | output] filter rule + <1-999999> add-address-to-group destination-address address-group <name> +.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> add-address-to-group + destination-address address-group <name> + +* Add source IP address of the connection to a dynamic address group: + +.. cfgcmd:: set firewall ipv4 [forward | input | output] filter rule + <1-999999> add-address-to-group source-address address-group <name> +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> add-address-to-group + source-address address-group <name> +.. cfgcmd:: set firewall ipv6 [forward | input | output] filter rule + <1-999999> add-address-to-group source-address address-group <name> +.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> add-address-to-group + source-address address-group <name> + +Also, specific timeout can be defined per rule. In case rule gets a hit, +source or destinatination address will be added to the group, and this +element will remain in the group until timeout expires. If no timeout +is defined, then the element will remain in the group until next reboot, +or until a new commit that changes firewall configuration is done. + +.. cfgcmd:: set firewall ipv4 [forward | input | output] filter rule + <1-999999> add-address-to-group [destination-address | source-address] + timeout <timeout> +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> add-address-to-group + [destination-address | source-address] timeout <timeout> +.. cfgcmd:: set firewall ipv6 [forward | input | output] filter rule + <1-999999> add-address-to-group [destination-address | source-address] + timeout <timeout> +.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> add-address-to-group + [destination-address | source-address] timeout <timeout> + +Timeout can be defined using seconds, minutes, hours or days: + +.. code-block:: none + + set firewall ipv6 name FOO rule 10 add-address-to-group source-address timeout + Possible completions: + <number>s Timeout value in seconds + <number>m Timeout value in minutes + <number>h Timeout value in hours + <number>d Timeout value in days + +Using Dynamic Firewall Groups +----------------------------- + +As any other firewall group, dynamic firewall groups can be used in firewall +rules as matching options. For example: + +.. code-block:: none + set firewall ipv4 input filter rule 10 source group dynamic-address-group FOO + set firewall ipv4 input filter rule 10 destination group dynamic-address-group BAR + ******** Examples ******** +General example +=============== + As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules. @@ -166,12 +264,12 @@ And next, some configuration example where groups are used: .. code-block:: none - set firewall ipv4 input filter rule 10 action accept - set firewall ipv4 input filter rule 10 inbound-interface group !LAN + set firewall ipv4 output filter rule 10 action accept + set firewall ipv4 output filter rule 10 outbound-interface group !LAN set firewall ipv4 forward filter rule 20 action accept set firewall ipv4 forward filter rule 20 source group network-group TRUSTEDv4 set firewall ipv6 input filter rule 10 action accept - set firewall ipv6 input filter rule 10 source-group network-group TRUSTEDv6 + set firewall ipv6 input filter rule 10 source group network-group TRUSTEDv6 set nat destination rule 101 inbound-interface group LAN set nat destination rule 101 destination group address-group SERVERS set nat destination rule 101 protocol tcp @@ -181,30 +279,151 @@ And next, some configuration example where groups are used: set policy route PBR rule 201 protocol tcp set policy route PBR rule 201 set table 15 +Port knocking example +===================== + +Using dynamic firewall groups, we can secure access to the router, or any other +device if needed, by using the technique of port knocking. + +A 4 step port knocking example is shown next: + + .. code-block:: none + + set firewall global-options state-policy established action 'accept' + set firewall global-options state-policy invalid action 'drop' + set firewall global-options state-policy related action 'accept' + set firewall group dynamic-group address-group ALLOWED + set firewall group dynamic-group address-group PN_01 + set firewall group dynamic-group address-group PN_02 + set firewall ipv4 input filter default-action 'drop' + set firewall ipv4 input filter rule 5 action 'accept' + set firewall ipv4 input filter rule 5 protocol 'icmp' + set firewall ipv4 input filter rule 10 action 'drop' + set firewall ipv4 input filter rule 10 add-address-to-group source-address address-group 'PN_01' + set firewall ipv4 input filter rule 10 add-address-to-group source-address timeout '2m' + set firewall ipv4 input filter rule 10 description 'Port_nock 01' + set firewall ipv4 input filter rule 10 destination port '9990' + set firewall ipv4 input filter rule 10 protocol 'tcp' + set firewall ipv4 input filter rule 20 action 'drop' + set firewall ipv4 input filter rule 20 add-address-to-group source-address address-group 'PN_02' + set firewall ipv4 input filter rule 20 add-address-to-group source-address timeout '3m' + set firewall ipv4 input filter rule 20 description 'Port_nock 02' + set firewall ipv4 input filter rule 20 destination port '9991' + set firewall ipv4 input filter rule 20 protocol 'tcp' + set firewall ipv4 input filter rule 20 source group dynamic-address-group 'PN_01' + set firewall ipv4 input filter rule 30 action 'drop' + set firewall ipv4 input filter rule 30 add-address-to-group source-address address-group 'ALLOWED' + set firewall ipv4 input filter rule 30 add-address-to-group source-address timeout '2h' + set firewall ipv4 input filter rule 30 description 'Port_nock 03' + set firewall ipv4 input filter rule 30 destination port '9992' + set firewall ipv4 input filter rule 30 protocol 'tcp' + set firewall ipv4 input filter rule 30 source group dynamic-address-group 'PN_02' + set firewall ipv4 input filter rule 99 action 'accept' + set firewall ipv4 input filter rule 99 description 'Port_nock 04 - Allow ssh' + set firewall ipv4 input filter rule 99 destination port '22' + set firewall ipv4 input filter rule 99 protocol 'tcp' + set firewall ipv4 input filter rule 99 source group dynamic-address-group 'ALLOWED' + +Before testing, we can check members of firewall groups: + + .. code-block:: none + + vyos@vyos# run show firewall group + Firewall Groups + + Name Type References Members Timeout Expires + ------- ---------------------- -------------------- ------------- --------- --------- + ALLOWED address_group(dynamic) ipv4-input-filter-30 N/D N/D N/D + PN_01 address_group(dynamic) ipv4-input-filter-10 N/D N/D N/D + PN_02 address_group(dynamic) ipv4-input-filter-20 N/D N/D N/D + [edit] + vyos@vyos# + +With this configuration, in order to get ssh access to the router, user +needs to: + +1. Generate a new TCP connection with destination port 9990. As shown next, +a new entry was added to dynamic firewall group **PN_01** + + .. code-block:: none + + vyos@vyos# run show firewall group + Firewall Groups + + Name Type References Members Timeout Expires + ------- ---------------------- -------------------- ------------- --------- --------- + ALLOWED address_group(dynamic) ipv4-input-filter-30 N/D N/D N/D + PN_01 address_group(dynamic) ipv4-input-filter-10 192.168.89.31 120 119 + PN_02 address_group(dynamic) ipv4-input-filter-20 N/D N/D N/D + [edit] + vyos@vyos# + +2. Generate a new TCP connection with destination port 9991. As shown next, +a new entry was added to dynamic firewall group **PN_02** + + .. code-block:: none + + vyos@vyos# run show firewall group + Firewall Groups + + Name Type References Members Timeout Expires + ------- ---------------------- -------------------- ------------- --------- --------- + ALLOWED address_group(dynamic) ipv4-input-filter-30 N/D N/D N/D + PN_01 address_group(dynamic) ipv4-input-filter-10 192.168.89.31 120 106 + PN_02 address_group(dynamic) ipv4-input-filter-20 192.168.89.31 180 179 + [edit] + vyos@vyos# + +3. Generate a new TCP connection with destination port 9992. As shown next, +a new entry was added to dynamic firewall group **ALLOWED** + + .. code-block:: none + + vyos@vyos# run show firewall group + Firewall Groups + + Name Type References Members Timeout Expires + ------- ---------------------- -------------------- ------------- --------- --------- + ALLOWED address_group(dynamic) ipv4-input-filter-30 192.168.89.31 7200 7199 + PN_01 address_group(dynamic) ipv4-input-filter-10 192.168.89.31 120 89 + PN_02 address_group(dynamic) ipv4-input-filter-20 192.168.89.31 180 170 + [edit] + vyos@vyos# + +4. Now user can connect through ssh to the router (assuming ssh is configured). + ************** Operation-mode ************** +.. opcmd:: show firewall group .. opcmd:: show firewall group <name> - Overview of defined groups. You see the type, the members, and where the - group is used. + Overview of defined groups. You see the firewall group name, type, + references (where the group is used), members, timeout and expiration (last + two only present in dynamic firewall groups). + +Here is an example of such command: .. code-block:: none - vyos@ZBF-15-CLean:~$ show firewall group + vyos@vyos:~$ show firewall group Firewall Groups - Name Type References Members - ------------ ------------------ ---------------------- ---------------- - SERVERS address_group nat-destination-101 198.51.100.101 - 198.51.100.102 - LAN interface_group ipv4-input-filter-10 bon0 - nat-destination-101 eth2.2001 - TRUSTEDv6 ipv6_network_group ipv6-input-filter-10 2001:db8::/64 - TRUSTEDv4 network_group ipv4-forward-filter-20 192.0.2.0/30 - 203.0.113.128/25 - PORT-SERVERS port_group route-PBR-201 443 - nat-destination-101 5000-5010 - http - vyos@ZBF-15-CLean:~$ + Name Type References Members Timeout Expires + ------------ ---------------------- ---------------------- ---------------- --------- --------- + SERVERS address_group nat-destination-101 198.51.100.101 + 198.51.100.102 + ALLOWED address_group(dynamic) ipv4-input-filter-30 192.168.77.39 7200 7174 + PN_01 address_group(dynamic) ipv4-input-filter-10 192.168.0.245 120 112 + 192.168.77.39 120 85 + PN_02 address_group(dynamic) ipv4-input-filter-20 192.168.77.39 180 151 + LAN interface_group ipv4-output-filter-10 bon0 + nat-destination-101 eth2.2001 + TRUSTEDv6 ipv6_network_group ipv6-input-filter-10 2001:db8::/64 + TRUSTEDv4 network_group ipv4-forward-filter-20 192.0.2.0/30 + 203.0.113.128/25 + PORT-SERVERS port_group route-PBR-201 443 + route-PBR-201 5000-5010 + nat-destination-101 http + vyos@vyos:~$
\ No newline at end of file diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 44e0cd20..1d904901 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -24,7 +24,7 @@ firewall are covered below: where the packet was received is part of a bridge, or not. If the interface where the packet was received isn't part of a bridge, then -packetis processed at the **IP Layer**: +packet is processed at the **IP Layer**: * **Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order @@ -65,7 +65,7 @@ packetis processed at the **IP Layer**: * **Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, - such as NTP, or a response to traffic received externaly through + such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in: @@ -84,7 +84,7 @@ If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering: - * **Forward (Bridge)**: stage where traffic that is trespasing through the + * **Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled: * ``set firewall bridge forward filter ...``. diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index ff739418..f7f98dc7 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -11,12 +11,13 @@ Overview ******** In this section there's useful information of all firewall configuration that -can be done regarding IPv4, and appropiate op-mode commands. +can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section: .. cfgcmd:: set firewall ipv4 ... -From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` +From main structure defined in +:doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure: @@ -41,12 +42,12 @@ next: Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, -highlightened with red color. +highlighted with red color. For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path -for traffic destinated to the router itself, and traffic generated by the +for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6): .. figure:: /_static/images/firewall-input-packet-flow.png @@ -64,7 +65,7 @@ output filter ...`` Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use -such custom chain, a rule with **action jump**, and the appropiate **target** +such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain. ********************* @@ -184,7 +185,7 @@ not match any rule in it's chain. For base chains, possible options for .. cfgcmd:: set firewall ipv4 name <name> default-jump-target <text> - To be used only when ``defult-action`` is set to ``jump``. Use this + To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule. .. note:: **Important note about default-actions:** @@ -206,10 +207,10 @@ log options can be defined. Enable logging for the matched packet. If this configuration command is not present, then log is not enabled. -.. cfgcmd:: set firewall ipv4 forward filter enable-default-log -.. cfgcmd:: set firewall ipv4 input filter enable-default-log -.. cfgcmd:: set firewall ipv4 output filter enable-default-log -.. cfgcmd:: set firewall ipv4 name <name> enable-default-log +.. cfgcmd:: set firewall ipv4 forward filter default-log +.. cfgcmd:: set firewall ipv4 input filter default-log +.. cfgcmd:: set firewall ipv4 output filter default-log +.. cfgcmd:: set firewall ipv4 name <name> default-log Use this command to enable the logging of the default action on the specified chain. @@ -539,6 +540,27 @@ geoip) to keep database and rules updated. criteria. .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + source group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + source group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + source group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> + source group dynamic-address-group <name | !name> + +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + destination group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + destination group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + destination group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> + destination group dynamic-address-group <name | !name> + + Use a specific dynamic-address-group. Prepend character ``!`` for inverted + matching criteria. + +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> source group network-group <name | !name> .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> source group network-group <name | !name> @@ -683,9 +705,9 @@ geoip) to keep database and rules updated. .. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> inbound-interface name <iface> - Match based on inbound interface. Wilcard ``*`` can be used. + Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> inbound-interface group <iface_group> @@ -695,7 +717,7 @@ geoip) to keep database and rules updated. inbound-interface group <iface_group> Match based on inbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> outbound-interface name <iface> @@ -704,9 +726,9 @@ geoip) to keep database and rules updated. .. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> outbound-interface name <iface> - Match based on outbound interface. Wilcard ``*`` can be used. + Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> outbound-interface group <iface_group> @@ -716,7 +738,7 @@ geoip) to keep database and rules updated. outbound-interface group <iface_group> Match based on outbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> ipsec [match-ipsec | match-none] @@ -843,13 +865,13 @@ geoip) to keep database and rules updated. set firewall ipv4 input filter rule 13 tcp flags not 'fin' .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv4 output filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] Match against the state of a packet. @@ -934,13 +956,17 @@ Synproxy ******** Synproxy connections -.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> action synproxy -.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> protocol tcp -.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> synproxy tcp mss <501-65535> +.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> + action synproxy +.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> + protocol tcp +.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> + synproxy tcp mss <501-65535> Set TCP-MSS (maximum segment size) for the connection -.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> synproxy tcp window-scale <1-14> +.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> + synproxy tcp window-scale <1-14> Set the window scale factor for TCP window scaling @@ -964,12 +990,12 @@ Requirements to enable synproxy: set firewall global-options syn-cookies 'enable' set firewall ipv4 input filter rule 10 action 'synproxy' set firewall ipv4 input filter rule 10 destination port '8080' - set firewall ipv4 input filter rule 10 inbound-interface interface-name 'eth1' + set firewall ipv4 input filter rule 10 inbound-interface name 'eth1' set firewall ipv4 input filter rule 10 protocol 'tcp' set firewall ipv4 input filter rule 10 synproxy tcp mss '1460' set firewall ipv4 input filter rule 10 synproxy tcp window-scale '7' set firewall ipv4 input filter rule 1000 action 'drop' - set firewall ipv4 input filter rule 1000 state invalid 'enable' + set firewall ipv4 input filter rule 1000 state invalid *********************** @@ -1146,8 +1172,8 @@ Show Firewall log .. opcmd:: show log firewall ipv4 name <name> rule <rule> Show the logs of all firewall; show all ipv4 firewall logs; show all logs - for particular hook; show all logs for particular hook and priority; show all logs - for particular custom chain; show logs for specific Rule-Set. + for particular hook; show all logs for particular hook and priority; + show all logs for particular custom chain; show logs for specific Rule-Set. Example Partial Config ====================== diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 0aa8a137..cbf18a7d 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -11,12 +11,13 @@ Overview ******** In this section there's useful information of all firewall configuration that -can be done regarding IPv6, and appropiate op-mode commands. +can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section: .. cfgcmd:: set firewall ipv6 ... -From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` +From main structure defined in +:doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure: @@ -41,12 +42,12 @@ next: Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, -highlightened with red color. +highlighted with red color. For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path -for traffic destinated to the router itself, and traffic generated by the +for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6): .. figure:: /_static/images/firewall-input-packet-flow.png @@ -64,7 +65,7 @@ output filter ...`` Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use -such custom chain, a rule with **action jump**, and the appropiate **target** +such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain. ****************************** @@ -184,7 +185,7 @@ not match any rule in it's chain. For base chains, possible options for .. cfgcmd:: set firewall ipv6 name <name> default-jump-target <text> - To be used only when ``defult-action`` is set to ``jump``. Use this + To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule. .. note:: **Important note about default-actions:** @@ -206,10 +207,10 @@ log options can be defined. Enable logging for the matched packet. If this configuration command is not present, then log is not enabled. -.. cfgcmd:: set firewall ipv6 forward filter enable-default-log -.. cfgcmd:: set firewall ipv6 input filter enable-default-log -.. cfgcmd:: set firewall ipv6 output filter enable-default-log -.. cfgcmd:: set firewall ipv6 name <name> enable-default-log +.. cfgcmd:: set firewall ipv6 forward filter default-log +.. cfgcmd:: set firewall ipv6 input filter default-log +.. cfgcmd:: set firewall ipv6 output filter default-log +.. cfgcmd:: set firewall ipv6 name <name> default-log Use this command to enable the logging of the default action on the specified chain. @@ -373,10 +374,12 @@ There are a lot of matching criteria against which the packet can be tested. remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses - <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_) + <https://datatracker.ietf.org + /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_) This functions for both individual addresses and address groups. + .. stop_vyoslinter .. code-block:: none # Match any IPv6 address with the suffix ::0000:0000:0000:beef @@ -388,6 +391,8 @@ There are a lot of matching criteria against which the packet can be tested. set firewall ipv6 forward filter rule 200 source group address-group WEBSERVERS set firewall ipv6 forward filter rule 200 source address-mask ::ffff:ffff:ffff:ffff + .. start_vyoslinter + .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> source fqdn <fqdn> .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> @@ -526,6 +531,27 @@ geoip) to keep database and rules updated. criteria. .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + source group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv6 input filter rule <1-999999> + source group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv6 output filter rule <1-999999> + source group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> + source group dynamic-address-group <name | !name> + +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + destination group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv6 input filter rule <1-999999> + destination group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv6 output filter rule <1-999999> + destination group dynamic-address-group <name | !name> +.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> + destination group dynamic-address-group <name | !name> + + Use a specific dynamic-address-group. Prepend character ``!`` for inverted + matching criteria. + +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> source group network-group <name | !name> .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> source group network-group <name | !name> @@ -670,9 +696,9 @@ geoip) to keep database and rules updated. .. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> inbound-interface name <iface> - Match based on inbound interface. Wilcard ``*`` can be used. + Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> inbound-interface group <iface_group> @@ -682,7 +708,7 @@ geoip) to keep database and rules updated. inbound-interface group <iface_group> Match based on inbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> outbound-interface name <iface> @@ -691,9 +717,9 @@ geoip) to keep database and rules updated. .. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> outbound-interface name <iface> - Match based on outbound interface. Wilcard ``*`` can be used. + Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> outbound-interface group <iface_group> @@ -703,7 +729,7 @@ geoip) to keep database and rules updated. outbound-interface group <iface_group> Match based on outbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> ipsec [match-ipsec | match-none] @@ -829,13 +855,13 @@ geoip) to keep database and rules updated. set firewall ipv6 input filter rule 13 tcp flags not 'fin' .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv6 output filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] Match against the state of a packet. @@ -920,13 +946,17 @@ Synproxy ******** Synproxy connections -.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> action synproxy -.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> protocol tcp -.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> synproxy tcp mss <501-65535> +.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> + action synproxy +.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> + protocol tcp +.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> + synproxy tcp mss <501-65535> Set TCP-MSS (maximum segment size) for the connection -.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> synproxy tcp window-scale <1-14> +.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> + synproxy tcp window-scale <1-14> Set the window scale factor for TCP window scaling @@ -950,12 +980,12 @@ Requirements to enable synproxy: set firewall global-options syn-cookies 'enable' set firewall ipv6 input filter rule 10 action 'synproxy' set firewall ipv6 input filter rule 10 destination port '8080' - set firewall ipv6 input filter rule 10 inbound-interface interface-name 'eth1' + set firewall ipv6 input filter rule 10 inbound-interface name 'eth1' set firewall ipv6 input filter rule 10 protocol 'tcp' set firewall ipv6 input filter rule 10 synproxy tcp mss '1460' set firewall ipv6 input filter rule 10 synproxy tcp window-scale '7' set firewall ipv6 input filter rule 1000 action 'drop' - set firewall ipv6 input filter rule 1000 state invalid 'enable' + set firewall ipv6 input filter rule 1000 state invalid *********************** Operation-mode Firewall @@ -1146,8 +1176,8 @@ Show Firewall log .. opcmd:: show log firewall ipv6 name <name> rule <rule> Show the logs of all firewall; show all ipv6 firewall logs; show all logs - for particular hook; show all logs for particular hook and priority; show all logs - for particular custom chain; show logs for specific Rule-Set. + for particular hook; show all logs for particular hook and priority; + show all logs for particular custom chain; show logs for specific Rule-Set. Example Partial Config ====================== @@ -1177,7 +1207,7 @@ Example Partial Config } name INP-ETH1 { default-action drop - enable-default-log + default-log rule 10 { action accept protocol tcp_udp diff --git a/docs/configuration/firewall/zone.rst b/docs/configuration/firewall/zone.rst index 059b029d..f71ad8c1 100644 --- a/docs/configuration/firewall/zone.rst +++ b/docs/configuration/firewall/zone.rst @@ -11,7 +11,7 @@ Overview ******** .. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall - structure can be found on all vyos instalations. Zone based firewall was + structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be diff --git a/docs/configuration/interfaces/bonding.rst b/docs/configuration/interfaces/bonding.rst index 3c8ebd0d..27f1bbed 100644 --- a/docs/configuration/interfaces/bonding.rst +++ b/docs/configuration/interfaces/bonding.rst @@ -156,6 +156,11 @@ Bond options The default value is slow. +.. cfgcmd:: set interfaces bonding <interface> system-mac <mac address> + + This option allow to specifies the 802.3ad system MAC address.You can set a + random mac-address that can be used for these LACPDU exchanges. + .. cfgcmd:: set interfaces bonding <interface> hash-policy <policy> * **layer2** - Uses XOR of hardware MAC addresses and packet type ID field @@ -286,6 +291,54 @@ Port Mirror (SPAN) :var1: bond1 :var2: eth3 +EVPN Multihoming +---------------- + +All-Active Multihoming is used for redundancy and load sharing. Servers are +attached to two or more PEs and the links are bonded (link-aggregation). +This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`. + +An Ethernet Segment can be configured by specifying a system-MAC and a local +discriminator or a complete ESINAME against the bond interface on the PE. + +.. cfgcmd:: set interfaces bonding <interface> evpn es-id <<1-16777215|10-byte ID> +.. cfgcmd:: set interfaces bonding <interface> evpn es-sys-mac <xx:xx:xx:xx:xx:xx> + + The sys-mac and local discriminator are used for generating a 10-byte, Type-3 + Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - + "00:AA:BB:CC:DD:EE:FF:GG:HH:II". + + Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally + attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP + routes are also advertised with a destination ESI allowing for MAC-IP syncing + between Ethernet Segment peers. Reference: RFC 7432, RFC 8365 + + EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming + each PE has an unique VTEP address which requires the introduction of a new + dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of + remote PEs/VTEPs. + +.. cfgcmd:: set interfaces bonding <interface> evpn es-df-pref <1-65535> + + Type-4 (ESR) routes are used for Designated Forwarder (DF) election. + DFs forward BUM traffic received via the overlay network. This + implementation uses a preference based DF election specified by + draft-ietf-bess-evpn-pref-df. + + The DF preference is configurable per-ES. + + BUM traffic is rxed via the overlay by all PEs attached to a server but + only the DF can forward the de-capsulated traffic to the access port. + To accommodate that non-DF filters are installed in the dataplane to drop + the traffic. + + Similarly traffic received from ES peers via the overlay cannot be forwarded + to the server. This is split-horizon-filtering with local bias. + +.. cmdinclude:: /_include/interface-evpn-uplink.txt + :var0: bonding + :var1: bond0 + ******* Example ******* @@ -590,4 +643,3 @@ Operation Partner Churn State: churned Actor Churned Count: 1 Partner Churned Count: 1 - diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index bbf52112..dd524035 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -61,6 +61,22 @@ Offloading Enable different types of hardware offloading on the given NIC. + :abbr:`LRO (Large Receive Offload)` is a technique designed to boost the + efficiency of how your computer's network interface card (NIC) processes + incoming network traffic. Typically, network data arrives in smaller chunks + called packets. Processing each packet individually consumes CPU (central + processing unit) resources. Lots of small packets can lead to a performance + bottleneck. Instead of handing the CPU each packet as it comes in, LRO + instructs the NIC to combine multiple incoming packets into a single, larger + packet. This larger packet is then passed to the CPU for processing. + + .. note:: Under some circumstances, LRO is known to modify the packet headers + of forwarded traffic, which breaks the end-to-end principle of computer + networking. LRO is also only able to offload TCP segments encapsulated in + IPv4 packets. Due to these limitations, it is recommended to use GRO + (Generic Receive Offload) where possible. More information on the + limitations of LRO can be found here: https://lwn.net/Articles/358910/ + :abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data @@ -87,13 +103,13 @@ Offloading placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS: - - it can be used with any NIC, - - software filters can easily be added to hash over new protocols, - - it does not increase hardware device interrupt rate (although it does - introduce inter-processor interrupts (IPIs)). + - it can be used with any NIC + - software filters can easily be added to hash over new protocols + - it does not increase hardware device interrupt rate, although it does + introduce inter-processor interrupts (IPIs) - .. note:: In order to use TSO/LRO with VMXNET3 adaters one must also enable - the SG offloading option. + .. note:: In order to use TSO/LRO with VMXNET3 adapters, the SG offloading + option must also be enabled. Authentication (EAPoL) ---------------------- @@ -102,6 +118,14 @@ Authentication (EAPoL) :var0: ethernet :var1: eth0 +EVPN Multihoming +---------------- + +Uplink/Core tracking. + +.. cmdinclude:: /_include/interface-evpn-uplink.txt + :var0: ethernet + :var1: eth0 VLAN ==== @@ -273,4 +297,3 @@ Operation Date code : 0506xx .. stop_vyoslinter - diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 8cf579de..f51dfa94 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -652,6 +652,88 @@ Will add ``push "keepalive 1 10"`` to the generated OpenVPN config file. quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement. +*************************** +Multi-factor Authentication +*************************** + +VyOS supports multi-factor authentication (MFA) or two-factor authentication +using Time-based One-Time Password (TOTP). Compatible with Google Authenticator +software token, other software tokens. + +MFA TOTP options +================ + +.. cfgcmd:: set interfaces openvpn <interface> server mfa totp challenge <enable | disable> + + If set to enable, openvpn-otp will expect password as result of challenge/ + response protocol. + +.. cfgcmd:: set interfaces openvpn <interface> server mfa totp digits <1-65535> + + Configure number of digits to use for totp hash (default: 6) + +.. cfgcmd:: set interfaces openvpn <interface> server mfa totp drift <1-65535> + + Configure time drift in seconds (default: 0) + +.. cfgcmd:: set interfaces openvpn <interface> server mfa totp slop <1-65535> + + Configure maximum allowed clock slop in seconds (default: 180) + +.. cfgcmd:: set interfaces openvpn <interface> server mfa totp step <1-65535> + + Configure step value for totp in seconds (default: 30) + +Example +======= + +.. code-block:: none + + set interfaces openvpn vtun20 encryption cipher 'aes256' + set interfaces openvpn vtun20 hash 'sha512' + set interfaces openvpn vtun20 mode 'server' + set interfaces openvpn vtun20 persistent-tunnel + set interfaces openvpn vtun20 server client user1 + set interfaces openvpn vtun20 server mfa totp challenge 'disable' + set interfaces openvpn vtun20 server subnet '10.10.2.0/24' + set interfaces openvpn vtun20 server topology 'subnet' + set interfaces openvpn vtun20 tls ca-certificate 'openvpn_vtun20' + set interfaces openvpn vtun20 tls certificate 'openvpn_vtun20' + set interfaces openvpn vtun20 tls dh-params 'dh-pem' + +For every client in the openvpn server configuration a totp secret is created. +To display the authentication information, use the command: + +.. cfgcmd:: show interfaces openvpn <interface> user <username> mfa <qrcode|secret|uri> + +An example: + +.. code-block:: none + + vyos@vyos:~$ sh interfaces openvpn vtun20 user user1 mfa qrcode + █████████████████████████████████████ + █████████████████████████████████████ + ████ ▄▄▄▄▄ █▀▄▀ ▀▀▄▀ ▀▀▄ █ ▄▄▄▄▄ ████ + ████ █ █ █▀▀▄ █▀▀▀█▀██ █ █ █ ████ + ████ █▄▄▄█ █▀█ ▄ █▀▀ █▄▄▄█ █▄▄▄█ ████ + ████▄▄▄▄▄▄▄█▄█ █ █ ▀ █▄▀▄█▄▄▄▄▄▄▄████ + ████▄▄ ▄ █▄▄ ▄▀▄█▄ ▄▀▄█ ▄▄▀ ▀▄█ ▀████ + ████ ▀██▄▄▄█▄ ██ █▄▄▄▄ █▄▀█ █ █▀█████ + ████ ▄█▀▀▄▄ ▄█▀ ▀▄ ▄▄▀▄█▀▀▀ ▄▄▀████ + ████▄█ ▀▄▄▄▀ ▀ ▄█ ▄ █▄█▀ █▀ █▀█████ + ████▀█▀ ▀ ▄█▀▄▀▀█▄██▄█▀▀ ▀ ▀ ▄█▀████ + ████ ██▄▄▀▄▄█ ██ ▀█ ▄█ ▀▄█ █▀██▀████ + ████▄███▄█▄█ ▀█▄ ██▄▄▄█▀ ▄▄▄ █ ▀ ████ + ████ ▄▄▄▄▄ █▄█▀▄ ▀▄ ▀█▀ █▄█ ██▀█████ + ████ █ █ █ ▄█▀█▀▀▄ ▄▀▀▄▄▄▄▄▄ ████ + ████ █▄▄▄█ █ ▄ ▀ █▄▄▄██▄▀█▄▀▄█▄ █████ + ████▄▄▄▄▄▄▄█▄██▄█▄▄▄▄▄█▄█▄█▄██▄██████ + █████████████████████████████████████ + █████████████████████████████████████ + +Use the QR code to add the user account in Google authenticator application and +on client side, use the OTP number as password. + ********************************** OpenVPN Data Channel Offload (DCO) diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 3d462821..044d2044 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -45,6 +45,11 @@ Service Set SSL certificate <name> for service <name> +.. cfgcmd:: set load-balancing reverse-proxy service <name> + http-response-headers <header-name> value <header-value> + + Set custom HTTP headers to be included in all responses + Rules ^^^^^ @@ -144,7 +149,8 @@ Backend Send a Proxy Protocol version 2 header (binary format) -.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl ca-certificate <ca-certificate> +.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl + ca-certificate <ca-certificate> Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate> @@ -154,6 +160,42 @@ Backend Configure requests to the backend server to use SSL encryption without validating server certificate +.. cfgcmd:: set load-balancing reverse-proxy backend <name> + http-response-headers <header-name> value <header-value> + + Set custom HTTP headers to be included in all responses using the backend + + +HTTP health check +^^^^^^^^^^^^^^^^^ +For web application providing information about their state HTTP health +checks can be used to determine their availability. + +.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check + + Enables HTTP health checks using OPTION HTTP requests against '/' and + expecting a successful response code in the 200-399 range. + +.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check + method <method> + + Sets the HTTP method to be used, can be either: option, get, post, put + +.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check + uri <path> + + Sets the endpoint to be used for health checks + +.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check + expect <condition> + + Sets the expected result condition for considering a server healthy. + Some possible examples are: + * ``status 200`` Expecting a 200 response code + * ``status 200-399`` Expecting a non-failure response code + * ``string success`` Expecting the string `success` in the response body + + Global ------- @@ -215,6 +257,7 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm. set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' + Balancing based on domain name ------------------------------ The following configuration demonstrates how to use VyOS @@ -258,6 +301,7 @@ HTTPS. The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. +HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site. Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``. @@ -280,6 +324,7 @@ connection limit of 4000 and a minimum TLS version of 1.3. set load-balancing reverse-proxy service https mode 'http' set load-balancing reverse-proxy service https port '443' set load-balancing reverse-proxy service https ssl certificate 'cert' + set load-balancing reverse-proxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000' set load-balancing reverse-proxy service https rule 10 url-path exact '/.well-known/xxx' set load-balancing reverse-proxy service https rule 10 set redirect-location '/certs/' @@ -295,20 +340,22 @@ connection limit of 4000 and a minimum TLS version of 1.3. set load-balancing reverse-proxy global-parameters max-connections '4000' set load-balancing reverse-proxy global-parameters tls-version-min '1.3' + SSL Bridging ------------- -The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends -to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to +The following configuration terminates incoming HTTPS traffic on the router, +then re-encrypts the traffic and sends to the backend server via HTTPS. +This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server. -Backend service certificates are checked against the certificate authority specified in the configuration, which -could be an internal CA. +Backend service certificates are checked against the certificate authority +specified in the configuration, which could be an internal CA. The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. -The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend -server has a valid certificate trusted by CA ``cacert`` +The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS +and checks backend server has a valid certificate trusted by CA ``cacert`` .. code-block:: none @@ -325,3 +372,29 @@ server has a valid certificate trusted by CA ``cacert`` set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 address '192.0.2.23' set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 port '443' + +Balancing with HTTP health checks +--------------------------------- + +This configuration enables HTTP health checks on backend servers. + +.. code-block:: none + + set load-balancing reverse-proxy service my-tcp-api backend 'bk-01' + set load-balancing reverse-proxy service my-tcp-api mode 'tcp' + set load-balancing reverse-proxy service my-tcp-api port '8888' + + set load-balancing reverse-proxy backend bk-01 balance 'round-robin' + set load-balancing reverse-proxy backend bk-01 mode 'tcp' + + set load-balancing reverse-proxy backend bk-01 http-check method 'get' + set load-balancing reverse-proxy backend bk-01 http-check uri '/health' + set load-balancing reverse-proxy backend bk-01 http-check expect 'status 200' + + set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' + set load-balancing reverse-proxy backend bk-01 server srv01 port '8881' + set load-balancing reverse-proxy backend bk-01 server srv01 check + set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' + set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' + set load-balancing reverse-proxy backend bk-01 server srv02 check + diff --git a/docs/configuration/nat/cgnat.rst b/docs/configuration/nat/cgnat.rst new file mode 100644 index 00000000..70916318 --- /dev/null +++ b/docs/configuration/nat/cgnat.rst @@ -0,0 +1,143 @@ +.. _cgnat: + +##### +CGNAT +##### + +:abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as +Large-Scale NAT (LSN), is a type of network address translation used by +Internet Service Providers (ISPs) to enable multiple private IP addresses to +share a single public IP address. This technique helps to conserve the limited +IPv4 address space. +The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT + +Overview +======== + +CGNAT works by placing a NAT device within the ISP's network. This device +translates private IP addresses from customer networks to a limited pool of +public IP addresses assigned to the ISP. This allows many customers to share a +smaller number of public IP addresses. + +Not all :rfc:`6888` requirements are implemented in CGNAT. + +Implemented the following :rfc:`6888` requirements: + +- REQ 2: A CGN must have a default "IP address pooling" behavior of "Paired". + CGN must use the same external IP address mapping for all sessions associated + with the same internal IP address, be they TCP, UDP, ICMP, something else, + or a mix of different protocols. +- REQ 3: The CGN function should not have any limitations on the size or the + contiguity of the external address pool. +- REQ 4: A CGN must support limiting the number of external ports (or, + equivalently, "identifiers" for ICMP) that are assigned per subscriber + +Advantages of CGNAT +------------------- + +- **IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address. +- **Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses. +- **Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses. + +Considerations +-------------- + +- **Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging. +- **Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load. +- **Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses. +- **Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections. +- **Port Control Protocol**: PCP is not implemented. + +Port calculation +================ + +When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888. + +1. **Total Ports Available**: + + - Total Ports: 65536 (0 to 65535) + - Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes. + - Usable Ports: 65536 - 1024 = 64512 + +2. **Estimate Ports Needed per Subscriber**: + + - Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications. + +3. **Calculate the Number of Subscribers per Public IP**: + + - Usable Ports / Ports per Subscriber + - 64512 / 1000 ≈ 64 subscribers per public IP + + +Configuration +============= + +.. cfgcmd:: set nat cgnat pool external <pool-name> external-port-range <port-range> + + Set an external port-range for the external pool, the default range is + 1024-65535. Multiple entries can be added to the same pool. + +.. cfgcmd:: set nat cgnat pool external <pool-name> external-port-range per-user-limit port <num> + + Set external source port limits that will be allocated to each subscriber + individually. The default value is 2000. + +.. cfgcmd:: set nat cgnat pool external <pool-name> range [address | address range | network] + + Set the range of external IP addresses for the CGNAT pool. + +.. cfgcmd:: set nat cgnat pool internal <pool-name> range [address range | network] + + Set the range of internal IP addresses for the CGNAT pool. + +.. cfgcmd:: set nat cgnat pool rule <num> source pool <internal-pool-name> + + Set the rule for the source pool. + +.. cfgcmd:: set nat cgnat pool rule <num> translation pool <external-pool-name> + + Set the rule for the translation pool. + + + +Configuration Examples +====================== + +Single external address +----------------------- + +Example of setting up a basic CGNAT configuration: +In the following example, we define an external pool named `ext-1` with one external IP address + + +Each subscriber will be allocated a maximum of 2000 ports from the external pool. + +.. code-block:: none + + set nat cgnat pool external ext1 external-port-range '1024-65535' + set nat cgnat pool external ext1 per-user-limit port '2000' + set nat cgnat pool external ext1 range '192.0.2.222/32' + set nat cgnat pool internal int1 range '100.64.0.0/28' + set nat cgnat rule 10 source pool 'int1' + set nat cgnat rule 10 translation pool 'ext1' + +Multiple external addresses +--------------------------- + +.. code-block:: none + + set nat cgnat pool external ext1 external-port-range '1024-65535' + set nat cgnat pool external ext1 per-user-limit port '8000' + set nat cgnat pool external ext1 range '192.0.2.1-192.0.2.2' + set nat cgnat pool external ext1 range '203.0.113.253-203.0.113.254' + set nat cgnat pool internal int1 range '100.64.0.1-100.64.0.32' + set nat cgnat rule 10 source pool 'int1' + set nat cgnat rule 10 translation pool 'ext1' + + + +Further Reading +=============== + +- :rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space +- :rfc:`6888` - Requirements for CGNAT
\ No newline at end of file diff --git a/docs/configuration/nat/index.rst b/docs/configuration/nat/index.rst index 6556b7f9..2ecacc72 100644 --- a/docs/configuration/nat/index.rst +++ b/docs/configuration/nat/index.rst @@ -11,3 +11,4 @@ NAT nat44 nat64 nat66 + cgnat diff --git a/docs/configuration/nat/nat44.rst b/docs/configuration/nat/nat44.rst index 98b230a9..68854c16 100644 --- a/docs/configuration/nat/nat44.rst +++ b/docs/configuration/nat/nat44.rst @@ -668,10 +668,10 @@ We will use source and destination address for hash generation. set nat destination rule 10 destination port 80 set nat destination rule 10 load-balance hash source-address set nat destination rule 10 load-balance hash destination-address - set nat destination rule 10 laod-balance backend 198.51.100.101 weight 30 - set nat destination rule 10 laod-balance backend 198.51.100.102 weight 20 - set nat destination rule 10 laod-balance backend 198.51.100.103 weight 15 - set nat destination rule 10 laod-balance backend 198.51.100.104 weight 35 + set nat destination rule 10 load-balance backend 198.51.100.101 weight 30 + set nat destination rule 10 load-balance backend 198.51.100.102 weight 20 + set nat destination rule 10 load-balance backend 198.51.100.103 weight 15 + set nat destination rule 10 load-balance backend 198.51.100.104 weight 35 Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. diff --git a/docs/configuration/pki/index.rst b/docs/configuration/pki/index.rst index 8fd6fbe8..0ead198f 100644 --- a/docs/configuration/pki/index.rst +++ b/docs/configuration/pki/index.rst @@ -8,7 +8,7 @@ PKI ### -VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the +VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions @@ -120,12 +120,12 @@ OpenVPN .. opcmd:: generate pki openvpn shared-secret - Genearate a new OpenVPN shared secret. The generated secret is the output to + Generate a new OpenVPN shared secret. The generated secret is the output to the console. .. opcmd:: generate pki openvpn shared-secret install <name> - Genearate a new OpenVPN shared secret. The generated secret is the output to + Generate a new OpenVPN shared secret. The generated secret is the output to the console. .. include:: pki_cli_import_help.txt @@ -163,7 +163,7 @@ WireGuard the output from op-mode into configuration mode. ``peer`` is used for the VyOS CLI command to identify the WireGuard peer where - this secred is to be used. + this secret is to be used. Key usage (CLI) =============== @@ -365,3 +365,124 @@ also to display them. .. opcmd:: renew certbot Manually trigger certificate renewal. This will be done twice a day. + +Examples +======== + +Create a CA chain and leaf certificates +------------------------------------- + +This configuration generates & installs into the VyOS PKI system a root +certificate authority, alongside two intermediary certificate authorities for +client & server certificates. These CAs are then used to generate a server +certificate for the router, and a client certificate for a user. + + +* ``vyos_root_ca`` is the root certificate authority. + +* ``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, + which are signed by the root CA. + +* ``vyos_cert`` is a leaf server certificate used to identify the VyOS router, + signed by the server intermediary CA. + +* ``vyos_example_user`` is a leaf client certificate used to identify a user, + signed by client intermediary CA. + + +First, we create the root certificate authority. + +.. code-block:: none + + [edit] + vyos@vyos# run generate pki ca install vyos_root_ca + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) VyOS Root CA + Enter how many days certificate will be valid: (Default: 1825) 1825 + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. + +Secondly, we create the intermediary certificate authorities, which are used to +sign the leaf certificates. + +.. code-block:: none + + [edit] + vyos@vyos# run generate pki ca sign vyos_root_ca install vyos_server_ca + Do you already have a certificate request? [y/N] n + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) VyOS Intermediary Server CA + Enter how many days certificate will be valid: (Default: 1825) 1095 + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. + + + [edit] + vyos@vyos# run generate pki ca sign vyos_root_ca install vyos_client_ca + Do you already have a certificate request? [y/N] n + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) VyOS Intermediary Client CA + Enter how many days certificate will be valid: (Default: 1825) 1095 + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. + +Lastly, we can create the leaf certificates that devices and users will utilise. + +.. code-block:: none + + [edit] + vyos@vyos# run generate pki certificate sign vyos_server_ca install vyos_cert + Do you already have a certificate request? [y/N] n + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) vyos.net + Do you want to configure Subject Alternative Names? [y/N] y + Enter alternative names in a comma separate list, example: ipv4:1.1.1.1,ipv6:fe80::1,dns:vyos.net + Enter Subject Alternative Names: dns:vyos.net,dns:www.vyos.net + Enter how many days certificate will be valid: (Default: 365) 365 + Enter certificate type: (client, server) (Default: server) server + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. + + + [edit] + vyos@vyos# run generate pki certificate sign vyos_client_ca install vyos_example_user + Do you already have a certificate request? [y/N] n + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) Example User + Do you want to configure Subject Alternative Names? [y/N] y + Enter alternative names in a comma separate list, example: ipv4:1.1.1.1,ipv6:fe80::1,dns:vyos.net,rfc822:user@vyos.net + Enter Subject Alternative Names: rfc822:example.user@vyos.net + Enter how many days certificate will be valid: (Default: 365) 365 + Enter certificate type: (client, server) (Default: server) client + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. diff --git a/docs/configuration/policy/route.rst b/docs/configuration/policy/route.rst index 1a85ffc6..45975774 100644 --- a/docs/configuration/policy/route.rst +++ b/docs/configuration/policy/route.rst @@ -19,8 +19,8 @@ from 1 - 999999, at the first match the action of the rule will be executed. Provide a rule-set description. -.. cfgcmd:: set policy route <name> enable-default-log -.. cfgcmd:: set policy route6 <name> enable-default-log +.. cfgcmd:: set policy route <name> default-log +.. cfgcmd:: set policy route6 <name> default-log Option to log packets hitting default-action. @@ -271,4 +271,4 @@ setting a different routing table. .. cfgcmd:: set policy route <name> rule <n> set tcp-mss <500-1460> .. cfgcmd:: set policy route6 <name> rule <n> set tcp-mss <500-1460> - Set packet modifications: Explicitly set TCP Maximum segment size value.
\ No newline at end of file + Set packet modifications: Explicitly set TCP Maximum segment size value. diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst index 1f779d0a..9b954965 100644 --- a/docs/configuration/protocols/isis.rst +++ b/docs/configuration/protocols/isis.rst @@ -12,7 +12,7 @@ interior gateway protocol (IGP) which is described in ISO10589, algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology -information with their directly conencted neighbors. IS-IS runs directly on +information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is @@ -39,7 +39,7 @@ occur within IS-IS when it comes to said duplication. .. cfgcmd:: set protocols isis net <network-entity-title> - This commad sets network entity title (NET) provided in ISO format. + This command sets network entity title (NET) provided in ISO format. Here is an example :abbr:`NET (Network Entity Title)` value: @@ -52,9 +52,9 @@ occur within IS-IS when it comes to said duplication. * :abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing. - * Area identifier: ``0001`` IS-IS area number (numberical area ``1``) + * Area identifier: ``0001`` IS-IS area number (numerical area ``1``) - * System identifier: ``1921.6800.1002`` - for system idetifiers we recommend + * System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The diff --git a/docs/configuration/service/broadcast-relay.rst b/docs/configuration/service/broadcast-relay.rst index b6e2bed7..f64bb208 100644 --- a/docs/configuration/service/broadcast-relay.rst +++ b/docs/configuration/service/broadcast-relay.rst @@ -20,7 +20,7 @@ Configuration .. cfgcmd:: set service broadcast-relay id <n> description <description> A description can be added for each and every unique relay ID. This is - useful to distinguish between multiple different ports/appliactions. + useful to distinguish between multiple different ports/applications. .. cfgcmd:: set service broadcast-relay id <n> interface <interface> @@ -35,7 +35,7 @@ Configuration .. cfgcmd:: set service broadcast-relay id <n> port <port> - The UDP port number used by your apllication. It is mandatory for this kind + The UDP port number used by your application. It is mandatory for this kind of operation. .. cfgcmd:: set service broadcast-relay id <n> disable diff --git a/docs/configuration/service/config-sync.rst b/docs/configuration/service/config-sync.rst new file mode 100644 index 00000000..d0449a78 --- /dev/null +++ b/docs/configuration/service/config-sync.rst @@ -0,0 +1,114 @@ +.. _config-sync: + +########### +Config Sync +########### + +Configuration synchronization (config sync) is a feature of VyOS that +permits synchronization of the configuration of one VyOS router to +another in a network. + +The main benefit to configuration synchronization is that it eliminates having +to manually replicate configuration changes made on the primary router to the +secondary (replica) router. + +The writing of the configuration to the secondary router is performed through +the VyOS HTTP API. The user can specify which portion(s) of the configuration will +be synchronized and the mode to use - whether to replace or add. + +To prevent issues with divergent configurations between the pair of routers, +synchronization is strictly unidirectional from primary to replica. Both +routers should be online and run the same version of VyOS. + +Configuration +------------- + +.. cfgcmd:: set service config-sync secondary + <address|key|timeout|port> + + Specify the address, API key, timeout and port of the secondary router. + You need to enable and configure the HTTP API service on the secondary + router for config sync to operate. + +.. cfgcmd:: set service config-sync section <section> + + Specify the section of the configuration to synchronize. If more than one + section is to be synchronized, repeat the command to add additional + sections as required. + +.. cfgcmd:: set service config-sync mode <load|set> + + Two options are available for `mode`: either `load` and replace or `set` + the configuration section. + +.. code-block:: none + + Supported options for <section> include: + firewall + interfaces <interface> + nat + nat66 + pki + policy + protocols <protocol> + qos <interface|policy> + service <service> + system <conntrack| + flow-accounting|option|sflow|static-host-mapping|sysctl|time-zone> + vpn + vrf + +Example +------- +* Synchronize the time-zone and OSPF configuration from Router A to Router B +* The address of Router B is 10.0.20.112 and the port used is 8443 + +Configure the HTTP API service on Router B + +.. code-block:: none + + set service https listen-address '10.0.20.112' + set service https port '8443' + set service https api keys id KID key 'foo' + +Configure the config-sync service on Router A + +.. code-block:: none + + set service config-sync mode 'load' + set service config-sync secondary address '10.0.20.112' + set service config-sync secondary port '8443' + set service config-sync secondary key 'foo' + set service config-sync section protocols 'ospf' + set service config-sync section system 'time-zone' + +Make config-sync relevant changes to Router A's configuration + +.. code-block:: none + + vyos@vyos-A# set system time-zone 'America/Los_Angeles' + vyos@vyos-A# commit + INFO:vyos_config_sync:Config synchronization: Mode=load, + Secondary=10.0.20.112 + vyos@vyos-A# save + + vyos@vyos-A# set protocols ospf area 0 network '10.0.48.0/30' + vyos@vyos-A# commit + INFO:vyos_config_sync:Config synchronization: Mode=load, + Secondary=10.0.20.112 + yos@vyos-A# save + +Verify configuration changes have been replicated to Router B + +.. code-block:: none + + vyos@vyos-B:~$ show configuration commands | match time-zone + set system time-zone 'America/Los_Angeles' + + vyos@vyos-B:~$ show configuration commands | match ospf + set protocols ospf area 0 network '10.0.48.0/30' + +Known issues +------------ +Configuration resynchronization. With the current implementation of `service +config-sync`, the secondary node must be online. diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index db23c92f..232db1a8 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -29,7 +29,7 @@ will be mandatorily defragmented. It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the -"peer" keywork after the specificed interface, as in the following example: +"peer" keywork after the specified interface, as in the following example: :cfgcmd:`set service conntrack-sync interface eth0 peer 192.168.0.250` @@ -204,7 +204,7 @@ Now configure conntrack-sync service on ``router1`` **and** ``router2`` .. code-block:: none - set high-availablilty vrrp group internal virtual-address ... etc ... + set high-availability vrrp group internal virtual-address ... etc ... set high-availability vrrp sync-group syncgrp member 'internal' set service conntrack-sync accept-protocol 'tcp' set service conntrack-sync accept-protocol 'udp' diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index 973c5355..af397456 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -53,7 +53,11 @@ Configuration .. cfgcmd:: set service https vrf <name> - Start Webserver in given VRF. + Start Webserver in given VRF. + +.. cfgcmd:: set service https request-body-size-limit <size> + + Set the maximum request body size in megabytes. Default is 1MB. API === @@ -70,7 +74,36 @@ API .. cfgcmd:: set service https api strict - Enforce strict path checking + Enforce strict path checking. + +.. cfgcmd:: set service https api cors allow-origin <origin> + + Allow cross-origin requests from `<origin>`. + +GraphQL +======= + +.. cfgcmd:: set service https api graphql introspection + + Enable GraphQL Schema introspection. + +.. note:: Do not leave introspection enabled in production, it is a security risk. + +.. cfgcmd:: set service https api graphql authentication type <key | token> + + Set the authentication type for GraphQL, default option is key. Available options are: + + * ``key`` use API keys configured in ``service https api keys`` + + * ``token`` use JWT tokens. + +.. cfgcmd:: set service https api graphql authentication expiration + + Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. + +.. cfgcmd:: set service https api graphql authentication secret-length + + Set the byte length of the JWT secret. Default is 32. ********************* Example Configuration diff --git a/docs/configuration/service/ids.rst b/docs/configuration/service/ids.rst index 3e508d50..8a64467f 100644 --- a/docs/configuration/service/ids.rst +++ b/docs/configuration/service/ids.rst @@ -33,7 +33,7 @@ Configuration Configure direction for processing traffic. .. cfgcmd:: set service ids ddos-protection exclude-network <x.x.x.x/x> -.. cfgcmd:: set service ids ddos-protection exlude-network <h:h:h:h:h:h:h:h/x> +.. cfgcmd:: set service ids ddos-protection exclude-network <h:h:h:h:h:h:h:h/x> Specify IPv4 and/or IPv6 networks which are going to be excluded. @@ -56,7 +56,7 @@ Configuration .. cfgcmd:: set service ids ddos-protection sflow port <1-65535> - Configure port number to be used for sflow conection. Default port is 6343. + Configure port number to be used for sflow connection. Default port is 6343. .. cfgcmd:: set service ids ddos-protection threshold general [fps | mbps | pps] <0-4294967294> @@ -96,7 +96,7 @@ In this simplified scenario, main things to be considered are: * Interface **eth0** used to connect to upstream. Since we are analyzing attacks to and from our internal network, two types -of attacks can be identified, and differents actions are needed: +of attacks can be identified, and different actions are needed: * External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst index 56ce55eb..abb77ef4 100644 --- a/docs/configuration/service/index.rst +++ b/docs/configuration/service/index.rst @@ -8,6 +8,7 @@ Service :includehidden: broadcast-relay + config-sync conntrack-sync console-server dhcp-relay diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index 64048552..ef06bcd5 100644 --- a/docs/configuration/service/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -26,13 +26,13 @@ functionality as PPPoE, but in a less robust manner. Configuring IPoE Server *********************** -IPoE can be configure on different interfaces, it will depend on each specific -situation which interface will provide IPoE to clients. The clients mac address +IPoE can be configured on different interfaces, it will depend on each specific +situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client. The example configuration below will assign an IP to the client on the incoming -interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP +interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration. @@ -85,12 +85,11 @@ the configuration. .. cfgcmd:: set service ipoe-server interface <interface> mode <l2 | l3> - Set authentication backend. The configured authentication backend is used - for all queries. + Specifies the client connectivity mode. * **l2**: It means that clients are on same network where interface is.**(default)** - * **local**: It means that client are behind some router. + * **l3**: It means that client are behind some router. .. cfgcmd:: set service ipoe-server interface <interface> network <shared | vlan> @@ -279,7 +278,7 @@ IPv6 .. code-block:: none set service ipoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set service ipoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service ipoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set service ipoe-server default-ipv6-pool IPv6-POOL ********* @@ -434,7 +433,7 @@ Toubleshooting .. code-block:: none - vyos@vyos:~$sudo journalctl -u accel-ppp@ipoe -b 0 + vyos@vyos:~$ show log ipoe-server Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:: recv [DHCPv4 Discover xid=55df9228 chaddr=0c:98:bd:b8:00:01 <Message-Type Discover> <Request-IP 192.168.0.3> <Host-Name vyos> <Request-List Subnet,Broadcast,Router,DNS,Classless-Route,Domain-Name,MTU>] Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: eth1.100: authentication succeeded @@ -447,4 +446,4 @@ Toubleshooting .. include:: /_include/common-references.txt .. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911 -.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel
\ No newline at end of file +.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst index e7ee392b..266376cf 100644 --- a/docs/configuration/service/ntp.rst +++ b/docs/configuration/service/ntp.rst @@ -46,9 +46,9 @@ Configuration There are 3 default NTP server set. You are able to change them. - * ``0.pool.ntp.org`` - * ``1.pool.ntp.org`` - * ``2.pool.ntp.org`` + * ``time1.vyos.net`` + * ``time2.vyos.net`` + * ``time3.vyos.net`` .. cfgcmd:: set service ntp server <address> <noselect | nts | pool | prefer> @@ -85,7 +85,7 @@ Configuration .. cfgcmd:: set service ntp leap-second [ignore|smear|system|timezone] - Define how to handle leaf-seonds. + Define how to handle leap-seconds. * `ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index 99b3fbb5..6d818c70 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -24,7 +24,6 @@ Configuring PPPoE Server set service pppoe-server authentication local-users username test password 'test' set service pppoe-server client-ip-pool PPPOE-POOL range 192.168.255.2-192.168.255.254 set service pppoe-server default-pool 'PPPOE-POOL' - set service pppoe-server outside-address 192.0.2.2 set service pppoe-server gateway-address 192.168.255.1 set service pppoe-server interface eth0 @@ -49,7 +48,8 @@ Configuring PPPoE Server Create `<user>` for local authentication on this system. The users password will be set to `<pass>`. -.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x> +.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> + range <x.x.x.x-x.x.x.x | x.x.x.x/x> Use this command to define the first IP address of a pool of addresses to be given to pppoe clients. If notation ``x.x.x.x-x.x.x.x``, @@ -85,7 +85,8 @@ accounts again. set service pppoe-server authentication mode radius -.. cfgcmd:: set service pppoe-server authentication radius server <server> key <secret> +.. cfgcmd:: set service pppoe-server authentication radius + server <server> key <secret> Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server. @@ -109,7 +110,8 @@ If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface. -.. cfgcmd:: set service pppoe-server authentication radius source-address <address> +.. cfgcmd:: set service pppoe-server authentication radius + source-address <address> Source IPv4 address used in all RADIUS server queires. @@ -119,57 +121,70 @@ to a single source IP e.g. the loopback interface. RADIUS advanced options ======================= -.. cfgcmd:: set service pppoe-server authentication radius server <server> port <port> +.. cfgcmd:: set service pppoe-server authentication radius + server <server> port <port> Configure RADIUS `<server>` and its required port for authentication requests. -.. cfgcmd:: set service pppoe-server authentication radius server <server> fail-time <time> +.. cfgcmd:: set service pppoe-server authentication radius + server <server> fail-time <time> Mark RADIUS server as offline for this given `<time>` in seconds. -.. cfgcmd:: set service pppoe-server authentication radius server <server> disable +.. cfgcmd:: set service pppoe-server authentication radius + server <server> disable Temporary disable this RADIUS server. -.. cfgcmd:: set service pppoe-server authentication radius acct-timeout <timeout> +.. cfgcmd:: set service pppoe-server authentication radius + acct-timeout <timeout> Timeout to wait reply for Interim-Update packets. (default 3 seconds) -.. cfgcmd:: set service pppoe-server authentication radius dynamic-author server <address> +.. cfgcmd:: set service pppoe-server authentication radius + dynamic-author server <address> Specifies IP address for Dynamic Authorization Extension server (DM/CoA) -.. cfgcmd:: set service pppoe-server authentication radius dynamic-author port <port> +.. cfgcmd:: set service pppoe-server authentication radius + dynamic-author port <port> Port for Dynamic Authorization Extension server (DM/CoA) -.. cfgcmd:: set service pppoe-server authentication radius dynamic-author key <secret> +.. cfgcmd:: set service pppoe-server authentication radius dynamic-author + key <secret> Secret for Dynamic Authorization Extension server (DM/CoA) -.. cfgcmd:: set service pppoe-server authentication radius max-try <number> +.. cfgcmd:: set service pppoe-server authentication radius + max-try <number> Maximum number of tries to send Access-Request/Accounting-Request queries -.. cfgcmd:: set service pppoe-server authentication radius timeout <timeout> +.. cfgcmd:: set service pppoe-server authentication radius + timeout <timeout> Timeout to wait response from server (seconds) -.. cfgcmd:: set service pppoe-server authentication radius nas-identifier <identifier> +.. cfgcmd:: set service pppoe-server authentication radius + nas-identifier <identifier> Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. -.. cfgcmd:: set service pppoe-server authentication radius nas-ip-address <address> +.. cfgcmd:: set service pppoe-server authentication radius + nas-ip-address <address> Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. -.. cfgcmd:: set service pppoe-server authentication radius source-address <address> +.. cfgcmd:: set service pppoe-server authentication radius + source-address <address> Source IPv4 address used in all RADIUS server queires. -.. cfgcmd:: set service pppoe-server authentication radius rate-limit attribute <attribute> +.. cfgcmd:: set service pppoe-server authentication radius + rate-limit attribute <attribute> Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``. @@ -177,11 +192,13 @@ RADIUS advanced options .. note:: If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client. -.. cfgcmd:: set service pppoe-server authentication radius rate-limit enable +.. cfgcmd:: set service pppoe-server authentication radius + rate-limit enable Enables bandwidth shaping via RADIUS. -.. cfgcmd:: set service pppoe-server authentication radius rate-limit vendor +.. cfgcmd:: set service pppoe-server authentication radius + rate-limit vendor Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius. @@ -193,25 +210,27 @@ Allocation clients ip addresses by RADIUS ========================================= If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP -address will be allocated to the client and the option ``default-pool`` within the CLI -config is being ignored. +address will be allocated to the client and the option ``default-pool`` +within the CLI config is being ignored. -If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated -from a predefined IP pool whose name equals the attribute value. +If the RADIUS server sends the attribute ``Framed-Pool``, IP address will +be allocated from a predefined IP pool whose name equals the attribute value. -If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address -will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value. +If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, +IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` +whose name equals the attribute value. -If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 -delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` +If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, +IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value. -.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in - RFC6911. If they are not defined in your RADIUS server, add new dictionary_. +.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` + are defined in RFC6911. If they are not defined in your RADIUS server, + add new dictionary_. -User interface can be put to VRF context via RADIUS Access-Accept packet, or change -it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. -Define it in your RADIUS server. +User interface can be put to VRF context via RADIUS Access-Accept packet, +or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. +It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server. Renaming clients interfaces by RADIUS ===================================== @@ -256,13 +275,13 @@ attributes. For Local Users =============== -.. cfgcmd:: set service pppoe-server authentication local-users username <user> rate-limit - download <bandwidth> +.. cfgcmd:: set service pppoe-server authentication local-users username + <user> rate-limit download <bandwidth> Download bandwidth limit in kbit/s for `<user>`. -.. cfgcmd:: set service pppoe-server authentication local-users username <user> rate-limit - upload <bandwidth> +.. cfgcmd:: set service pppoe-server authentication local-users username + <user> rate-limit upload <bandwidth> Upload bandwidth limit in kbit/s for `<user>`. @@ -340,7 +359,8 @@ other servers. Last command says that this PPPoE server can serve only IPv6 **** -.. cfgcmd:: set service pppoe-server ppp-options ipv6 <require | prefer | allow | deny> +.. cfgcmd:: set service pppoe-server ppp-options + ipv6 <require | prefer | allow | deny> Specifies IPv6 negotiation preference. @@ -349,16 +369,16 @@ IPv6 * **allow** - Negotiate IPv6 only if client requests * **deny** - Do not negotiate IPv6 (default value) -.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> prefix <address> - mask <number-of-bits> +.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> + prefix <address> mask <number-of-bits> Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64. -.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> delegate <address> - delegation-prefix <number-of-bits> +.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> + delegate <address> delegation-prefix <number-of-bits> Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the @@ -374,7 +394,7 @@ IPv6 set service pppoe-server ppp-options ipv6 allow set service pppoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set service pppoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service pppoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set service pppoe-server default-ipv6-pool IPv6-POOL IPv6 Advanced Options @@ -383,7 +403,8 @@ IPv6 Advanced Options Accept peer interface identifier. By default is not defined. -.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id <random | x:x:x:x> +.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id + <random | x:x:x:x> Specifies fixed or random interface identifier for IPv6. By default is fixed. @@ -391,7 +412,8 @@ IPv6 Advanced Options * **random** - Random interface identifier for IPv6 * **x:x:x:x** - Specify interface identifier for IPv6 -.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id <random | x:x:x:x> +.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id + <random | x:x:x:x> Specifies peer interface identifier for IPv6. By default is fixed. @@ -427,12 +449,13 @@ Advanced Options Authentication Advanced Options =============================== -.. cfgcmd:: set service pppoe-server authentication local-users username <user> disable +.. cfgcmd:: set service pppoe-server authentication local-users + username <user> disable Disable `<user>` account. -.. cfgcmd:: set service pppoe-server authentication local-users username <user> static-ip - <address> +.. cfgcmd:: set service pppoe-server authentication local-users + username <user> static-ip <address> Assign static IP address to `<user>` account. @@ -445,7 +468,8 @@ Authentication Advanced Options Client IP Pool Advanced Options =============================== -.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME> +.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> + next-pool <NEXT-POOL-NAME> Use this command to define the next address pool name. @@ -465,7 +489,8 @@ PPP Advanced Options This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**. -.. cfgcmd:: set service pppoe-server ppp-options ipv4 <require | prefer | allow | deny> +.. cfgcmd:: set service pppoe-server ppp-options ipv4 + <require | prefer | allow | deny> Specifies IPv4 negotiation preference. @@ -653,5 +678,7 @@ a /56 subnet for the clients internal use. ppp0 | test | 192.168.0.1 | 2001:db8:8002:0:200::/64 | 2001:db8:8003::1/56 | 00:53:00:12:42:eb | | active | 00:00:49 | 875 B | 2.1 KiB .. include:: /_include/common-references.txt -.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911 -.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel
\ No newline at end of file +.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/ + accel-pppd/radius/dict/dictionary.rfc6911 +.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/ + blob/master/accel-pppd/radius/dict/dictionary.accel
\ No newline at end of file diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst index ca558b6a..8f984b10 100644 --- a/docs/configuration/service/router-advert.rst +++ b/docs/configuration/service/router-advert.rst @@ -38,7 +38,7 @@ Configuration "Cur Hop Limit", "hop-limit", "Hop count field of the outgoing RA packets" """Managed address configuration"" flag", "managed-flag", "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" """Other configuration"" flag", "other-config-flag", "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information" - "MTU","link-mtu","Link MTU value placed in RAs, exluded in RAs if unset" + "MTU","link-mtu","Link MTU value placed in RAs, excluded in RAs if unset" "Router Lifetime","default-lifetime","Lifetime associated with the default router in units of seconds" "Reachable Time","reachable-time","Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation" "Retransmit Timer","retrans-timer","Time in milliseconds between retransmitted Neighbor Solicitation messages" diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst index aa747c36..8638246b 100644 --- a/docs/configuration/service/salt-minion.rst +++ b/docs/configuration/service/salt-minion.rst @@ -17,7 +17,7 @@ Requirements ************ To use the Salt-Minion, a running Salt-Master is required. You can find more -in the `Salt Poject Documentaion +in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_ ************* diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst index 6ed5fef7..1401e02e 100644 --- a/docs/configuration/system/conntrack.rst +++ b/docs/configuration/system/conntrack.rst @@ -94,7 +94,7 @@ states. .. cfgcmd:: set system conntrack timeout udp stream <1-21474836> :defaultvalue: - Set the timeout in secounds for a protocol or state. + Set the timeout in seconds for a protocol or state. You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to @@ -172,7 +172,7 @@ create a rule defining the packet and flow selector. .. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> protocol udp unreplied <1-21474836> - Set the timeout in secounds for a protocol or state in a custom rule. + Set the timeout in seconds for a protocol or state in a custom rule. Conntrack ignore rules ====================== diff --git a/docs/configuration/system/flow-accounting.rst b/docs/configuration/system/flow-accounting.rst index 8d46b178..30d6fc4d 100644 --- a/docs/configuration/system/flow-accounting.rst +++ b/docs/configuration/system/flow-accounting.rst @@ -50,7 +50,7 @@ interface, the interface must be configured for flow accounting. Configure and enable collection of flow information for the interface identified by `<interface>`. - You can configure multiple interfaces which whould participate in flow + You can configure multiple interfaces which would participate in flow accounting. .. note:: Will be recorded only packets/flows on **incoming** direction in diff --git a/docs/configuration/system/host-name.rst b/docs/configuration/system/host-name.rst index d062fc62..4d1567bf 100644 --- a/docs/configuration/system/host-name.rst +++ b/docs/configuration/system/host-name.rst @@ -65,4 +65,4 @@ This section shows how to statically map an IP address to a hostname for local Thus the address configured as :cfgcmd:`set system static-host-mapping host-name <hostname> inet <address>` can be reached via multiple names. - Multiple aliases can pe specified per host-name. + Multiple aliases can be specified per host-name. diff --git a/docs/configuration/system/ip.rst b/docs/configuration/system/ip.rst index 279630e2..a422388f 100644 --- a/docs/configuration/system/ip.rst +++ b/docs/configuration/system/ip.rst @@ -30,7 +30,7 @@ System configuration commands Zebra/Kernel route filtering ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Zebra supports prefix-lists and Route Mapss to match routes received from +Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel. @@ -48,7 +48,7 @@ Nexthop Tracking Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if -you do not wan't to e.g. allow BGP to peer across the default route. +you do not want to e.g. allow BGP to peer across the default route. .. cfgcmd:: set system ip nht no-resolve-via-default diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst index d8d3c4c9..cde7a2aa 100644 --- a/docs/configuration/system/ipv6.rst +++ b/docs/configuration/system/ipv6.rst @@ -26,7 +26,7 @@ System configuration commands Zebra/Kernel route filtering ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Zebra supports prefix-lists and Route Mapss to match routes received from +Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel. @@ -44,7 +44,7 @@ Nexthop Tracking Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if -you do not wan't to e.g. allow BGP to peer across the default route. +you do not want to e.g. allow BGP to peer across the default route. .. cfgcmd:: set system ipv6 nht no-resolve-via-default diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst index 02c889dd..44c66186 100644 --- a/docs/configuration/system/option.rst +++ b/docs/configuration/system/option.rst @@ -88,7 +88,7 @@ Keyboard Layout *************** When starting a VyOS live system (the installation CD) the configured keyboard -layout defaults to US. As this might not suite everyones use case you can adjust +layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console. .. cfgcmd:: set system option keyboard-layout <us | fr | de | fi | no | dk> diff --git a/docs/configuration/system/sflow.rst b/docs/configuration/system/sflow.rst index c2cf5a80..0c8bf03b 100644 --- a/docs/configuration/system/sflow.rst +++ b/docs/configuration/system/sflow.rst @@ -29,7 +29,7 @@ Configuration Configure and enable collection of flow information for the interface identified by <interface>. - You can configure multiple interfaces which whould participate in sflow accounting. + You can configure multiple interfaces which would participate in sflow accounting. .. cfgcmd:: set system sflow polling <sec> diff --git a/docs/configuration/system/syslog.rst b/docs/configuration/system/syslog.rst index 8755d905..cc7ac676 100644 --- a/docs/configuration/system/syslog.rst +++ b/docs/configuration/system/syslog.rst @@ -45,7 +45,7 @@ Custom File .. cfgcmd:: set system syslog file <filename> archive file <number> - Syslog uses logrotate to rotate logiles after a number of gives bytes. + Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system. @@ -200,7 +200,7 @@ Display Logs .. opcmd:: show log [all | authorization | cluster | conntrack-sync | ...] Display log files of given category on the console. Use tab completion to get - a list of available categories. Thos categories could be: all, authorization, + a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp diff --git a/docs/configuration/system/task-scheduler.rst b/docs/configuration/system/task-scheduler.rst index 382da39f..4a754ba3 100644 --- a/docs/configuration/system/task-scheduler.rst +++ b/docs/configuration/system/task-scheduler.rst @@ -7,7 +7,7 @@ Task Scheduler The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_. -.. note:: All scripts excecuted this way are executed as root user - this may +.. note:: All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration. diff --git a/docs/configuration/trafficpolicy/index.rst b/docs/configuration/trafficpolicy/index.rst index 3463592f..f99c2a66 100644 --- a/docs/configuration/trafficpolicy/index.rst +++ b/docs/configuration/trafficpolicy/index.rst @@ -368,7 +368,7 @@ are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head. -This is the policy that requieres the lowest resources for the same +This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.** @@ -504,7 +504,7 @@ and increase `interval` to something around 150 ms. the number of sub-queues (default: 1024) into which packets are classified. -.. cfgcmd:: set qos policy fq-codel <policy name> interval <miliseconds> +.. cfgcmd:: set qos policy fq-codel <policy name> interval <milliseconds> Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a @@ -518,7 +518,7 @@ and increase `interval` to something around 150 ms. define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets). -.. cfgcmd:: set qos policy fq-codel <policy-name> target <miliseconds> +.. cfgcmd:: set qos policy fq-codel <policy-name> target <milliseconds> Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This @@ -710,7 +710,7 @@ continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases. -.. note:: In Priority Queue we do not define clases with a meaningless +.. note:: In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority. @@ -912,7 +912,7 @@ In principle, values must be Rate Control ------------ -| **Queueing discipline:** Tocken Bucket Filter. +| **Queueing discipline:** Token Bucket Filter. | **Applies to:** Outbound traffic. Rate-Control is a classless policy that limits the packet flow to a set @@ -1145,6 +1145,74 @@ A simple example of Shaper using priorities. set qos policy shaper MY-HTB default priority '7' set qos policy shaper MY-HTB default queue-type 'fair-queue' +.. _CAKE: + +CAKE +------ + +| **Queueing discipline:** Deficit mode. +| **Applies to:** Outbound traffic. + +`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management +system, implemented as a queue discipline (qdisc) for the Linux kernel. It is +designed to replace and improve upon the complex hierarchy of simple qdiscs +presently required to effectively tackle the bufferbloat problem at the network +edge. + +.. cfgcmd:: set qos policy cake <text> bandwidth <value> + + Set the shaper bandwidth, either as an explicit bitrate or a percentage + of the interface bandwidth. + +.. cfgcmd:: set qos policy cake <text> description + + Set a description for the shaper. + +.. cfgcmd:: set qos policy cake <text> flow-isolation blind + + Disables flow isolation, all traffic passes through a single queue. + +.. cfgcmd:: set qos policy cake <text> flow-isolation dst-host + + Flows are defined only by destination address. + +.. cfgcmd:: set qos policy cake <text> flow-isolation dual-dst-host + + Flows are defined by the 5-tuple. Fairness is applied first over destination + addresses, then over individual flows. + +.. cfgcmd:: set qos policy cake <text> flow-isolation dual-src-host + + Flows are defined by the 5-tuple. Fairness is applied first over source + addresses, then over individual flows. + +.. cfgcmd:: set qos policy cake <text> flow-isolation flow + + Flows are defined by the entire 5-tuple (source IP address, source port, + destination IP address, destination port, transport protocol). + +.. cfgcmd:: set qos policy cake <text> flow-isolation host + + Flows are defined by source-destination host pairs. + +.. cfgcmd:: set qos policy cake <text> flow-isolation nat + + Perform NAT lookup before applying flow-isolation rules. + +.. cfgcmd:: set qos policy cake <text> flow-isolation src-host + + Flows are defined only by source address. + +.. cfgcmd:: set qos policy cake <text> flow-isolation triple-isolate + + **(Default)** Flows are defined by the 5-tuple, fairness is applied over source and + destination addresses and also over individual flows. + +.. cfgcmd:: set qos policy cake <text> rtt + + Defines the round-trip time used for active queue management (AQM) in + milliseconds. The default value is 100. + Applying a traffic policy ========================= @@ -1220,5 +1288,6 @@ That is how it is possible to do the so-called "ingress shaping". .. _tocken bucket: https://en.wikipedia.org/wiki/Token_bucket .. _HFSC: https://en.wikipedia.org/wiki/Hierarchical_fair-service_curve .. _Intermediate Functional Block: https://www.linuxfoundation.org/collaborate/workgroups/networking/ifb +.. _Common Applications Kept Enhanced: https://www.bufferbloat.net/projects/codel/wiki/Cake/ .. start_vyoslinter diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index f0c60ec1..b64c91a9 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -318,7 +318,7 @@ IPv6 set vpn l2tp remote-access ppp-options ipv6 allow set vpn l2tp remote-access client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set vpn l2tp remote-access client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set vpn l2tp remote-access client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set vpn l2tp remote-access default-ipv6-pool IPv6-POOL IPv6 Advanced Options diff --git a/docs/configuration/vpn/pptp.rst b/docs/configuration/vpn/pptp.rst index 2a5e7731..5220929f 100644 --- a/docs/configuration/vpn/pptp.rst +++ b/docs/configuration/vpn/pptp.rst @@ -242,7 +242,7 @@ IPv6 set vpn pptp remote-access ppp-options ipv6 allow set vpn pptp remote-access client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set vpn pptp remote-access client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set vpn pptp remote-access client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set vpn pptp remote-access default-ipv6-pool IPv6-POOL IPv6 Advanced Options diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index 3749eb7b..cd064162 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -276,7 +276,7 @@ IPv6 set vpn sstp ppp-options ipv6 allow set vpn sstp client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set vpn sstp client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set vpn sstp client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set vpn sstp default-ipv6-pool IPv6-POOL IPv6 Advanced Options @@ -471,6 +471,11 @@ Global Advanced options Windows Internet Name Service (WINS) servers propagated to client +.. cfgcmd:: set vpn sstp host-name <hostname> + + If this option is given, only SSTP connections to the specified host + and with the same TLS SNI will be allowed. + *********************** Configuring SSTP client *********************** diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index 67eba886..0d6b895f 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -43,7 +43,7 @@ then enslaved to a VRF device. Zebra/Kernel route filtering ---------------------------- -Zebra supports prefix-lists and Route Mapss to match routes received from +Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel. @@ -72,7 +72,7 @@ Nexthop Tracking Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if -you do not wan't to e.g. allow BGP to peer across the default route. +you do not want to e.g. allow BGP to peer across the default route. .. cfgcmd:: set vrf name <name> ip nht no-resolve-via-default diff --git a/docs/contributing/testing.rst b/docs/contributing/testing.rst index 78860c06..f5d3db52 100644 --- a/docs/contributing/testing.rst +++ b/docs/contributing/testing.rst @@ -57,6 +57,9 @@ The script only searches for executable "test-cases" under .. note:: As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system. +.. note:: To enable smoketest debugging (print of the CLI set commands used) + you can run: ``touch /tmp/vyos.smoketest.debug``. + Manual Smoketest Run -------------------- diff --git a/docs/operation/raid.rst b/docs/operation/raid.rst index 30407718..642a7332 100644 --- a/docs/operation/raid.rst +++ b/docs/operation/raid.rst @@ -24,7 +24,7 @@ The VyOS implementation of RAID 1 allows the following: * The ability to replace a failed disk and initiate re-mirroring * The ability to monitor the status of remirroring -.. _raid_instalation: +.. _raid_installation: Installation Implications ========================= |